Intelligent Adware Blocker By : - Sonal Kamble  (B 3208528) - Chaitali Magdum  (B 3208537) - Aditi Pantoji  (B 3208546) - ...
06/26/11 Intelligent Adware Blocker <ul><li>Project Problem Statement: </li></ul><ul><li>To develop Intelligent Adware Blo...
<ul><li>Adware  or  advertising-supported  software is  any  software  package which </li></ul><ul><li>automatically  play...
Need of Adware Blocker Application <ul><li>Adware Blocker  application  will be used to block Adware which  can  be in the...
06/26/11 Intelligent Adware Blocker Client Server Server Client Server Client HTTP Request HTTP Request HTTP Response HTTP...
Modes of Operation <ul><li>IDS mode  </li></ul><ul><li>-  Squid proxy server </li></ul><ul><li>-  Snort  </li></ul><ul><li...
06/26/11 Intelligent Adware Blocker Back Packet Flow diagram IDS mode
06/26/11 Intelligent Adware Blocker <ul><ul><li>Intelligent Adware Blocker IDS Mode  </li></ul></ul>
06/26/11 Intelligent Adware Blocker Back Packet Flow diagram IPS mode
Intelligent Adware Blocker IPS Mode  06/26/11 Intelligent Adware Blocker
Squid Proxy Server <ul><li>Squid is a high-performance proxy caching server for web clients, supporting FTP, gopher, and H...
Transparent Squid Proxy <ul><li>Modify Squid.conf   http_port  3128  transparent </li></ul><ul><li>iptables -F </li></ul><...
06/26/11 Intelligent Adware Blocker Back
Snort <ul><li>Snort is a signature detection-based intrusion detection system (IDS) issues an alert when network traffic m...
Snort IDS mode <ul><li>IDS (Intrusion Detection System):- </li></ul><ul><li>An  intrusion detection system  ( IDS ) is a d...
06/26/11 Intelligent Adware Blocker Using Dom parser (i ds.rules) Back
06/26/11 Intelligent Adware Blocker Back
Snort IPS mode <ul><li>IPS (Intrusion Prevention System): </li></ul><ul><li>The main functions of  “intrusion prevention s...
Snort_inline dependency packages <ul><li>libipq </li></ul><ul><li>iptables-dev </li></ul><ul><li>libpcreflex </li></ul><ul...
Topology Required For Snort_Inline (IPS) 06/26/11 Intelligent Adware Blocker
Steps to implement snort_inline <ul><li>Implement Bridge. </li></ul><ul><li>Installation of required packages for snort_in...
06/26/11 Intelligent Adware Blocker (ips.rules) (ips.rules) Using dom parser Back
06/26/11 Intelligent Adware Blocker Back
06/26/11 Intelligent Adware Blocker <ul><li>Technologies used:  </li></ul><ul><li>JAVA ( servlet ) for application control...
Requirements for developing the system <ul><li>Hardware </li></ul><ul><li>Desktop PC’s or Laptops with Intel Pentium based...
Requirements for using the system <ul><li>Hardware </li></ul><ul><li>Desktop PC’s or Laptops with Intel Pentium based x86 ...
View Log  <ul><li>LogBook.xslx </li></ul><ul><li>http://cumminsit14symantec.blogspot.com </li></ul>06/26/11 Intelligent Ad...
References <ul><li>Squid: the definitive guide -  by Duane Wessel </li></ul><ul><li>Snort: IDS and IPS toolkit -  by Jay B...
Achievement <ul><li>First prize  in Project Competition  </li></ul><ul><li>Arranged by  THE INSTITUTION OF ELECTRONICS AND...
Acknowledgement : 06/26/11 Intelligent Adware Blocker Mr. Vikram Saurabh  (External guide) Mr. Harshad Wadkar  (Internal g...
<ul><li>Thank  you… </li></ul>06/26/11 Intelligent Adware Blocker
Upcoming SlideShare
Loading in...5
×

Intelligent adware blocker symantec

1,754

Published on

Final Pune university's B.E project presentation

Published in: Education, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,754
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
15
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Intelligent adware blocker symantec

