Monday, May 5, 2014

How to install Openfire 3.9.2 on Ubuntu Server 12.04 LTS


Dear readers,


I have been unable to find a complete guide on how to install Openfire on Ubuntu, so I have decided to write one for my own reference and for others who are interested on the how-to. I hope this is beneficial to anyone who needs to get this done. The aim is to make it as brief as possible.

1. On the Ubuntu Server 12.04



There are sometimes problem with the DNS, so we've got to edit the hostname in the /etc/hosts as well.

$sudo apt-get update
$sudo apt-get upgrade
$sudo vim /etc/hosts

Then add the following entry to the hosts:

127.0.1.1 YourHostNameHere

Be sure to open the following ports for Openfire to work:
  • 3478 - STUN Service (NAT connectivity)
  • 3479 - STUN Service (NAT connectivity)
  • 5222 - Client to Server (standard and encrypted)
  • 5223 - Client to Server (legacy SSL support)
  • 5229 - Flash Cross Domain (Flash client support)
  • 7070 - HTTP Binding (unsecured HTTP connecitons)
  • 7443 - HTTP Binding (secured HTTP connections)
  • 7777 - File Transfer Proxy (XMPP file transfers)
  • 9090 - Admin Console (unsecured)
  • 9091 - Admin Console (secured)

2. Install Java 8


(We'd have to do this manually since Ubuntu ditched Java some few years ago).
(Contents are from this page here: Link Thanks to he who posted this).
$sudo add-apt-repository ppa:webupd8team/java
$sudo apt-get update
$sudo apt-get install oracle-java8-installer
Once installed, running "java -version" in a terminal should output something like this:
$ java -version
java version "1.8.0"
Java(TM) SE Runtime Environment (build 1.8.0-b132)
Java HotSpot(TM) 64-Bit Server VM (build 25.0-b70, mixed mode)
Or, "javac -version":
$ javac -version
javac 1.8.0
And so on.

To automatically set up the Java 8 environment variables, you can install the following package:
$sudo apt-get install oracle-java8-set-default

3. Download and Install Openfire 3.9.2


User wget command to download Openfire to a directory of your choice. This case, I make a new folder on the home directory called 'installs', and navigated to it.

And I changed the name of the downloaded file to a more sensible one.

Untar it, and move the result openfire directory to /opt/

$cd ~
$mkdir installs
$cd installs

$wget http://www.igniterealtime.org/downloadServlet?filename=openfire/openfire_3_9_2.tar.gz

$mv downloadServlet\?filename\=openfire%2Fopenfire_3_9_2.tar.gz openfire_3_9_2.tar.gz

$sudo mv openfire /opt/

(You might want to change the version number if you are from the future...I mean if there's a newer version during the time of your installation.)


4. Configure Openfire


(From: This guide, Thank you)

Edit the configuration file /opt/openfire/conf/openfire.xml, inserting your internal IP address in the <interface> section, and removing the "<!-- -->" comment markers that surround the <network> section. While not required, this action is helpful if your Linode has multiple IP addresses, and you wish to limit access to a single address.

File excerpt:
/opt/openfire/conf/openfire.xml

  1. <interface>12.34.56.78</interface>
- Add a symbolic link for the daemon script to /etc/init.d so that you can start the daemon with a call to service. 
- Make Openfire an autostart service if the server is rebooted.
- And then start Openfire.

  1. $sudo ln -s /opt/openfire/bin/openfire /etc/init.d/
    $sudo update-rc.d openfire defaults
    $sudo service openfire start
    
Now you can use your browser to navigate to your Openfire configuration page:

http://yourhostnameORipaddr:9090

Please refer to this guide, on how to configure your settings on the configuration page. See next section [5.] for your choice of a database.

