Scribd Logo
Upload

Welcome to Scribd!

  • SMB Global Ips Notification Via Webmin

    Uploaded by

    apai209030
    14 views21 pages
    2

    Original Title

    Fikri

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    2

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    14 views21 pages

    SMB Global Ips Notification Via Webmin

    Uploaded by

    apai209030
    2

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 21

    SMB GLOBAL IPS NOTIFICATION

    VIA WEBMIN

    MUHAMMAD FIKRI BIN A. HAMID

    BACHELOR OF INFORMATION TECHNOLOGY (HONS) IN COMPUTER SYSTEM SECURTY


    2015

    52261212242

    UNIVERSITY OF KUALA LUMPUR


    SEPTEMBER 2015

    SMB GLOBAL IPS NOTIFICATION


    VIA WEBMIN

    MUHAMMAD FIKRI BIN A. HAMID


    52261212242

    Report Submitted to Fulfill the Partial


    Requirements
    For the Bachelor of Information
    Technology (Hons) in Computer System
    Security

    University of Kuala Lumpur

    SEPTEMBER 2015

    DECLARATION

    I declare that this report is my original work all references have been cited
    adequately as required by the University.

    Date: 31/12/2015

    Signature
    Full Name: MUHAMMAD FIKRI BIN
    A. HAMID
    ID Number: 52261212242

    APPROVAL PAGE

    We have supervised and examined this report and verify that it meets the
    program and Universitys requirement for the Bachelor of Information
    Technology (HONS) in Computer System Security

    Date: 31/12/2015

    Signature:
    Supervisor: Madam Herny
    Ramadhani binti
    Mohd. Husny
    Official Stamp:

    Date: 31/12/2015

    Signature:
    Accessors: Sir Han Lock Siew
    Official Stamp:

    ACKNOWLEDGEMENT

    In the name of Allah, The Most Gracious, The Most Merciful, and Him alone are
    worthy of all praise.
    It is not possible for me to acknowledge individually the debt that I owe to
    who had made their contribution in preparing and writing this research project
    proposal. I would like to thank many people who helped me.
    Special thank go to my supervisor, Madam Herny Ramadhani bt Mohd
    Husny Hamid, Sir Han Lock Siew and Madam Yuhanis for her wonderful
    support, guidance and cooperation that had been given to me through the
    compilation of this project. I would also express my gratitude to Madam Hazimah
    who had been guiding the writing of this report from the beginning.
    I would like to thank my family and my friends for their deepest concern
    and investment during the course of this project. All of you are my strength and
    thank for everything.
    I would like to extend my sincere thanks to my fellow classmates and
    housemates, dedicated network lecture and BCSS lectures and the others for
    contributing and supporting me directly and indirectly.
    Thank you, may Allah SWT bless all of you.

    LIST OF TABLES
    Table 2.1 Comparison between Current IPS vs New Proposed IPS....25
    Table 3.1 Hardware Requirement...42
    Table 3.2 Software Requirement....43
    Table 4.1 : Software Requirement...
    45
    Table

    4.2:

    Hardware

    Requirement...

    ...46
    Table

    5.1:

    Display

    SQL

    Injection

    test..66
    Table

    5.2:

    Display

    Cross-Site

    Scripting

    test...67
    Table 5.2: Webmin display test...68

    LIST OF FIGURES
    Figure

    1.1

    Current

    IPS.

    ..............3
    Figure 2.1: Type of Attacks by layer............8
    Figure 2.2: Anatomy of Web Attack Process .........9
    Figure 2.3: SQL Injection Process......11
    Figure 2.4: IPS Architecture.
    ....15
    Figure

    2.5:

    Example

    of

    Signature

    based....16
    Figure 2.6: Example of Rule Base........
    ..17
    Figure

    2.7:

    Firewall

    Process.....

    .......18
    Figure

    2.8:

    Airsnare

    Intrusion

    Detection

    System.

    Intrusion

    Detection

    System.

