Sponsored By
Efika 5200B Project
Embedded Network Intrusion Detection and Prevention System (ENIPS)in category Applications & Software
proposed by Weqaar on 17th February 2006 (accepted on 20th March 2006)
Project Summary
An \"effective\" Intrusion Detection System is a very important part of a computer network. Many IDS & IPS solutions exist, from high-cost application specific hardware to low-cost open source PC based solutions, some provide only \'detection\' while others provide \'prevention\'. High-cost systems, with costly updates and lack of flexibility, many organizations prefer to adapt open source PC based solutions which in turn prove to be hard to manage and update, inefficient, occupy physical space and consume electric power >= typical PC.The project is to design an Embedded IPS & IDS that:
* Provides Intrusion Detection Facility
* Provides Intrusion Prevention Facility
* Upgradable at minimal additional cost for WiFi(802.11x) networks
* Very low-cost
* Licensed under GPL, FREE source & updates!
* Extremely flexible (Programmable I/O)
* Linux powered, thus fully customizable to needs
* Very easy to manage, provides GUI based management (http, SSH, SNMP)
* Consumes 1/50th the electric power of a typical PC
* Dissipates 1/50th the heat generated by a typical PC
* Occupies very small physical space, almost the size of 5.25\" drive
* Modular, smaller than a typical cellphone if \'Network Traffic Offloader(FPGA Filter)\' component is removed
ENIPS Project started at CABIT Research Laboratory at Arizona State University in June 2005. This project is also my senior design project. The project is completed using gumstix connex (PXA255 V5TE core) board, however I\'m not satisfied with the perfromance of the board and the kernel using that specific chip, I want to use PPC SOC board for packet-filtering and also for pre-filtering instead of using an external FPGA.
Description
ENIPS is made up of various hardware components and Linux has been used as the core operating system, though eCos is under research for the purpose. Intrusion detection facility is available in the linux kernel, a module is plugged into the kernel at run-time (or patch for monolithic kernels - undecided) that will monitor frames and transmit malicious frames to a point-to-point connected server for logging purposes. The Prevention System is an application that runs in user-space, on top of kernel, that takes actions according to rules defined for malicious frames.
Website: http://public.cabit.wpcarey.asu.edu/enips/
Project Blog Entries
