Projects

NeWa POC v1.1

NeWa POC - Neighborhood Watch Proof Of Concept

A client application that runs as a local service. It collates and analyzes local firewall logs (currently supporting Windows Firewall, ZoneLabs ZoneAlarm and Integrity Client, and ISS Black Ice Protection). It attempts to apply advanced security logic to the logs, correlates the allowed and disallowed network packets flowing to the machine. It then scores these inbound flows with a numeric number from 0 to AVLN (a very large number). Based on these scores, it is theoretically possible to determine whether the client is being passively scanned or actively attacked. Output is in the form of a useful html page which automatically refreshes, has basic statistical diagrams, and allows users to do a detailed lookup of potential evil doer's machines. This application is a proof of concept for a greater overall project. The larger project would take these client based metrics, combine them centrally and provide administrators with an overarching viewpoint of the network. The full package would allow proactive BL (blacklisting) of attackers, WL (whitelisting) of good machines and give administrator fine grain control over their installed client base and IPSEC rules.

  • Development Status:
  • Proof of Conecpt
  • Environment:
  • Win32 Service
  • Intended Audience:
  • System Administrators, Developers, Security Auditors
  • License:
  • Operating System:
  • Microsoft Windows 2000+ / XP / Vista / Windows 7+
  • Program Language(s):
  • Python
  • Topic:
  • Security

Author:
Zeb Bowden 		Secondary Author(s):
Marc DeBonis
Steve Warrick
Cathy Winfrey
Brad Tilley
Homepage Link:
None 		Demo Link:
None
Download Link:
Currently Unavailable 		Send Questions To:
Marc DeBonis
Screen Shots:
None 		Responsible Department:
Collaborative Computing Solutions (CCS)
Documentation:
Included in installation. 		Latest Product Version:
1.1 (Proof of Concept - will deadline July 1, 2005)