  1. 1. Intelligent Adware Blocker By : - Sonal Kamble (B 3208528) - Chaitali Magdum (B 3208537) - Aditi Pantoji (B 3208546) - Prajakta Pednekar (B 3208550) Sponsored by : Symantec Corporation External Guide: Internal Guide: Mr. Vikram Saurabh Mr. Harshad Wadkar 06/26/11 Intelligent Adware Blocker
  2. 2. 06/26/11 Intelligent Adware Blocker <ul><li>Project Problem Statement: </li></ul><ul><li>To develop Intelligent Adware Blocker </li></ul><ul><li>Project Problem Statement Description: </li></ul><ul><li>Pop-up blocking application sits between client and server. </li></ul><ul><li>It sniffs the traffic and applies policies before rendering it to the client and the client will not be aware about this. </li></ul><ul><li>The policies applied should be based on predefined categories read by the application from database and user defined policies can also be added to it. </li></ul><ul><li>User defined policies can depend on certain predefined keywords and regular expressions. Predefined categories like bank, pornography, social media etc. </li></ul><ul><li>Area/Domain: Internet Security </li></ul>
  3. 3. <ul><li>Adware or  advertising-supported software is any  software  package which </li></ul><ul><li>automatically plays, displays or downloads advertisements to a computer. </li></ul><ul><li>Adware, by itself, is harmless however some adware may come with </li></ul><ul><li>integrated spyware such as key loggers and other privacy-invasive </li></ul><ul><li>software. </li></ul>What is Adware ? 06/26/11 Intelligent Adware Blocker
  4. 4. Need of Adware Blocker Application <ul><li>Adware Blocker application will be used to block Adware which can be in the form of Pop-up and Pop-under which we come across while accessing many websites. </li></ul><ul><li>Pop-up and pop-under blocker which comes along with Browsers like Internet Explorer, Mozilla blocks all categories of pop-ups and pop-unders. </li></ul><ul><li>There can be various categories like sports, news, shares, banking etc. So these pop-up and pop-under blocker will not provide facility of selecting which category of pop-up to allow and to deny. </li></ul><ul><li>Hence to provide facility of category selection we require Adware Blocker. </li></ul>06/26/11 Intelligent Adware Blocker
  5. 5. 06/26/11 Intelligent Adware Blocker Client Server Server Client Server Client HTTP Request HTTP Request HTTP Response HTTP Response + Adware Adware Blocker HTTP Request HTTP Request HTTP Response + Adware HTTP Response Ideal scenario Actual scenario Scenario in Project
  6. 6. Modes of Operation <ul><li>IDS mode </li></ul><ul><li>- Squid proxy server </li></ul><ul><li>- Snort </li></ul><ul><li>IPS mode </li></ul><ul><li>- Snort_inline </li></ul><ul><li>Bypass mode </li></ul>06/26/11 Intelligent Adware Blocker
  7. 7. 06/26/11 Intelligent Adware Blocker Back Packet Flow diagram IDS mode
  8. 8. 06/26/11 Intelligent Adware Blocker <ul><ul><li>Intelligent Adware Blocker IDS Mode </li></ul></ul>
  9. 9. 06/26/11 Intelligent Adware Blocker Back Packet Flow diagram IPS mode
  10. 10. Intelligent Adware Blocker IPS Mode 06/26/11 Intelligent Adware Blocker
  11. 11. Squid Proxy Server <ul><li>Squid is a high-performance proxy caching server for web clients, supporting FTP, gopher, and HTTP data objects. </li></ul><ul><li>Steps required to use Squid </li></ul><ul><li>Downlad and Install Squid </li></ul><ul><li>Configure Squid </li></ul><ul><li>acl bad_pc src 172.16.32.48 </li></ul><ul><li>acl good dstdomain .google.com </li></ul><ul><li>http_access allow good </li></ul><ul><li>http_access deny bad_pc </li></ul><ul><li>Restart squid service </li></ul><ul><li>Monitoring User Access  The access information gets stored in the access.log file. </li></ul><ul><li>    </li></ul>06/26/11 Intelligent Adware Blocker Back to previous slide
