Detecting Security Threats from User Authentication...
Transcript of Detecting Security Threats from User Authentication...
![Page 1: Detecting Security Threats from User Authentication Patternscse498/2018-01/schedules/all-hands-meetings/notes/01-30... · oSuccessful vs Failed oDevice Types oAuthentications over](https://reader030.fdocuments.us/reader030/viewer/2022041215/5e03f43db046331e905bb6a7/html5/thumbnails/1.jpg)
From Students…
…to Professionals
The Capstone Experience
Project PlanDetecting Security Threats from User
Authentication Patterns
Team SymantecStephen Alfa
Keerthana KolisettyRobert Novak
Abby UrbanskiXiaoyo Wu
Department of Computer Science and EngineeringMichigan State University
Spring 2018
![Page 2: Detecting Security Threats from User Authentication Patternscse498/2018-01/schedules/all-hands-meetings/notes/01-30... · oSuccessful vs Failed oDevice Types oAuthentications over](https://reader030.fdocuments.us/reader030/viewer/2022041215/5e03f43db046331e905bb6a7/html5/thumbnails/2.jpg)
Functional Specifications
• The goal of the project is to provide VIP customers a Splunk add-on and an AWS AMI to visualize various operational and security trend information present in log data and analyze it in near real-time
• Both applications should alert users when suspicious or malicious activity is detected
• Launching and deployment of both of those applications should be frictionless
The Capstone Experience Team Symantec Project Plan Presentation 2
![Page 3: Detecting Security Threats from User Authentication Patternscse498/2018-01/schedules/all-hands-meetings/notes/01-30... · oSuccessful vs Failed oDevice Types oAuthentications over](https://reader030.fdocuments.us/reader030/viewer/2022041215/5e03f43db046331e905bb6a7/html5/thumbnails/3.jpg)
Design Specifications
• Create easy to read graphs and charts to represent authentication dataoSuccessful vs Failed
oDevice Types
oAuthentications over time
• Create premade graphics and searches and allow users to choose which ones to display.
• Highlight patterns that could reveal suspicious or malicious activity
The Capstone Experience Team Symantec Project Plan Presentation 3
![Page 4: Detecting Security Threats from User Authentication Patternscse498/2018-01/schedules/all-hands-meetings/notes/01-30... · oSuccessful vs Failed oDevice Types oAuthentications over](https://reader030.fdocuments.us/reader030/viewer/2022041215/5e03f43db046331e905bb6a7/html5/thumbnails/4.jpg)
Process Flow
The Capstone Experience Team Symantec Project Plan Presentation 4
Installation of Splunk/ELK
User puts in Certificate in
Splunk/ELK UI
User puts certificate in VIP Reference Client
Splunk/ELK takes in log
data file
The log data is stored as a CSV/JSON file
VIP Reference client pulls VIP log data pertaining to the
certificate
Security Dashboard is
created in Splunk/ELK
Operational Dashboard is
created in Splunk/ELK
![Page 5: Detecting Security Threats from User Authentication Patternscse498/2018-01/schedules/all-hands-meetings/notes/01-30... · oSuccessful vs Failed oDevice Types oAuthentications over](https://reader030.fdocuments.us/reader030/viewer/2022041215/5e03f43db046331e905bb6a7/html5/thumbnails/5.jpg)
Screen Mockup: Pie Chart Panel
The Capstone Experience Team Symantec Project Plan Presentation 5
![Page 6: Detecting Security Threats from User Authentication Patternscse498/2018-01/schedules/all-hands-meetings/notes/01-30... · oSuccessful vs Failed oDevice Types oAuthentications over](https://reader030.fdocuments.us/reader030/viewer/2022041215/5e03f43db046331e905bb6a7/html5/thumbnails/6.jpg)
Screen Mockup: Bar Graph Panel