5. MySQL or Openfire Embedded database (Ignore this one if you are not using a dedicated database)


You will be given a choice during your settings on the configuration page. If you don't feel the need to use a dedicated database, please just choose the embedded database Openfire offers. On the other hand, it's a best practice to use a dedicated database server for your Openfire, which can be installed on your Ubuntu server. In this case, I choose MySQL which comes handily with LAMP. Please follow the instruction below. (I'd figure if you don't need LAMP, you could install just MySQL only.)

(From this guide, Thank you.)

Install LAMP Stack (Linux,Apache, Mysql, PHP) with command below:
$sudo apt-get install lamp-server^
Install PHP5 (Some applications require other PHP5 mods) with command:
$sudo apt-get install php5 php5-gd php5-mysql php5-curl php5-cli php5-cgi php5-dev
Install phpmyadmin (Choose apache2 by hitting the space bar, then tab to OK and hit Enter).
$sudo apt-get install phpmyadmin
Then create a database for your Openfire with your MySQL credentials:

$mysqladmin -u username -p create [databaseName]
After this, you should be able to use your database in the Openfire Configuration page.
Note: For best practice, it's vital for security purposes to create an openfire user account to use the database along with its credentials. But this is beyond the scope of this guide. If you're a first-timer but want to try this out fast, just use the root account and password.

7. Summary


Well that's it. I hope you enjoy the tutorial and hopefully it is as painless as I had wished it to be.
Have a great one guys!


Tuesday, February 25, 2014

Elitism Enhancements for Genetic Algorithm based Network Intrusion Detection System

Elitism Enhancements for Genetic Algorithm based Network Intrusion Detection System

Abstract:


Traditional signature-based Network Intrusion Detection Systems (NIDS) suffer from high false negative rate because it can detect an intrusion only if there is an existing rule matching the particular real-time attack. The combination of Genetic Algorithms, network security schemes, and IDS practices has created a model of intelligence system that has the ability to derive new best-fit classification rules from already known attack patterns. Nevertheless, the existing NIDS approaches in this paradigm still experience substantial overhead and limited variety of resulting NIDS rules. We propose in this paper a new genetic algorithm-based NIDS called AceGA, which introduces three novel enhancements namely Wildcard Weight Penalty, Ace Comparison Elimination, and Elite's Traits Induction. It is shown that AceGA provides decreased time overhead and better rules quality. For demonstration purposes, DARPA datasets from MIT Lincoln Lab are used for training and testing the intrusion detection rules. Several simulation experiments are conducted to evaluate the efficiency and effectiveness of each of our proposed enhancements including the overall capability of AceGA to detect our selected types of attacks with satisfactory true positive and false positive rates. Additional statistical results depicting the accuracy, precision, sensitivity, and specificity of the resulting rules are thoroughly analyzed.

Keyword
 Genetic Algorithms, Intrusion Detection System, Network Security, Support-Confidence Framework, Evolutionary Process.

Tanapuch Wanwarang, Machigar Ongtang, "Elitism Enhancements for Genetic Algorithm based Network Intrusion Detection System", JCIT: Journal of Convergence Information Technology, Vol. 8, No. 17, pp. 31 ~ 42, 2013

http://www.aicit.org/jcit/global/paper_detail.html?jname=JCIT&q=4159

http://www.aicit.org/JCIT/ppl/JCIT4159PPL.pdf

Sunday, February 23, 2014

Published my first paper.

Dear all,

I haven't been posting on this blog for quite a while now that I've graduated. Got a job at Dimension Data, a system integration firm. Life is alright.

Nevertheless, I and my professor have been able to published our paper:

"Elitism Enhancements for Genetic Algorithm based Network Intrusion Detection System"

Basically, it's about using Genetic Algorithm to auto-generate intrusion detection rules from existing rules.

Please kindly read the abstract and view the paper here:
http://www.aicit.org/jcit/global/paper_detail.html?jname=JCIT&q=4159

Direct access to the paper (PDF format) here:
http://www.aicit.org/JCIT/ppl/JCIT4159PPL.pdf

Friday, July 26, 2013

7200emu.hacki.at

Learning GNS3 at workplace.