  12. 12. Transparent Squid Proxy <ul><li>Modify Squid.conf http_port 3128 transparent </li></ul><ul><li>iptables -F </li></ul><ul><li>iptables -t nat -F </li></ul><ul><li># set this system as a router for Rest of LAN </li></ul><ul><li>iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE </li></ul><ul><li>iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT </li></ul><ul><li># unlimited access to LAN </li></ul><ul><li>iptables -A INPUT -i eth0 -j ACCEPT </li></ul><ul><li>iptables -A OUTPUT -o eth0 -j ACCEPT </li></ul><ul><li># DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy </li></ul><ul><li>iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j ACCEPT </li></ul><ul><li># if it is same system </li></ul><ul><li>iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128 </li></ul>06/26/11 Intelligent Adware Blocker
  13. 13. 06/26/11 Intelligent Adware Blocker Back
  14. 14. Snort <ul><li>Snort is a signature detection-based intrusion detection system (IDS) issues an alert when network traffic matches a signature in the dataset. </li></ul><ul><li>Snort can be used as a packet sniffer to capture traffic from the network, as a packet logger to save packets to a file or database, or as an IDS. </li></ul>06/26/11 Intelligent Adware Blocker Back to previous slide
  15. 15. Snort IDS mode <ul><li>IDS (Intrusion Detection System):- </li></ul><ul><li>An intrusion detection system ( IDS ) is a device or software application that monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station. </li></ul><ul><li>Modes of Snort IDS:- </li></ul><ul><li>Sniffer mode </li></ul><ul><li>Packet logger mode </li></ul><ul><li>NIDS mode </li></ul><ul><li>Snort IDS rule generation </li></ul><ul><li>alert tcp any 80 -> any any (content:”uim”; msg :“uim popup”; sid:1001;) </li></ul><ul><li>Command to run snort in IDS mode </li></ul><ul><li>snort –dev –i eth0 –l /var/log/snort –c /etc/snort/rules/ids.rules </li></ul><ul><li>Report Generation IDS mode </li></ul>06/26/11 Intelligent Adware Blocker
  16. 16. 06/26/11 Intelligent Adware Blocker Using Dom parser (i ds.rules) Back
  17. 17. 06/26/11 Intelligent Adware Blocker Back
  18. 18. Snort IPS mode <ul><li>IPS (Intrusion Prevention System): </li></ul><ul><li>The main functions of “intrusion prevention systems’’ are to identify malicious activity, log information about said activity, attempt to block/stop activity, and report activity. </li></ul><ul><li>To make snort work as IPS it has to be configured in either of the 3 modes: </li></ul><ul><li>Flexible response </li></ul><ul><li>Snort_inline </li></ul><ul><li>SnortSam </li></ul>06/26/11 Intelligent Adware Blocker Back to previous slide
  19. 19. Snort_inline dependency packages <ul><li>libipq </li></ul><ul><li>iptables-dev </li></ul><ul><li>libpcreflex </li></ul><ul><li>bison 1.2.1 </li></ul><ul><li>Libpcap 0.7.2 </li></ul><ul><li>Pcre </li></ul><ul><li>libdnet </li></ul><ul><li>libnet </li></ul><ul><li>libnet filter-queue-dev </li></ul><ul><li>dnet </li></ul>06/26/11 Intelligent Adware Blocker
  20. 20. Topology Required For Snort_Inline (IPS) 06/26/11 Intelligent Adware Blocker
  21. 21. Steps to implement snort_inline <ul><li>Implement Bridge. </li></ul><ul><li>Installation of required packages for snort_inline. </li></ul><ul><li>Install and Configure snort_inline with mysql facility. </li></ul><ul><li>Apply Iptable rules: </li></ul><ul><li>iptables –A INPUT –p icmp –j QUEUE </li></ul><ul><li>iptables –A FORWARD –p tcp –dport 80 –j QUEUE </li></ul><ul><li>Write rule in local.rules ( Rule Generation) </li></ul><ul><li>drop tcp any 80 -> any any (content :“google”; msg :“response from google”; sid:1001;) </li></ul><ul><li>Apply Snort_inline rule: </li></ul><ul><li>snort_inline – dev –c /etc/snort_inline/rules/ips.rules -Q -l /var/log/snort_inline </li></ul><ul><li>Report Generation IPS mode </li></ul>06/26/11 Intelligent Adware Blocker
