Intelligent adware blocker symantec


Published on

Final Pune university's B.E project presentation

Published in: Education, Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Intelligent adware blocker symantec

  1. 1. Intelligent Adware Blocker By : - Sonal Kamble (B 3208528) - Chaitali Magdum (B 3208537) - Aditi Pantoji (B 3208546) - Prajakta Pednekar (B 3208550) Sponsored by : Symantec Corporation External Guide: Internal Guide: Mr. Vikram Saurabh Mr. Harshad Wadkar 06/26/11 Intelligent Adware Blocker
  2. 2. 06/26/11 Intelligent Adware Blocker <ul><li>Project Problem Statement: </li></ul><ul><li>To develop Intelligent Adware Blocker </li></ul><ul><li>Project Problem Statement Description: </li></ul><ul><li>Pop-up blocking application sits between client and server. </li></ul><ul><li>It sniffs the traffic and applies policies before rendering it to the client and the client will not be aware about this. </li></ul><ul><li>The policies applied should be based on predefined categories read by the application from database and user defined policies can also be added to it. </li></ul><ul><li>User defined policies can depend on certain predefined keywords and regular expressions. Predefined categories like bank, pornography, social media etc. </li></ul><ul><li>Area/Domain: Internet Security </li></ul>
  3. 3. <ul><li>Adware or  advertising-supported software is any  software  package which </li></ul><ul><li>automatically plays, displays or downloads advertisements to a computer. </li></ul><ul><li>Adware, by itself, is harmless however some adware may come with </li></ul><ul><li>integrated spyware such as key loggers and other privacy-invasive </li></ul><ul><li>software. </li></ul>What is Adware ? 06/26/11 Intelligent Adware Blocker
  4. 4. Need of Adware Blocker Application <ul><li>Adware Blocker application will be used to block Adware which can be in the form of Pop-up and Pop-under which we come across while accessing many websites. </li></ul><ul><li>Pop-up and pop-under blocker which comes along with Browsers like Internet Explorer, Mozilla blocks all categories of pop-ups and pop-unders. </li></ul><ul><li>There can be various categories like sports, news, shares, banking etc. So these pop-up and pop-under blocker will not provide facility of selecting which category of pop-up to allow and to deny. </li></ul><ul><li>Hence to provide facility of category selection we require Adware Blocker. </li></ul>06/26/11 Intelligent Adware Blocker
  5. 5. 06/26/11 Intelligent Adware Blocker Client Server Server Client Server Client HTTP Request HTTP Request HTTP Response HTTP Response + Adware Adware Blocker HTTP Request HTTP Request HTTP Response + Adware HTTP Response Ideal scenario Actual scenario Scenario in Project
  6. 6. Modes of Operation <ul><li>IDS mode </li></ul><ul><li>- Squid proxy server </li></ul><ul><li>- Snort </li></ul><ul><li>IPS mode </li></ul><ul><li>- Snort_inline </li></ul><ul><li>Bypass mode </li></ul>06/26/11 Intelligent Adware Blocker
  7. 7. 06/26/11 Intelligent Adware Blocker Back Packet Flow diagram IDS mode
  8. 8. 06/26/11 Intelligent Adware Blocker <ul><ul><li>Intelligent Adware Blocker IDS Mode </li></ul></ul>
  9. 9. 06/26/11 Intelligent Adware Blocker Back Packet Flow diagram IPS mode
  10. 10. Intelligent Adware Blocker IPS Mode 06/26/11 Intelligent Adware Blocker
  11. 11. Squid Proxy Server <ul><li>Squid is a high-performance proxy caching server for web clients, supporting FTP, gopher, and HTTP data objects. </li></ul><ul><li>Steps required to use Squid </li></ul><ul><li>Downlad and Install Squid </li></ul><ul><li>Configure Squid </li></ul><ul><li>acl bad_pc src </li></ul><ul><li>acl good dstdomain </li></ul><ul><li>http_access allow good </li></ul><ul><li>http_access deny bad_pc </li></ul><ul><li>Restart squid service </li></ul><ul><li>Monitoring User Access  The access information gets stored in the access.log file. </li></ul><ul><li>    </li></ul>06/26/11 Intelligent Adware Blocker Back to previous slide