The Capstone Experience Team Symantec Project Plan Presentation 6
![Page 7: Detecting Security Threats from User Authentication Patternscse498/2018-01/schedules/all-hands-meetings/notes/01-30... · oSuccessful vs Failed oDevice Types oAuthentications over](https://reader030.fdocuments.us/reader030/viewer/2022041215/5e03f43db046331e905bb6a7/html5/thumbnails/7.jpg)
Screen Mockup: Dashboard in Splunk
The Capstone Experience Team Symantec Project Plan Presentation 7
![Page 8: Detecting Security Threats from User Authentication Patternscse498/2018-01/schedules/all-hands-meetings/notes/01-30... · oSuccessful vs Failed oDevice Types oAuthentications over](https://reader030.fdocuments.us/reader030/viewer/2022041215/5e03f43db046331e905bb6a7/html5/thumbnails/8.jpg)
Screen Mockup: Dashboard in ELK
The Capstone Experience Team Symantec Project Plan Presentation 8
![Page 9: Detecting Security Threats from User Authentication Patternscse498/2018-01/schedules/all-hands-meetings/notes/01-30... · oSuccessful vs Failed oDevice Types oAuthentications over](https://reader030.fdocuments.us/reader030/viewer/2022041215/5e03f43db046331e905bb6a7/html5/thumbnails/9.jpg)
Technical Specifications
•SOAP (Simple Object Access Protocol) API
•Java
•VIP Reporting Service Client (REST API)
•JavaScript, HTML
•SPL (Search Processing Language)
The Capstone Experience Team Symantec Project Plan Presentation 9
![Page 10: Detecting Security Threats from User Authentication Patternscse498/2018-01/schedules/all-hands-meetings/notes/01-30... · oSuccessful vs Failed oDevice Types oAuthentications over](https://reader030.fdocuments.us/reader030/viewer/2022041215/5e03f43db046331e905bb6a7/html5/thumbnails/10.jpg)
System Architecture
The Capstone Experience 10Team Symantec Project Plan Presentation
![Page 11: Detecting Security Threats from User Authentication Patternscse498/2018-01/schedules/all-hands-meetings/notes/01-30... · oSuccessful vs Failed oDevice Types oAuthentications over](https://reader030.fdocuments.us/reader030/viewer/2022041215/5e03f43db046331e905bb6a7/html5/thumbnails/11.jpg)
System Components
• Hardware Platforms
▪ Amazon Web Services
oAmazon Machine Images
▪ Software Platforms / Technologies
▪ Splunk
▪ Elasticsearch, Logstash, Kibana (ELK)
The Capstone Experience Team Symantec Project Plan Presentation 11
![Page 12: Detecting Security Threats from User Authentication Patternscse498/2018-01/schedules/all-hands-meetings/notes/01-30... · oSuccessful vs Failed oDevice Types oAuthentications over](https://reader030.fdocuments.us/reader030/viewer/2022041215/5e03f43db046331e905bb6a7/html5/thumbnails/12.jpg)
Risks
The Capstone Experience Team Symantec Project Plan Presentation 12
Risks• Ability to Detect suspicious patterns▪ There is a wide range of threats to detect and want to avoid false flags▪ Consult with experienced security advisor and identify possible threats
• Test Data▪ Real VIP data is necessary to identify accurate threat patterns▪ Get MSU’s VIP data
• Consistency between Splunk and ELK▪ Making sure that functionality is consistent between both platforms▪ Develop both applications concurrently
• AWS Servers▪ The possibility of deploying the ELK applications on the AWS server▪ Use AWS documentation and use online resources
![Page 13: Detecting Security Threats from User Authentication Patternscse498/2018-01/schedules/all-hands-meetings/notes/01-30... · oSuccessful vs Failed oDevice Types oAuthentications over](https://reader030.fdocuments.us/reader030/viewer/2022041215/5e03f43db046331e905bb6a7/html5/thumbnails/13.jpg)
Questions?
The Capstone Experience Team Symantec Project Plan Presentation 13
?
? ??
?
?
?
?
?