    .....20
    Figure

    2.9:

    Airsnare

    .........21
    Figure 2.10: Airsnare Intrusion Detection System ..
    .....22

    Figure

    3.1:

    Rapid

    Application

    Development

    (RAD)

    .................28
    Figure 3.2: Penetration Testing using Burp suite.....36
    Figure

    3.3:

    Schools

    website...

    .37
    Figure 3.4: System Diagram on How the System Works ..
    .38
    Figure 3.5: Flow chart...39
    Figure
    3.7:
    Proposed
    project
    sketches.......................................40
    Figure
    3.8:
    Proposed

    project

    sketches................................41
    Figure 4.1: Schools website
    47
    Figure 4.2: Virtual Private Server...
    .48
    Figure

    4.3

    Web

    Application

    Firewall

    (WAF)

    .49
    Figure

    4.4:

    Flow

    chart

    ..

    ....50
    Figure 4.5: Command Installation Voyage Debian Process...51
    Figure

    4.6:

    Command

    ModSecurity/Apache

    2..

    ....52
    Figure 4.7: Create and Modified Base Rules...
    .53
    Figure 4.8: Reverse Proxy Architecture on IPS ..
    .60
    Figure

    4.9:

    Webmin..

    .62

    LIST OF FIGURES

    Figure 5.1: Result of IPS..


    .65
    Figure 5.2: Graph: Usefulness result.....
    .70

    10

    ABSTRACT
    This project is aimed to have an Intrusion Prevention System notification via
    Webmin in the real time in order to detect and prevent all SQL injection and
    Cross-Site Scripting attacks. It is one of the good solutions for improving
    network security to integrate many kinds of security techniques. Firewall and
    intrusion detection system can enforce security of the network effectively, but
    there are also drawbacks existing in themselves. Intrusion prevention system
    (IPS) is a technique combining the techniques of the firewall with that of the IDS
    properly. This project have three objective to achieve, in order to achieve the
    project goals, developer should be study the process or methods of IPS, create
    new basic rules for IPS and to test embedded webmin from IPS notification. A
    typical usage of a reverse proxy is to provide Internet users access to a server
    that is behind a firewall. Reverse proxies can also be used to balance load
    among several back-end servers or to provide caching for a slower back-end
    server. SMB IPS will be apply on schools website and developer used Burp
    Suite to test the functionality of this IPS. Once attacker inject the website, IPS
    will be notification via webmin to show the real time to detect and block the
    intrusion. In conclusion, this is the best methods to improve the security of the
    website from web attacks.

    11

    12

    CONTENT
    DECLARATION...................................................................................................iii
    APPROVAL PAGE....iv
    ACKNOWLEDGEMENT....v
    LIST OF TABLES...
    vi
    LIST

    OF

    FIGURES...

    ..vi
    ABSTRACT...vii
    CHAPTER 1: INTRODUCTION
    1.1

    Introduction....

    .....1
    1.2 Project Background.......2-3
    1.3 Problem statement.3-4
    1.3.1
    Application
    layer
    attacks
    are
    increase
    ..3
    1.3.2
    Current

    IPS

    not

    very

    efficiency

    ...........................4
    1.4 Problem Solving..
    ...4
    1.4.1

    Produce

    IPS

    and

    used

    reverse

    proxy

    methods...4
    1.4.2 Create updated rules and new signature of attacks ..
    .4
    1.5 Objectives...5
    1.6 Project Scope......56
    13

    1.6.1 Target User......5


    1.6.2 Key Functions of Intrusion Prevention System Technologies..
    .6
    1.7

    Project

    Significant......7

    1.8 Conclusion......7

    14

    CHAPTER 2: LITERATURE REVIEW


    2.1

    Introduction

    of

    Literature

    Review.....................................8
    2.2 Web attack.812
    2.2.1 Anatomy of web attack..910
    2.2.2 Type of web attack...1012
    2.2.2.1 SQL injection...11
    2.2.2.2
    Cross-site
    scripting.....12
    2.3 Method to protect from Web Attack.....1214
    2.3.1 Firewall...13
    2.3.2 Anti-virus....13
    2.3.3 Intrusion Prevention System.....
    ..14
    2.4 Information of Intrusion Prevention System....1519
    2.4.1