  12. 12. Transparent Squid Proxy <ul><li>Modify Squid.conf http_port 3128 transparent </li></ul><ul><li>iptables -F </li></ul><ul><li>iptables -t nat -F </li></ul><ul><li># set this system as a router for Rest of LAN </li></ul><ul><li>iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE </li></ul><ul><li>iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT </li></ul><ul><li># unlimited access to LAN </li></ul><ul><li>iptables -A INPUT -i eth0 -j ACCEPT </li></ul><ul><li>iptables -A OUTPUT -o eth0 -j ACCEPT </li></ul><ul><li># DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy </li></ul><ul><li>iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j ACCEPT </li></ul><ul><li># if it is same system </li></ul><ul><li>iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128 </li></ul>06/26/11 Intelligent Adware Blocker
  13. 13. 06/26/11 Intelligent Adware Blocker Back
  14. 14. Snort <ul><li>Snort is a signature detection-based intrusion detection system (IDS) issues an alert when network traffic matches a signature in the dataset. </li></ul><ul><li>Snort can be used as a packet sniffer to capture traffic from the network, as a packet logger to save packets to a file or database, or as an IDS. </li></ul>06/26/11 Intelligent Adware Blocker Back to previous slide
  15. 15. Snort IDS mode <ul><li>IDS (Intrusion Detection System):- </li></ul><ul><li>An intrusion detection system ( IDS ) is a device or software application that monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station. </li></ul><ul><li>Modes of Snort IDS:- </li></ul><ul><li>Sniffer mode </li></ul><ul><li>Packet logger mode </li></ul><ul><li>NIDS mode </li></ul><ul><li>Snort IDS rule generation </li></ul><ul><li>alert tcp any 80 -> any any (content:”uim”; msg :“uim popup”; sid:1001;) </li></ul><ul><li>Command to run snort in IDS mode </li></ul><ul><li>snort –dev –i eth0 –l /var/log/snort –c /etc/snort/rules/ids.rules </li></ul><ul><li>Report Generation IDS mode </li></ul>06/26/11 Intelligent Adware Blocker
  16. 16. 06/26/11 Intelligent Adware Blocker Using Dom parser (i ds.rules) Back
  17. 17. 06/26/11 Intelligent Adware Blocker Back
  18. 18. Snort IPS mode <ul><li>IPS (Intrusion Prevention System): </li></ul><ul><li>The main functions of “intrusion prevention systems’’ are to identify malicious activity, log information about said activity, attempt to block/stop activity, and report activity. </li></ul><ul><li>To make snort work as IPS it has to be configured in either of the 3 modes: </li></ul><ul><li>Flexible response </li></ul><ul><li>Snort_inline </li></ul><ul><li>SnortSam </li></ul>06/26/11 Intelligent Adware Blocker Back to previous slide
  19. 19. Snort_inline dependency packages <ul><li>libipq </li></ul><ul><li>iptables-dev </li></ul><ul><li>libpcreflex </li></ul><ul><li>bison 1.2.1 </li></ul><ul><li>Libpcap 0.7.2 </li></ul><ul><li>Pcre </li></ul><ul><li>libdnet </li></ul><ul><li>libnet </li></ul><ul><li>libnet filter-queue-dev </li></ul><ul><li>dnet </li></ul>06/26/11 Intelligent Adware Blocker
  20. 20. Topology Required For Snort_Inline (IPS) 06/26/11 Intelligent Adware Blocker
