Secure Collective Internet Defense (SCID)
Download
Report
Transcript Secure Collective Internet Defense (SCID)
Secure Collective Defense Network
(SCOLD)
C. Edward Chow
Yu Cai
Dave Wilkinson
Sarah Jelinek
Part of this project is sponsored by a grant from NISSC; and a seed
grant from EAS RDC.
Chow
SCOLD
1
Goals of SCOLD Project
• The goal of the project is to investigate techniques
for enhancing Internet security and protecting the
Internet Infrastructure through collective defense.
• SCOLD explores the use of alternate gateways
and a collection of proxy servers for intrusion
tolerance.
• SCOLD pushes back intrusion attacks using an
enhanced IDIP (Intrusion Detection and Isolation
Protocol) and SLP (Service Location Protocol).
Chow
SCOLD
2
How to use Alternate Routes
When Under DDoS Attack
Chow
SCOLD
3
SCOLD Approach
Redirect Through Proxy Servers
Chow
SCOLD
4
Timeline and Deliverables
• Phase 1. 6/2/2003-7/9/2003 (feasibility study)
Extend Bind9 DNS with Secure DNS update/query including indirect
routing entries
Develop indirect routing with IP tunnel
NISSC Midterm Report.
• Phase 2. 7/10/2003-8/9/2003 (SCID 0.1 development)
Develop SCID protocol among SCID coordinator, proxy server, DNS
server, and target.
Integrate proxy server with A2D2 for intrusion detection.
Enhance A2D2 IDS with IDIP protocol for intrusion push back.
• Phase 3. 8/10/2003-9/9/2003
Create test scripts and benchmark to evaluate SCID version 0.1 system;
Suggest improvements to SCID version 0.2 system.
NISSC Final Report.
Chow
SCOLD
5
Status
• Extended Bind9 DNS with DNS update with new
indirect routing entry/query
• Developing client side indirect routing with IP tunnel
• Modified client resolve library to create IP tunnel when
receives new indirect routing entry from DNS server.
• Created protocol for SCOLD coordinator to issue the indirect
routing requests to target DNS, proxy server, alternate way,
and target server.
• Perform initial performance evaluation
• Setting up two SCOLD prototype test beds.
Chow
• One with virtual machines using vmware.
• One with real machines connected by small switch.
• Looking for sites to participate in real Internet WAN
tests!
SCOLD
6
Secure DNS Update
Chow
target.targetnet.com. 10 IN A 133.41.96.71
target.targetnet.com. 10 IN ALT 203.55.57.102
10 IN ALT 203.55.57.103
10 IN ALT 185.11.16.49
SCOLD
7
SCOLD Indirect Routing Using
Daemons
Chow
SCOLD
8
Indirect Routing With Modified
Client Resolve Library
Chow
SCOLD
9
How about using NAT?
Chow
SCOLD
10
Pro and Con of Using NAT
• Advantages:
– No changes in Client DNS server and Client
• Disadvantages:
– IP spoofing (Client use reverse DNS lookup
will find IP address belong to different
organization)
– Proxy server have limited IP addresses and
may force to use IP masquerade (Client
needs to use different port)
Chow
SCOLD
11
Pro and Con of Using SCOLD
• Advantages:
– Allow the use of multiple routes
• Use them simultaneously increase aggregate bandwidth
• Select one of them and fall back to other for reliability and
security
• Avoid bottleneck.
• Disadvantages:
– Require redesign of DNS and routing, modify the
client resolve library.
– Overhead associated with indirect route
Chow
SCOLD
12
SCOLD Testbed
Chow
SCOLD
13
Performance of SCOLD Systems
Chow
SCOLD
14
Performance of Enhanced Resolve
Library
Chow
SCOLD
15
Summary
• It is our hope that the preliminary research
results of the SCOLD project will produce
a valuable secure software package, and
provide valuable insights for the network
security related proposals.
• Currently we are focus on the secure DNS
update and indirect route
Chow
SCOLD
16
Need your help to test SCOLD
• Requirement for a full SCOLD service
node (capable of issuing reroute
requests):
– Three Linux Redhat 9 machines. Two served
as gateways with connections to two different
Internet subnets or ISPs. One runs target
DNS server, web server, and SCOLD
coordinator.
Chow
SCOLD
17