  22. 22. 06/26/11 Intelligent Adware Blocker (ips.rules) (ips.rules) Using dom parser Back
  23. 23. 06/26/11 Intelligent Adware Blocker Back
  24. 24. 06/26/11 Intelligent Adware Blocker <ul><li>Technologies used: </li></ul><ul><li>JAVA ( servlet ) for application controller </li></ul><ul><li>jsp ( java server pages) and HTML for frontend </li></ul><ul><li>Java script (For form validations) </li></ul><ul><li>Perl script ( To store entries of Squid’s access.log into database table ) </li></ul><ul><li>Shell script ( To start and stop Snort, Snort inline and Squid’s services ) </li></ul><ul><li> ( To apply iptables rules according to modes ) </li></ul><ul><li>Operating System: Ubuntu 10.10 </li></ul>
  25. 25. Requirements for developing the system <ul><li>Hardware </li></ul><ul><li>Desktop PC’s or Laptops with Intel Pentium based x86 processor </li></ul><ul><li>Desktop PC with two NIC cards </li></ul><ul><li>Hard line/Wired internet connection </li></ul><ul><li>Switch(To implement Snort_inline) </li></ul><ul><li>Software </li></ul><ul><li>Snort (IDS) 2.8.52 with Mysql facility </li></ul><ul><li>Snort_inline and its dependency packages </li></ul><ul><li>Squid Proxy Server 2.7 </li></ul><ul><li>MySQL_Server 5.1.49 </li></ul><ul><li>MySQL_Client 5.1.49 </li></ul><ul><li>Apache Tomcat 6.0.32 web server </li></ul><ul><li>gcc 4.4.5 and gdb 7.2 to compile and debug code </li></ul><ul><li>JDK 1.6 </li></ul><ul><li>sed 4.2.1 </li></ul><ul><li>Browser software (Mozilla Firefox, Chromium, Epiphany) </li></ul>06/26/11 Intelligent Adware Blocker
  26. 26. Requirements for using the system <ul><li>Hardware </li></ul><ul><li>Desktop PC’s or Laptops with Intel Pentium based x86 processor </li></ul><ul><li>Hard line/Wired internet connection </li></ul><ul><li>Software </li></ul><ul><li>Browser software (Mozilla Firefox, Chromium, Epiphany, Internet Explorer) </li></ul><ul><li>Operating system for client machine (Linux or windows) </li></ul><ul><li>Operating system for server machine (Linux) </li></ul>06/26/11 Intelligent Adware Blocker
  27. 27. View Log <ul><li>LogBook.xslx </li></ul><ul><li>http://cumminsit14symantec.blogspot.com </li></ul>06/26/11 Intelligent Adware Blocker
  28. 28. References <ul><li>Squid: the definitive guide - by Duane Wessel </li></ul><ul><li>Snort: IDS and IPS toolkit - by Jay Beale, Andrew R. Baker </li></ul><ul><li>Snort cookbook - by Angela Orebaugh, Simon Biles, Jacob Babbin </li></ul><ul><li>Shell Scripting : Beginning Linux Programming by Neil Matthew and Richard Stones </li></ul><ul><li>Bridge Configuration http://www.faqs.org/docs/Linux-HOWTO/Ethernet-Bridge-netfilter-HOWTO.html </li></ul><ul><li>Iptables http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch14_:_Linux_Firewalls_Using_iptables </li></ul><ul><li>Snort_inline </li></ul><ul><li>http://openmaniak.com/snort_tutorial_snort.php#ancre-manual </li></ul><ul><li>http://support.avaya.com/css/P8/documents/003915688 </li></ul>06/26/11 Intelligent Adware Blocker
  29. 29. Achievement <ul><li>First prize in Project Competition </li></ul><ul><li>Arranged by THE INSTITUTION OF ELECTRONICS AND TELECOMMUNICATION ENGINEERS (IETE). </li></ul><ul><li>Held on </li></ul><ul><li>16 th April 2011 at AISSMS college of engineering </li></ul>06/26/11 Intelligent Adware Blocker
  30. 30. Acknowledgement : 06/26/11 Intelligent Adware Blocker Mr. Vikram Saurabh (External guide) Mr. Harshad Wadkar (Internal guide) Mrs. Madhura Tokekar (HOD) Mr. Makarand Velankar (Project Coordinator) Mr. Shripad Tawade
  31. 31. <ul><li>Thank you… </li></ul>06/26/11 Intelligent Adware Blocker
  1. ¿Le ha llamado la atención una diapositiva en particular?

    Recortar diapositivas es una manera útil de recopilar información importante para consultarla más tarde.

×