Java Embedded Network Intrusion Security

Acknowledgements

Client: Rockwell Collins, Cedar Rapids, IAContact: Brian JacobowitzAdvisor: Dr. Doug Jacobson

May01-10 Members

Jamie AndersonEEDakota BaileyCprEJoe BrunerCprEJoe ClarkCprEAustin ThompsonCprETheron WeimerCprE

Abstract

Network security has become an essential component of nearly every commercial and government organization. System administrators maintain a constant struggle to stay ahead of new security attacks, patching holes and ensuring proper configuration of software. The Java Embeded Machine (JEM) is a unique solution to network monitoring. It allows for dedicated processing of network information to detect intrusions and other possible security hazards.

Objective

The goal of this project is to use the JEM board to monitor network activity and to be able to alert a host computer of any possible breaches of security. A host computer recieves the information from the JEM board that has been deemed questionable. The questionable packets are then stored on the host computer for further analysis and logging.

Some information will be stored on the JEM for statistical purposes. The statitistics will be available via a web interface.

Network Security

Network security is needed to prevent unauthorized access by remote assholes.

Java Embedded Machine (JEM)

In the middle to late 1990s, engineers at the Advanced Technology Center at Rockwell Collins brought forth a unique idea: Since the Java language consists of byte codes, it should theoretically be possible to create microchip (CPU) which uses these Java byte codes as its native machine language.

Budget and Effort

Estimated Total Hours: 500 hoursEstimated Total Cost: $165

Technical Problem

The Ethernet port allow the JEM to reside on the network by itself, and to transmit packets to a dedicated host computer

Operating Environment

Local Area NetworkInterface with Windows PC

Intended User and Uses

Network administratorsSecuirty Research

Assumptions and Limitations

•Speed of the processor•Memory space available•JEM memory management system•Portability is a primary goal of the system

Design Objectives

Goal – develop a system to monitor a network and detect security violationsHardware – Rockwell-designed Java Embedded Machine

(JEM)Software - written in the JAVA language

Functional Requirements

Monitor NetworkTransmit relevant packetsDetect security intrusions. Local and remote (web-based) interfaces

Design Constraints

Memory managementMemory spaceCPU speedEthernet 10Mb/s

Measureable Milestones

Project plan (goal: 100% completion)Project poster (goal: 100% completion)Design report (goal: 100% completion)Project presentation (goal: 100% completion)Interface (Java/Web-based) (goal: 100% completion)Packet collection (goal: 80% of packets) - all packets on the

visible on the network should be captured for analysis. Intrusion detection (goal: 85% of intrusions) - security intrusions should be detected and dealt with, including user notification.

End product description

The final product will be a portable ethernet network device to monitor network traffic for potential security hazards. The device will strip the headers off each packet and store them for analysis on a remote computer. This allows the device to spend all of its CPU time looking at packets on the network, while the remote computer will log potential security risks and further analyze the packet headers for ongoing problems.

The device will be able to connect to the host computer via serial port in order to update software. Updating the software will allow for better algorithms to identify security risks. Additionally, the device will be accessible from the Internet, allowing the remote user to look at the status of the device.