Networking & Security Projects

Links

Honeypot Project

Quozl's Temperature Sensor Project

OpenVZ

Student:	Jim Owens
Instructor:	Jeanna Matthews
Semester:	Spring 2007
Credit hours:	3
Email:	owensjp@clarkson.edu
Telephone:	315-353-2420 518-335-5315 (cell)

Project Descriptions

Throughout the semester, I will be engaged in a variety of projects related to networking and security, most of which are related to my masters thesis topic. Brief descriptions of the projects are provided below.

Web-based HoneyPot

During the Fall 2006 semester, I participated in a project with another Clarkson computer science student to set up and operate a low-interaction honeypot at an off-campus location. The goals of the project are to

Collect data regarding current Web-based security threats
Intercept and analyze malware tools downloaded by attackers
Study and document common attack profiles
Generate statistics on Web-based attacks

This semester, I will continue to operate the honeypot and extend the project to develop a number of tools to enhance and streamline collection and analysis of attack data, including

Automated scripts to parse and insert honeypot log data into a database
Stored procedures to generate statistics and possibly graphs of attack activity
A Web-based tool for browsing attack activity and displaying aggregate data
Extended functionality within the low-interaction honeypot application

The project deliverable will be a virtual machine image of a complete honeypot collection and analysis system incorporating the features listed above.

Temperature Monitoring Project

I will develop and install a temperature monitoring system consisting of an 8-pin microcontroller-based circuit and four DS1820 sensors to collect and report temperature information in the COSI and ITL labs and their shared server room. The system will incorporate a number of Python and PHP scripts, as well as a round-robin database and graphing tool. In addition to emailing notification of critical temperature conditions, I will also explore SMS text messaging alerts to lab admins.

The project deliverable will be a working temperature monitoring system. I will also present an overview of the project to a combined COSI/ITL audience this semester.

Update: 2/16/07

Completed setup and configuration of a rudimentary temperature monitoring system, with one sensor located on the COSI side of the server room. I also created a simple Web application that reports the current temperature and displays graphs depicting history for the past 1, 12, and 24 hours, respectively.

Update: 3/2/07

Incorporated a second temperature sensor, on the ITL side of the server room, into the system. Two more sensors will be added eventually, one in each of the labs themselves. These sensors will be installed once the networking project in these labs is complete.

Update: 3/14/07

I gave a presentation on the hardware and software components of the temperature monitoring system this evening. The following materials used in this presentation are available for download:

Temperature monitoring slideshow
Cron scripts: gettemp.php and graphtemp.php, to store and graph data
Server-side script: temp.php, to display data and graphs

OpenVZ Isolation and Live Migration Testing

As an extension of my studies of virtualization in CS 654, I will do isolation testing of OpenVZ guests and study live migration of guests between servers on the same subnet. I will present the results of my testing to a combined COSI/ITL audience this semester.

Update: 2/21/07

I gave a presentation on live migration of OpenVZ guests, including a demonstration of the live migration of a LAMP server guest running a small Web-based database application between two physical hosts on the local network. In several trials, the total time required to migrate this guest was less than 30 seconds. The service interruption of the Web application was perceptible to users, but might have easily been mistaken for routine network congestion.

Update: 3/6/07

Completed setup of an OpenVZ system with four guests for isolation testing. Preliminary testing with one guest running a fork bomb indicates fairly good isolation performance. Stay tuned for more detailed results!

Wireless Equivalent Privacy (WEP)

WEP was adopted in 1999 as part of the orginial IEEE 802.11 standard to provide confidentiality on wireless networks. It uses the RC4 stream cipher algorithm for encryption and CRC-32 checksums for integrity. Some inherent weaknesses in the technologies supporting WEP were understood even before its adoption, so it wasn't long before serious attacks on WEP were developed and distributed. Academic papers on cracking WEP began to appear as early as 2001 and, by 2006, The Final Nail in WEP's Coffin was in place. The paper's authors introduced a new approach to cracking WEP, called the fragmentation attack, which exploited WEP's weaknesses in such fundamental ways that any additional patches to the protocol would clearly not solve its core vulnerabilities.

This semester, I undertook a study of the WEP protocol, its weaknesses, and a variety of tools that have been developed to exploit those weaknesses, including Kismet and Aircrack. I experimented with these tools on a home network to discover an efficient and reliable procedure for cracking both 64- and 128-bit WEP keys.

On 4/11/07, I gave a presentation on the WEP protocol to a combined COSI/ITL audience and demonstrated the use of Kismet and Aircrack-ng in cracking a 64-bit WEP key.