  21. 21. Steps to implement snort_inline <ul><li>Implement Bridge. </li></ul><ul><li>Installation of required packages for snort_inline. </li></ul><ul><li>Install and Configure snort_inline with mysql facility. </li></ul><ul><li>Apply Iptable rules: </li></ul><ul><li>iptables –A INPUT –p icmp –j QUEUE </li></ul><ul><li>iptables –A FORWARD –p tcp –dport 80 –j QUEUE </li></ul><ul><li>Write rule in local.rules ( Rule Generation) </li></ul><ul><li>drop tcp any 80 -> any any (content :“google”; msg :“response from google”; sid:1001;) </li></ul><ul><li>Apply Snort_inline rule: </li></ul><ul><li>snort_inline – dev –c /etc/snort_inline/rules/ips.rules -Q -l /var/log/snort_inline </li></ul><ul><li>Report Generation IPS mode </li></ul>06/26/11 Intelligent Adware Blocker
  22. 22. 06/26/11 Intelligent Adware Blocker (ips.rules) (ips.rules) Using dom parser Back
  23. 23. 06/26/11 Intelligent Adware Blocker Back
  24. 24. 06/26/11 Intelligent Adware Blocker <ul><li>Technologies used: </li></ul><ul><li>JAVA ( servlet ) for application controller </li></ul><ul><li>jsp ( java server pages) and HTML for frontend </li></ul><ul><li>Java script (For form validations) </li></ul><ul><li>Perl script ( To store entries of Squid’s access.log into database table ) </li></ul><ul><li>Shell script ( To start and stop Snort, Snort inline and Squid’s services ) </li></ul><ul><li> ( To apply iptables rules according to modes ) </li></ul><ul><li>Operating System: Ubuntu 10.10 </li></ul>
  25. 25. Requirements for developing the system <ul><li>Hardware </li></ul><ul><li>Desktop PC’s or Laptops with Intel Pentium based x86 processor </li></ul><ul><li>Desktop PC with two NIC cards </li></ul><ul><li>Hard line/Wired internet connection </li></ul><ul><li>Switch(To implement Snort_inline) </li></ul><ul><li>Software </li></ul><ul><li>Snort (IDS) 2.8.52 with Mysql facility </li></ul><ul><li>Snort_inline and its dependency packages </li></ul><ul><li>Squid Proxy Server 2.7 </li></ul><ul><li>MySQL_Server 5.1.49 </li></ul><ul><li>MySQL_Client 5.1.49 </li></ul><ul><li>Apache Tomcat 6.0.32 web server </li></ul><ul><li>gcc 4.4.5 and gdb 7.2 to compile and debug code </li></ul><ul><li>JDK 1.6 </li></ul><ul><li>sed 4.2.1 </li></ul><ul><li>Browser software (Mozilla Firefox, Chromium, Epiphany) </li></ul>06/26/11 Intelligent Adware Blocker
  26. 26. Requirements for using the system <ul><li>Hardware </li></ul><ul><li>Desktop PC’s or Laptops with Intel Pentium based x86 processor </li></ul><ul><li>Hard line/Wired internet connection </li></ul><ul><li>Software </li></ul><ul><li>Browser software (Mozilla Firefox, Chromium, Epiphany, Internet Explorer) </li></ul><ul><li>Operating system for client machine (Linux or windows) </li></ul><ul><li>Operating system for server machine (Linux) </li></ul>06/26/11 Intelligent Adware Blocker
  27. 27. View Log <ul><li>LogBook.xslx </li></ul><ul><li> </li></ul>06/26/11 Intelligent Adware Blocker
  28. 28. References <ul><li>Squid: the definitive guide - by Duane Wessel </li></ul><ul><li>Snort: IDS and IPS toolkit - by Jay Beale, Andrew R. Baker </li></ul><ul><li>Snort cookbook - by Angela Orebaugh, Simon Biles, Jacob Babbin </li></ul><ul><li>Shell Scripting : Beginning Linux Programming by Neil Matthew and Richard Stones </li></ul><ul><li>Bridge Configuration </li></ul><ul><li>Iptables </li></ul><ul><li>Snort_inline </li></ul><ul><li> </li></ul><ul><li> </li></ul>06/26/11 Intelligent Adware Blocker
  29. 29. Achievement <ul><li>First prize in Project Competition </li></ul><ul><li>Arranged by THE INSTITUTION OF ELECTRONICS AND TELECOMMUNICATION ENGINEERS (IETE). </li></ul><ul><li>Held on </li></ul><ul><li>16 th April 2011 at AISSMS college of engineering </li></ul>06/26/11 Intelligent Adware Blocker
  30. 30. Acknowledgement : 06/26/11 Intelligent Adware Blocker Mr. Vikram Saurabh (External guide) Mr. Harshad Wadkar (Internal guide) Mrs. Madhura Tokekar (HOD) Mr. Makarand Velankar (Project Coordinator) Mr. Shripad Tawade
  31. 31. <ul><li>Thank you… </li></ul>06/26/11 Intelligent Adware Blocker