future prediction: network intrusion detection system in the cloud
DESCRIPTION
This group presentation is about the possible way of Netwrok Intrusion Detection System (NIDS) in cloud computing.TRANSCRIPT
![Page 1: Future Prediction: Network Intrusion Detection System in the cloud](https://reader034.vdocuments.us/reader034/viewer/2022051609/5454511bb1af9f80228b49f8/html5/thumbnails/1.jpg)
Systems and Application SecurityPresentation: Future Predictions of NIDS in the Cloud
SHU - Information Systems Security (SAS)
Chao-Yang Hsu (22033770)Nuwani Siriwardana (21053949)Scott Storey (15038397)Sedthakit Prasanphanich (22037820)
![Page 2: Future Prediction: Network Intrusion Detection System in the cloud](https://reader034.vdocuments.us/reader034/viewer/2022051609/5454511bb1af9f80228b49f8/html5/thumbnails/2.jpg)
Outline
Introduction - Deployment Strategies Challenges of integrating NIDS Management of NIDS in the cloud, how
many points do the manager should keep into the account
Example of Cloud provider in terms of NIDS implementation
Future PredictionSummary
SHU - Information Systems Security (SAS)
![Page 3: Future Prediction: Network Intrusion Detection System in the cloud](https://reader034.vdocuments.us/reader034/viewer/2022051609/5454511bb1af9f80228b49f8/html5/thumbnails/3.jpg)
Introduction - NIDS Deployment
NIDS
DMZ
NIDS
Behind the Firewall: 1. Highlights problems with the
network firewall policy2. Observes attacks that may
target the web servers inside DMZ.
3. Even if the incoming attack is not recognized, the IDS can sometimes recognize the outgoing traffic that results from the compromised server
Outside the Firewall: 1. Documents number of
and types of attacks originating on the Internet that target your network.
Intranet
SHU - Information Systems Security (SAS)
![Page 4: Future Prediction: Network Intrusion Detection System in the cloud](https://reader034.vdocuments.us/reader034/viewer/2022051609/5454511bb1af9f80228b49f8/html5/thumbnails/4.jpg)
NIDS Deployment
DMZ
On critical subnet or backbones: 1. Detects attacks targeting
your critical systems and applications.
2. Allows focusing of limited resources to the network assets considered of greatest value.
NIDS
EC Servers
SHU - Information Systems Security (SAS)
Reference: NIST Special Publication on Intrusion Detection Systems
NIDS
![Page 5: Future Prediction: Network Intrusion Detection System in the cloud](https://reader034.vdocuments.us/reader034/viewer/2022051609/5454511bb1af9f80228b49f8/html5/thumbnails/5.jpg)
NIDS Deployment - Global Organizations
London
NIDS
Collecting Logs and Alarms
Apply rules or U
pdate
Signatures
Chicago
NIDS
SHU - Information Systems Security (SAS)
Singapore
NIDS
![Page 6: Future Prediction: Network Intrusion Detection System in the cloud](https://reader034.vdocuments.us/reader034/viewer/2022051609/5454511bb1af9f80228b49f8/html5/thumbnails/6.jpg)
NIDS Deployment - in the Cloud ...
London
Singapore
NIDSNIDS
NIDS
plus Virtualization
SHU - Information Systems Security (SAS)
Host Machine
Virtual Machines
Traditional Implementation
Chicago
![Page 7: Future Prediction: Network Intrusion Detection System in the cloud](https://reader034.vdocuments.us/reader034/viewer/2022051609/5454511bb1af9f80228b49f8/html5/thumbnails/7.jpg)
NIDS Deployment - in the Cloud ...
London
Singapore
NIDSNIDS
NIDS
,Virtualization
plus On Demand Request
Pay-per use
Cloud Users
VM Templates
SHU - Information Systems Security (SAS)
Chicago
![Page 8: Future Prediction: Network Intrusion Detection System in the cloud](https://reader034.vdocuments.us/reader034/viewer/2022051609/5454511bb1af9f80228b49f8/html5/thumbnails/8.jpg)
Challenges of integrating NIDSDetection Techniques
◦ Both Signature or Anomaly based detection mechanism have their own strengths and weaknesses
The Changing Face of Expanding Networks ◦ Virtualization
Fundamental techniques in Cloud environment
◦ Computation Overhead Processing packets in a large or heavy load network
◦ Configuration Management Rule Sets and Signatures management policies
◦ Information and Events Management Incidents logs correlation and reporting
Application Level and Encrypted Traffics◦ HTTP Strict Transport Security becomes Internet standard
(ex: HTTPS)
SHU - Information Systems Security (SAS)
![Page 9: Future Prediction: Network Intrusion Detection System in the cloud](https://reader034.vdocuments.us/reader034/viewer/2022051609/5454511bb1af9f80228b49f8/html5/thumbnails/9.jpg)
How to ...
effectively deploy NIDSs into the Cloud?manage/operate NIDSs efficiently?
