Saturday, March 31, 2018

Using IoT devices for IDS applications

During the summer of 2017, I investigated the use of IoT devices and their usefulness towards the application as a Network Intrusion Detection device. The group looked into the usefulness of the Raspberry Pi Zero W which would lend itself as a wireless intrusion device. This was a great experience in developing IoT devices. Due to the processor limitations the Raspberry Pi Zero W are perhaps the most limiting aspect of the RPZW for this application. The RPZW as a completely headless unit, with no intention of accessing the computer while relying on the configuration to provide notifications may be acceptable but if available try utilizing the 64-bit processor on that is implemented in the Raspberry Pi 3 Model B. Further, if one was to upgrade to the Raspberry Pi 3 model B one could still see a cost savings in comparison to the use of a standard off the shelf solution to an IDS.

In order to assemble the Raspberry Pi as an IDS first the acquisition of the memory card. For data storage Raspberry Pi’s utilize Micro SD cards, and due to the OS storage requirements a 16GB or larger drive is required. However, it is also noted that the 32GB solutions have been reported to be unstable over longer periods of time.


Writing the OS to the Raspberry Pi.

To install an OS onto the micro SD card one needs to download the image of the OS from the selected vendor in the case of this project that was downloaded from the Kali Linux site; https://docs.kali.org/introduction/download-official-kali-linux-images. Once the download has completed, with a windows computer one can use either one of the following two programs to write the image to the micro SD card, Etcher, or Win32DiskImager. Etcher is available from the following website: https://etcher.io/ and Win32DiskImager is available at: https://www.raspberrypi.org/downloads/. Once the image is written to the micro SD card one can install the card into the micro SD card on the RPZW.


Upgrading the Kali base

The original summer development of the IDS Raspberry Pi was dependent on instruction provided at the following blog site: https://whitedome.com.au/re4son/kali-pi/#swap. Also, of note the same individual provides a revision the Linux kernel that enables both Bluetooth and Wi-Fi connections this is modified kernel is available at: https://whitedome.com.au/re4son/re4son-kernel/. Once the device is booted and the user has logged on it is recommended that the Kali repositories be updated from a list of Kali repositories. Repositories can be located at this location https://docs.kali.org/general-use/kali-linux-sources-list-repositories.

Utilizing the Entire Storage Drive.

To install a graphical interface to expand the storage space execute the command “apt-get install gparted” the distro will quickly download and install the application. In the project, the storage space was expanded to use the full drive. Another modification to the base install provided was the swap file we enabled a recommended 1M swap file.

Updating the OS

To update the distribution package list, and upgrade the installed applications, to perform this the commands are “apt-get upgrade, and apt-get upgrade, they however can be combined as: “apt-get update && apt-get upgrade”. This will cause the computer to check for and install new versions of any installed applications that have newer versions available.

Listing of Sites used for the installation processes:
https://docs.kali.org/introduction/download-official-kali-linux-images
https://etcher.io/
https://whitedome.com.au/re4son/kali-pi/#swap
https://www.raspberrypi.org/downloads/
https://whitedome.com.au/re4son/re4son-kernel/
https://docs.kali.org/general-use/kali-linux-sources-list-repositories
https://github.com/joanbono/Snorter

Next time - Installation of software on the Raspberry Pi IDS.

