Firegaze : processing and visualizing firewall logs in the cloud

Simple item page
dc.contributor.authorVan Tonder, R.en_ZA
dc.contributor.authorVisser, W.en_ZA
dc.date.accessioned2014-07-07T09:47:26Z
dc.date.available2014-07-07T09:47:26Z
dc.date.issued2013
dc.descriptionCITATION: Van Tonder, R. & Visser, W. 2013. Firegaze : processing and visualizing firewall logs in the cloud. In Southern Africa Telecommunication Networks and Applications Conference (SATNAC) 2013 Proceedings, 1-4 September, Stellenbosch, pp.167-172.
dc.descriptionThe original publication is available at http://www.satnac.org.za
dc.description.abstractThis project aims to visualise packet counts filtered by iptables at the network layer, and allows for performing network forensics in a distributed environment. For example, anomalies such as bandwidth spikes and port scans are exposed and quickly identifiable. Naturally, there are a host of tools which already perform this function. The twist with this project is that it should operate on a scalable cloud infrastructure—Nimbula Director is used as a test bed to this end. Intrusion Detection Systems and full-blown Security Information and Event Management (SIEM) solutions have their merits but are often too bulky. Cloud infrastructures rely principally on correctly configured firewalls for network-layer security. As such, Firegaze is a prototype solution which serves as a supplement to network layer security by visualizing firewall activity; it does not perform any analysis, but rather leaves it up to the system administrator to identify anomalous activity. Typically, log files are only needed once an incident occurs, or in the event of system failure. The idea behind Firegaze was to provide a solution for visualizing iptables logs in real-time, or on a historical basis. The challenge of doing this in an environment which scales has influenced the implementation greatly; logs are propagated among nodes in a hierarchical manner, and logs are inserted into a sharded MongoDB database according to a pre-aggregated reports pattern.
dc.description.urihttp://www.satnac.org.za/proceedings/2013/SATNAC_2013_Conference_Proceedings.pdf
dc.description.versionPublisher's version
dc.format.extent6 pages
dc.identifier.citationVan Tonder, R. & Visser, W. 2013. Firegaze : processing and visualizing firewall logs in the cloud. In Southern Africa Telecommunication Networks and Applications Conference (SATNAC) 2013 Proceedings, 1-4 September, Stellenbosch, pp.167-172.
dc.identifier.urihttp://hdl.handle.net/10019.1/90960
dc.language.isoen
dc.publisherSATNAC
dc.rights.holderAuthors retain copyright
dc.subjectCloud computingen_ZA
dc.subjectFirewalls (Computer security)en_ZA
dc.subjectVisualizationen_ZA
dc.titleFiregaze : processing and visualizing firewall logs in the clouden_ZA
dc.typeConference Paper
Files
Original bundle
Now showing 1 - 1 of 1
Thumbnail Image
Name:
vantonder_firegaze_2013.pdf
Size:
1.2 MB
Format:
Adobe Portable Document Format
Description:
Download article
Download
Collections
Conference Proceedings (Computer Science)