May need another key...
SHU - Information Systems Security (SAS)
new innovations and changes
![Page 10: Future Prediction: Network Intrusion Detection System in the cloud](https://reader034.vdocuments.us/reader034/viewer/2022051609/5454511bb1af9f80228b49f8/html5/thumbnails/10.jpg)
SHU - Information Systems Security (SAS)
Managing NIDSs in a Cloud . . . . . .
![Page 11: Future Prediction: Network Intrusion Detection System in the cloud](https://reader034.vdocuments.us/reader034/viewer/2022051609/5454511bb1af9f80228b49f8/html5/thumbnails/11.jpg)
SHU - Information Systems Security (SAS)
Applications
OS
Hardware
Applications
OS
Hardware
Applications
OS
Hardware
Virtualization
5 – 10 % usage
90- 95 % not
utilized
![Page 12: Future Prediction: Network Intrusion Detection System in the cloud](https://reader034.vdocuments.us/reader034/viewer/2022051609/5454511bb1af9f80228b49f8/html5/thumbnails/12.jpg)
SHU - Information Systems Security (SAS)
Applications
Guest OS
Applications
Guest OS
Applications
Guest OS
Virtualization
Hypervisor
Hardware
![Page 13: Future Prediction: Network Intrusion Detection System in the cloud](https://reader034.vdocuments.us/reader034/viewer/2022051609/5454511bb1af9f80228b49f8/html5/thumbnails/13.jpg)
SHU - Information Systems Security (SAS)
It’s Important…..
To deploy virtualization successfully
To provide functionality of an Network Intrusion Detection
System within a cloud environment
![Page 14: Future Prediction: Network Intrusion Detection System in the cloud](https://reader034.vdocuments.us/reader034/viewer/2022051609/5454511bb1af9f80228b49f8/html5/thumbnails/14.jpg)
SHU - Information Systems Security (SAS)
Managing an NIDS in a cloud is quite frustrating.
Number of hostsVirtualized environmentOnline security
![Page 15: Future Prediction: Network Intrusion Detection System in the cloud](https://reader034.vdocuments.us/reader034/viewer/2022051609/5454511bb1af9f80228b49f8/html5/thumbnails/15.jpg)
SHU - Information Systems Security (SAS)
When protecting a Cloud using an NIDS…
◦It is difficult to analyze logs
![Page 16: Future Prediction: Network Intrusion Detection System in the cloud](https://reader034.vdocuments.us/reader034/viewer/2022051609/5454511bb1af9f80228b49f8/html5/thumbnails/16.jpg)
SHU - Information Systems Security (SAS)
Cloud is a cloud. We cannot exactly trace and keep logs for what is happening inside it…….
![Page 17: Future Prediction: Network Intrusion Detection System in the cloud](https://reader034.vdocuments.us/reader034/viewer/2022051609/5454511bb1af9f80228b49f8/html5/thumbnails/17.jpg)
SHU - Information Systems Security (SAS)
Online Security
![Page 18: Future Prediction: Network Intrusion Detection System in the cloud](https://reader034.vdocuments.us/reader034/viewer/2022051609/5454511bb1af9f80228b49f8/html5/thumbnails/18.jpg)
SHU - Information Systems Security (SAS)
The security problems bring much more economic loss in Cloud Computing than in the other kind of systems.
Hackers are every
where
![Page 19: Future Prediction: Network Intrusion Detection System in the cloud](https://reader034.vdocuments.us/reader034/viewer/2022051609/5454511bb1af9f80228b49f8/html5/thumbnails/19.jpg)
SHU - Information Systems Security (SAS)
Security Issues
Cloud data confidentiality issue
Network based attacks on remote Server
Cloud security auditing
Lack of data interoperability standards
![Page 20: Future Prediction: Network Intrusion Detection System in the cloud](https://reader034.vdocuments.us/reader034/viewer/2022051609/5454511bb1af9f80228b49f8/html5/thumbnails/20.jpg)
SHU - Information Systems Security (SAS)
Finally,
We have to consider,◦ The size of the cloud
Number of hosts and servers inside the cloud
◦ Virtualized environmentChallenging to deploy correctly
◦ Online security IssuesProtecting a virtual implementation is not easy
when we are managing an NIDS within a cloud…..
