Visual Network Threat Level Indicator
31251 Views, 140 Favorites, 0 Comments
Visual Network Threat Level Indicator
Network monitoring is very important in todays world. The internet is a scary place. People have taken steps to raise their awareness by installing Intrusion Detection Systems(IDS) such as SNORT.
The problem with most of these systems is that upon first installing them they are vigilantly watched. After a week the allure wears off and they are no longer monitored, silently churning away in the depths of the network.
By moving the visualization outside of the computer we make it easier to notice, providing the information at a glance and to a larger audience.
The Visual Threat Level Indicator (VTLI) requires a network connection and power. It does not need to be directly attached to a computer, this way it can be placed anywhere there is network access.
A python script is run on the IDS which connects the the Arduino and updates the display.
The problem with most of these systems is that upon first installing them they are vigilantly watched. After a week the allure wears off and they are no longer monitored, silently churning away in the depths of the network.
By moving the visualization outside of the computer we make it easier to notice, providing the information at a glance and to a larger audience.
The Visual Threat Level Indicator (VTLI) requires a network connection and power. It does not need to be directly attached to a computer, this way it can be placed anywhere there is network access.
A python script is run on the IDS which connects the the Arduino and updates the display.
Parts
You will need the following:
-An IDS running SNORT http://www.snort.org/
-Arduino Uno
-Arduino Ethernet Shield
-Arduino Proto Shield
-10x 470Ω resistors
-10 Segment LED bar graph
-Solder, wires, soldering iron
-An IDS running SNORT http://www.snort.org/
-Arduino Uno
-Arduino Ethernet Shield
-Arduino Proto Shield
-10x 470Ω resistors
-10 Segment LED bar graph
-Solder, wires, soldering iron
Brief Overview
The VTLI process runs on the IDS and the Arduino.
The Arduino listens for incoming connections to update the display.
The IDS machine has a python script running that will look at the last 24 hours of the snort log to generate the threat level. It connects over the network to the Arduino to update the display. This should run out of cron an interval appropriate to the environment, 5 minutes is a good guess.
The Arduino listens for incoming connections to update the display.
The IDS machine has a python script running that will look at the last 24 hours of the snort log to generate the threat level. It connects over the network to the Arduino to update the display. This should run out of cron an interval appropriate to the environment, 5 minutes is a good guess.
Program Arduino
You need to attach the ethernet shield to the Arduino Uno, take note of the MAC address. Change this in the code attached. Also assign an IP address to the ethernet shield.
Downloads
Solder the Proto Board
You will need to solder the LED bar graph to the Proto Board.
Use pins 2-9 for the first 8 LEDS and pins 14,15 for the last two. Pins 10-13 are used for the ethernet shield and so they are off limits.
You will want to use current limiting resistors between the pins and the bar graph, 470Ω work nicely.
Attach the negative side of the LED to ground. The space on the bottom left of the proto shield works nicely.
Sandwich all three boards together.
Use pins 2-9 for the first 8 LEDS and pins 14,15 for the last two. Pins 10-13 are used for the ethernet shield and so they are off limits.
You will want to use current limiting resistors between the pins and the bar graph, 470Ω work nicely.
Attach the negative side of the LED to ground. The space on the bottom left of the proto shield works nicely.
Sandwich all three boards together.
Process on IDS
On the IDS you will run a python script that connects to the a listener on the Arduino. Run this out of cron, say every 5 minutes for a constantly updating display.
The code is fairly resilient and will fail with helpful messages.
Be sure to change the IP address of the Arduino in the file.
The code is fairly resilient and will fail with helpful messages.
Be sure to change the IP address of the Arduino in the file.
Test
Test that the python process can connect to the Arduino. Be sure to point it to the Snort log and the Arduino.