References

1.      Abbasi, A., Zahedi, F. “., Zeng, D., Chen, Y., Chen, H., & Nunamaker, J. F. (n.d.).
2.       Advanced Threat Protection Buyer's Guide. (2016, 5 10). Computer Weekly, pp. p1-18. 18p.
3.       Ashish Malik, A. K. (2015). A Comparative Analysis of Network Topologies in Wired Network. IUP Journal of Telecommunications Vol 7 Issue 4, p7-15.
4.       BarnYard2. (2017, July 21). Retrieved from http://www.forensicswiki.org/wiki/Barnyard2: http://www.forensicswiki.org/wiki/Barnyard2
5.       GFI Software. (2017, 6 18). Security Threats: A guide for small and Medium businesses. Retrieved from www.gfi.com: www.gfi.com/whitepapers/security_threats_SMBs.pdf
6.       Gupta, A., & Zhdanov, D. (2012). GROWTH AND SUSTAINABILITY OF MANAGED SECURITY SERVICES NETWORKS: AN ECONOMIC PERSPECTIVE. MIS Quarterly, p1109-A7. 29p.
7.       Hassen Sallay, S. B. (2015). Intrusion detection alert management for high-speed networks: current researches and applications. John Wiley & Sons, Ltd.
8.       https://websnort.readthedocs.io/en/latest/. (2017, July 23). Retrieved from https://websnort.readthedocs.io/en/latest/: https://websnort.readthedocs.io/en/latest/
9.       Internal Segmentation Firewall. (2016, 5 10). Computer Weekly, pp. p1-12, 12p.
10.   Jr., G. S., Goyal, S., & Singh, G. (2014). Intrusion Detection Using Network Monitoring Tools. The IUP Journal of Computer Sciences, Vol. IX, No. 4,, pg. 45-58.
11.   Kismet Wireless. (2017, July 21). Retrieved from https://www.kismetwireless.net/: https://www.kismetwireless.net/
12.   Lazarevic, A., Kumar, V., & Srivastava, J. (2005). Intrusion Detection: A Survey. In A. Lazarevic, V. Kumar, & J. Srivastava, Managing Cyber Threats: Issues, Approaches, and Challenges (pp. 19-78). Boston, Ma: Springer US.
13.   McNab, C. (2008). Network Security Assesment, Edited by Tatiana Apandi; 2nd ed. Sebastopol: O'Reilly Media.
14.   Mohammad Sazzadul Hoque, M. A. (2012). An Implementation of Intrusion Detection System Using Genetic Algorithm. International Journal of Network Security & Its Applications, Volume 4, Number 2, pages 109-120.
15.   Obaidat, M. a. (2007). Security of e-Systems and Computer Networks. New York: Cambridge University Press.
16.   Perez, A. (2014). Network Security. London, [England]; Hoboken, New Jersey;: ISTE Limited : John Wiley & Sons.
17.   Pfleeger, C. a. (2007). Security In Computing. 4th Ed. Boston: Pearson Education, Inc.
18.   Raspbery Pi Foundation. (2017, Febuary 1). Introducing the Raspberry Pi Zero W. Retrieved from raspberrypi.org: https://www.raspberrypi.org/magpi/pi-zero-w/
19.   Rouse, M. (2014, 11 1). http://whatis.techtarget.com/definition/Confidentiality-integrity-and-availability-CIA. Retrieved from http://whatis.techtarget.com: http://whatis.techtarget.com
20.   Schifreen, R. (2006). Defeating the Hacker: A Non-Technical Guide to IT Security. West Sussex: John Wiley & Sons.
21.   Securing Your Network and Application Infrastructure. (2016, 5 10). Computer Weekly, pp. p2-62, 63p.
22.   Snort. (2017, July 23). Retrieved from https://www.snort.org/: https://www.snort.org/
23.   Snort FAQ. (2017, July 23). Retrieved from snort.org: https://www.snort.org/faq/what-is-snort
24.   Steinberg, J. (2015). Official (ISC)2 Guide to the CICCP-ISSP CBK. 2nd ed. Boca Raton: Taylor & Francis Group, LLC.
25.   Syed, M. R., & Kar, D. C. (2011). Network Security, Administration, and Management : Advancing Technology and Practice. Hershey Pa: IGI Global.
26.   Timofte, J. (2008). Intrusion Detection using Open Source Tools. Revista Informatica Economică , 75-79.
27.   Vacca, J. R. (2014). Network and System Security. Amsterdam: Syngress.
28.   Wang, C. &. (2007). Department of Defense Sponsored Information Security Research : New Methods for Protecting Against Cyber Threats. Hoboken: Wiley.
29.   WireShark.org. (2017, July 23). Retrieved from WireShark.org: https://www.wireshark.org/

2 comments:

  1. Hello Lee,

    With such a small storage size to work with, the Linus OS seems to be the best fit. I was looking around and looks like the Linux takes up ~7GB, while a Windows installation can run about ~20GB. Way to go on the research for this one. Have you considered writing your course research paper on IDS applications?

    - Wesley

    ReplyDelete
    Replies
    1. Kali Linux needed about 16 GB of space to run. If i remember the final installation with all it's extras ran just around 14 gb. It could run snort and everything else. Windows 10 IoT is a bare bones that runs single use applications. OpenSuse had sent me an email reporting they have a lite version of Suse ready now for the Pi3. However you can install normal Suse on an 8 GB sd card.

      Delete