![Page 21: Future Prediction: Network Intrusion Detection System in the cloud](https://reader034.vdocuments.us/reader034/viewer/2022051609/5454511bb1af9f80228b49f8/html5/thumbnails/21.jpg)
SHU - Information Systems Security (SAS)
What are the big players doing with IDS in the cloud?
![Page 22: Future Prediction: Network Intrusion Detection System in the cloud](https://reader034.vdocuments.us/reader034/viewer/2022051609/5454511bb1af9f80228b49f8/html5/thumbnails/22.jpg)
SHU - Information Systems Security (SAS)
Google Cloud
Do Google use an IDS? - Yes, of course they do.
“At many points across our global network, internal traffic is inspected for suspicious behavior, such as the presence of traffic that might indicate botnet connections. This analysis is performed using a combination of open source and commercial tools for traffic capture and parsing.”
- Security Whitepaper: Google Apps Messaging and Collaboration Products, Google.
![Page 23: Future Prediction: Network Intrusion Detection System in the cloud](https://reader034.vdocuments.us/reader034/viewer/2022051609/5454511bb1af9f80228b49f8/html5/thumbnails/23.jpg)
SHU - Information Systems Security (SAS)
Google Cloud
No – They explicitly state they protect their own network, they don’t mention your specific instances.
You are effectively outsourcing everything to a 3rd party.
![Page 24: Future Prediction: Network Intrusion Detection System in the cloud](https://reader034.vdocuments.us/reader034/viewer/2022051609/5454511bb1af9f80228b49f8/html5/thumbnails/24.jpg)
SHU - Information Systems Security (SAS)
Google Cloud
All out attack on Google?
Not that likely, but does happen and would probably be noticed.
You would be relatively safe, you are protected by the sheer size of Google. You aren’t a specific target.
![Page 25: Future Prediction: Network Intrusion Detection System in the cloud](https://reader034.vdocuments.us/reader034/viewer/2022051609/5454511bb1af9f80228b49f8/html5/thumbnails/25.jpg)
SHU - Information Systems Security (SAS)
Google Cloud
Attack on your specific instance?
Would Google notice?
![Page 26: Future Prediction: Network Intrusion Detection System in the cloud](https://reader034.vdocuments.us/reader034/viewer/2022051609/5454511bb1af9f80228b49f8/html5/thumbnails/26.jpg)
SHU - Information Systems Security (SAS)
Amazon Web Services (AWS)
Do Amazon use an IDS? - Yes, of course they do.
“AWS utilizes automated monitoring systems to provide a high level of service performance and availability. Proactive monitoring is available through a variety of online tools both for internal and external use.” - Amazon Web Services: Overview of Security Processes, Amazon.
![Page 27: Future Prediction: Network Intrusion Detection System in the cloud](https://reader034.vdocuments.us/reader034/viewer/2022051609/5454511bb1af9f80228b49f8/html5/thumbnails/27.jpg)
SHU - Information Systems Security (SAS)
Amazon Web Services (AWS)
No – Shared Responsibility Environment
Almost the same as Google so far;Amazon will protect their own systems, you look after your instances.
Amazon Responsibilities Customer Responsibilities
• Host Operating System
• Virtualisation Layer• Physical Security
• Guest Operating System• Associated Application
Software• Configuration of provided
firewall
![Page 28: Future Prediction: Network Intrusion Detection System in the cloud](https://reader034.vdocuments.us/reader034/viewer/2022051609/5454511bb1af9f80228b49f8/html5/thumbnails/28.jpg)
SHU - Information Systems Security (SAS)
Amazon Web Services (AWS)
The main difference between Amazon and Google? - AWS Marketplace
On AWS Marketplace there are 3 different companies offering IDSs specifically designed for AWS.
◦ Alertlogic◦ Metaflows◦ CloudPassage
![Page 29: Future Prediction: Network Intrusion Detection System in the cloud](https://reader034.vdocuments.us/reader034/viewer/2022051609/5454511bb1af9f80228b49f8/html5/thumbnails/29.jpg)
SHU - Information Systems Security (SAS)
Amazon Web Services (AWS)
The cloud specific solutions for an IDS in AWS are still really in their infancy.
But they are beginning to target the issues surrounding scaling the IDS and monitoring both cloud systems and traditional on site systems with the same software.