    Technique

    that

    be

    used

    on

    IPS.......15
    2.4.2 IPS Methods to Detect and Prevent Attacks ..1618
    2.4.3 Advantages using IPS..19
    2.5 Type of Current IPS...20-22
    2.5.1 Airsnare......20
    2.5.2 Metaflow Management Application....21
    15

    2.5.3 Malware Defender....22


    2.6 Typical component of IPS.....2324
    2.6.1 Hardware component ..
    23
    2.6.1.1 Raspberry Pi ...
    23
    2.6.2. Software Component........................24
    2.6.2.1 Snort....24
    2.6.2.2 ModSecurity....24
    2.6.2.3

    Virtual

    Private

    Prevention

    System

    Server.24
    2.7

    Comparison

    of

    Different

    Intrusion

    ..........25
    2.8 Conclusion......................26

    16

    CHAPTER 3: METHODOLOGY
    3.1

    Introduction....

    ...27
    3.2 Rapid Application Development......27-37
    3.2.1 Phase 1: Analysis Design and Quick Design .....2932
    3.2.2 Phase 2: Development (Build, Demonstrate and Refin..3335
    3.2.3 Phase 3: Testing ......36
    3.2.4 Phase 4: Implementation and release.
    ...37
    3.3 System Architecture.
    38
    3.4 Flow chart.....39
    3.5 Proposed project sketches.......4041
    3.6 Budget / Cost Estimation...4243
    3.6.1 Hardware Requirement....
    42
    3.6.2 Software Requirement.....43
    3.7 Conclusion....43

    17

    CHAPTER 4: PROTOTYPE AND DEVELOPMENT


    4.1

    Introduction....

    ...44
    4.2
    Overview

    of

    Product

    Development

    ..

    .....44
    4.3 System Requirement ....4146
    4.4 New proposed SMB IPS.............................4649
    4.4.1 System Module Structure.
    46
    4.4.1.1 Web Client.....
    ..47
    4.4.1.2 Virtual Private Server.48

    4.4.1.3 Web Application Firewall..........49


    4.5 Flow Chart..............5051
    4.6 System Development.5162
    18

    4.6.1 Installation Voyage Debian..51


    4.6.2
    Installation
    Modsecurity/
    Apache
    2.....52
    4.6.3 Create and Modified base Rules.....
    53
    4.6.3.1 Example of SQL Operator rules...
    .54
    4.6.3.2 Example of SQL Tautologies rules..
    .55
    4.6.3.3 Example of Blind SQL Injection rules..
    .56
    4.6.3.4 Example of XSS: Detect Event Handler Name rules.......57
    4.6.3.5
    Example
    of
    XSS
    Filters
    rules...............58
    4.6.3.6 Example of XSS: Detect Usage of Common URL
    Attributes..........59
    4.6.4 Reverse Proxy use on SMB IPS....6061
    4.6.5 Make Webmin....
    62
    4.7 Conclusion....62

    19

    CHAPTER 5: TESTING AND RESULT


    5.1 Introduction......63
    5.2 Testing .........63
    5.3 Testing Method ..64-70

    5.3.1 Functional System......64-68


    5.3.2 Usability Testing......69-70
    5.3.2.1 Selection of Participant..
    ...........69
    5.3.2.2 Testing Procedure......69
    5.3.2.3 Analysis Data......70
    5.3.2.4 Testing Result Based on Questionnaires...
    .70
    5.4 Conclusion....71
    CHAPTER 6: CONCLUSION AND RECOMMENDATION
    6.1 Introduction...........72
    6.2 Objective Achievement......72-73
    6.2.1 Project Objectives.72-73

    20

    6.3 Strengths and Limitations......7374


    6.3.1 Project Strength......74
    6.3.2 Project Limitation....74
    6.4 Future Enhancement (Recommendations)......75
    6.5

    Conclusion..

    ...75

    REFRENCES...76-79
    APPENDICE A: Questionnaire...................80
    APPENDIX B: Gantt Chart8183

    21

    You might also like