Been enjoying it so far. Recommended a community forums for cisco simulator.

http://7200emu.hacki.at/

Saturday, April 20, 2013

GANIDS (beta 0.9) - Genetic Algorithms for Deriving Network Intrusion Rules

GANIDS (beta 0.9) - Genetic Algorithms for Deriving Network Intrusion Rules


    For the past month since late March 2013 to today 20th April 2013, I have been developing a Genetic Algorithm that can be used to derive rules for signature-based Network Intrusion Detection Systems(i.e. Snort, Bro etc.) using Python 2.7.3 and DEAP 0.9 (a Python Evolutionary Algorithm library), and DARPA dataset as training and testing data.


"In the computer science field of artificial intelligence, a genetic algorithm (GA) is a search heuristic that mimics the process of natural evolution. This heuristic (also sometimes called a metaheuristic) is routinely used to generate useful solutions to optimization and search problems" - Wikipedia

    By following the papers of Wei Li and Ren Hui Gong, and Brian E. Lavender, I'm able to implement my own with many modifications, serveral add-ons, and optimizations.

    Li suggested an approach to use GA in IDS for anomaly detection and provided a fitness function and chromosome structure. Li promised to deliver the code but it was never published.

   Gong then used Li's approach to provide pseudo codes and class diagram, and certain amount of clarity about the evolutionary process have been given. However, there was not much guideline on how the selection, crossover, and mutation operators could be be implemented. Gong suggested using ECJ Java Library to code the genetic algorithm but his code was never published anywhere.

    Brian E. Lavender was the first person who successfully implemented a genetic algorithm for this approach following the guidelines of the first two. Brian also provided a clearer modified version of pseudo code, a detailed guideline on how to build selection, crossover, and mutation operators. He is currently also the only person who published his code in his project report. His program is called netGA.

    However, while netGA meets its functional requirement and can generate rules with optimized fitness values, it still lacks in extensibility. It was modeled to run only on one sample of DARPA audit training and testing dataset. Many certain options and optimizations could be added if it was to run well on other datasets. And that is what I plan to implement and improve on.

    Nonetheless, Brian had paved for me a stepping stone that conclusively proves the possibility of integration between Network Intrusion Detection System and Genetic Algorithms. He has also been providing help and advices in the emails we have been exchanging. So I'd like to thank Brian here.

    At the moment I call my GA program GANIDS (Renamed to AceGA). It works well on different DARPA datasets, but still needs revisions.

I'll be sure to update the details and write a documentation about it soon.

Please feel free to have a test run and constructively critique.

https://github.com/nixor/GANIDS

Thanks.

(p.s. change the link colors for ****'s sake!)

Wednesday, March 20, 2013

An Approach to solve Artificial Intelligence 8 queens puzzle with pen and paper, and mind. Tag, Genetic Algorithm.

Just for fun, was thinking about this on my way home:
(**Not related to Network Security, but this term I take an Intro to AI class**)


8 queens puzzle

( 7 4 2 8 6 1 3 5 )
( 3 5 7 1 4 2 8 6 )
( 4 2 8 6 1 3 5 7 )
( 5 7 1 4 2 8 6 3 )

I've found that it's possible to find at least 3 combinations of solution within 5 minutes using only pen and paper, and your mind.

By applying the following conditions:

1. The position 1th-8th must be given each a unique number. (This is to avoid vertical or horizontal attacks)
2. Given any position number 'x', and another position number 'y'
and 'i' is the displacement between 'x' and 'y'
This condition must always be true: i != | x - y |
(This is to avoid the diagonal attack)

No brainer method:

1. First just avoid the diagonal attacks between each pair that has 1 displacement.
2. Just swap around you will find the answer soon enough.
3. I notice the pattern of [4 2 8 6 | 1 3 5 7] to be very useful.

Afterthought:

Would it contribute to the speed of finding a solution when applying this method as a criteria in GA?

or

Would the calculation that comes with this method slow down the process?