![Page 30: Future Prediction: Network Intrusion Detection System in the cloud](https://reader034.vdocuments.us/reader034/viewer/2022051609/5454511bb1af9f80228b49f8/html5/thumbnails/30.jpg)
SHU - Information Systems Security (SAS)
Google & AWS Summary
With Google and AWS you can’t monitor the entire network. You are limited to Host-Based Intrusion Detection Systems.
You have no access to the wider network, you need to leave this to the companies hosting your cloud solution.
A business decision needs to be made about if this is acceptable for an individual company.
![Page 31: Future Prediction: Network Intrusion Detection System in the cloud](https://reader034.vdocuments.us/reader034/viewer/2022051609/5454511bb1af9f80228b49f8/html5/thumbnails/31.jpg)
SHU - Information Systems Security (SAS)
Google & AWS Summary
Many SMEs don’t have the resource to implement NIDS effectively making cloud services an attractive prospect for them.
Larger enterprises can choose to take a blended approach keeping more business critical systems in a traditional system where they have more control and outsourcing less critical systems.
![Page 32: Future Prediction: Network Intrusion Detection System in the cloud](https://reader034.vdocuments.us/reader034/viewer/2022051609/5454511bb1af9f80228b49f8/html5/thumbnails/32.jpg)
SHU - Information Systems Security (SAS)
Prediction Times!• Fast Adaption Rate• Middleware• Virtually Growth
![Page 33: Future Prediction: Network Intrusion Detection System in the cloud](https://reader034.vdocuments.us/reader034/viewer/2022051609/5454511bb1af9f80228b49f8/html5/thumbnails/33.jpg)
SHU - Information Systems Security (SAS)
Fast Adaptation rateThe faster the better
![Page 34: Future Prediction: Network Intrusion Detection System in the cloud](https://reader034.vdocuments.us/reader034/viewer/2022051609/5454511bb1af9f80228b49f8/html5/thumbnails/34.jpg)
SHU - Information Systems Security (SAS)
Middleware
![Page 35: Future Prediction: Network Intrusion Detection System in the cloud](https://reader034.vdocuments.us/reader034/viewer/2022051609/5454511bb1af9f80228b49f8/html5/thumbnails/35.jpg)
SHU - Information Systems Security (SAS)Picture from: http://www.rationalsurvivability.com/blog/wp-content/media/2009/01/cloudtaxonomyontology_v15.jpg
PaaS
![Page 36: Future Prediction: Network Intrusion Detection System in the cloud](https://reader034.vdocuments.us/reader034/viewer/2022051609/5454511bb1af9f80228b49f8/html5/thumbnails/36.jpg)
SHU - Information Systems Security (SAS)
Virtually Growthfrom normal sensor to mini instance
![Page 37: Future Prediction: Network Intrusion Detection System in the cloud](https://reader034.vdocuments.us/reader034/viewer/2022051609/5454511bb1af9f80228b49f8/html5/thumbnails/37.jpg)
NIDS Deployment - in the Cloud ...
London
Singapore
NIDS NIDS
NIDS
,Virtualization
SHU - Information Systems Security (SAS)
Chicago
![Page 38: Future Prediction: Network Intrusion Detection System in the cloud](https://reader034.vdocuments.us/reader034/viewer/2022051609/5454511bb1af9f80228b49f8/html5/thumbnails/38.jpg)
SHU - Information Systems Security (SAS)
Centralized Configurationprovide just centralized signature is not enough!
![Page 39: Future Prediction: Network Intrusion Detection System in the cloud](https://reader034.vdocuments.us/reader034/viewer/2022051609/5454511bb1af9f80228b49f8/html5/thumbnails/39.jpg)
NIDS Deployment - Global Organizations
Chicago
London
Singapore
NIDSNIDS
Collecting Logs and Alarms
Apply rules or U
pdate
Signatures
SHU - Information Systems Security (SAS)
NIDS
Plus Configuration & Correlation
![Page 40: Future Prediction: Network Intrusion Detection System in the cloud](https://reader034.vdocuments.us/reader034/viewer/2022051609/5454511bb1af9f80228b49f8/html5/thumbnails/40.jpg)
SHU - Information Systems Security (SAS)
Summary
![Page 41: Future Prediction: Network Intrusion Detection System in the cloud](https://reader034.vdocuments.us/reader034/viewer/2022051609/5454511bb1af9f80228b49f8/html5/thumbnails/41.jpg)
SHU - Information Systems Security (SAS)
ThanksQ&A