WIRELESS INTRUSION DETECTION SYSTEM, deals with protecting a wireless network from invasion by unauthorized users. The software also proposes a pro-active defense mechanism that identifies if there is a chance of an intrusion. The administrator is the sole person having privilege to make any changes in the facilities that should be made available in the network, so it is a very secure system.
The various modules involved are client-server architecture, honey pot, snort rule analysis, packet analyser, MAC spoofing, web encryption and firewall. The front end of the project has been developed using C# .NET and the back end using SQL Server. For a small purpose, HTML has also been used.
The project is aimed mainly to be of use in organizations and institutions where the main policy is to limit accessibility. A centralized wireless intrusion detection technology has been worked upon, which means that there is a single administrator who is in-charge of the entire security system. All anomalies and threats are reported to the administrator only, and it is for him to decide what security measure is to be taken. Rouge access points (APs), unauthorized communication, banned information retrieval have been taken care of. It is cost effective.
One of the advantages is that the administrator can easily change the policy enforcements, i.e. its user friendly. Moreover it is not accessible by the clients in the network, which ensures that the security measure cannot be breached in any way. Any number of clients can be added to the network by the administrator and also removed at any point of time.
This system is developed using the following hardware components:
Processor : P111 or above
RAM : 512 or above
Hard disk drive : 40GB or above
The software used for the computerization of this system is
Operating system : Windows XP
Platform of software : .Net 2005/ASP.NET
Front end used : C#.NET
Back end used : SQL Server
The main modules are client server architecture, SNORT rule, web encryption, packet sniffing, firewall, honey pot and MAC spoofing.
Client Server Architecture
This Module is responsible for creating a client server architecture. Client/server architecture is the relationship between two computer programs in which one program, the client, makes a service request from another program, the server, which fulfills the request.
Snort is primarily a rule-based IDS. Rules are grouped in categories. Rules belonging to each category are stored in separate file. These files are then included in a main configuration file called snort configuration. Snort reads these rules at the start-up time and builds internal data structures or chains to apply these rules to captured data. It is important to implement as many signatures as you can, using as few rules as possible.
A secret message to any person can be encrypted by rc4 algorithm, it's easy to place secret data on your page without worrying if your data could be picked up by an attacker. In cryptography, RC4 is the most widely-used software stream cipher and is used in popular protocols such as Secure Sockets Layer (SSL) (to protect Internet traffic) and WEP (to secure wireless networks). While remarkable for its simplicity and speed in software, RC4 has weaknesses that argue against its use in new systems.
A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system. It is also a device or set of devices configured to permit, deny, encrypt, decrypt, or proxy all computer traffic between different security domains based upon a set of rules and other criteria.
MAC address is a unique identifier attached to most network adapters (NIC or Network Interface Card). It is a number that serves as an identifier for a particular network adapter. Thus network cards (or built-in network adapters) in two different computers will have different MAC addresses, as would an Ethernet adapter and a wireless adapter in the same computer, and as would multiple network cards in a router. However, it is possible to change the MAC address on most of today's hardware, often referred to as MAC spoofing.
A packet analyzer is computer software that can intercept and log traffic passing over a digital network or part of a network. As data streams flow across the network, the packet analyser captures each packet and eventually decodes and analyzes its content according to the appropriate specifications.
This module creates the environment for honey pot. When an intruder accesses the network of a company, identify the attack and redirect the intruder in to an isolated system which gives the unnecessary information to the intruder. The isolated system is actually known as Honey pot.
DATA FLOW DIAGRAM (attachment)
They are very useful in understanding a system and can be effectively used during analysis.
PROJECT IMPLEMENTATION (attachment)
The program is included in the attachment.
Flow diagramProgram (1541-14158-program.txt)
|Author: sophiya shaikh||Member Level: Bronze||Revenue Score: |
|idea is much interesting. but i think it is very tough to develop....|
|Author: Mohamed Shaneeb||Member Level: Bronze||Revenue Score: |
|could u post the code for MAC spoofing and packet sniffing... thanks... ;)|