Software:Provide reproducible images with tagged versions of different software Application

Software:
Provide reproducible images with tagged versions of different software
Application:
Use to experiment, research, and compare various software
Our ambitious goal is to contain every single network security moni- toring tool, Free and Open Source, that we can get our hands on and at every major release or minor release that we can obtain. To package them up into Docker images that anyone
—researcher, analyst, devel- oper can pull them down to play, debug, and develop on. I hope that by making it easier to obtain and use NSM software we can improve the tools over time.
30
Deploying Secure Containers for Training and Development

ContainNSM
Project to create Docker images of all available Free and Open Source network security monitoring tools for evaluation, training, and study.
Releases of major and minor versions using version tagged images.
The project is called ContainNSM and is available online at https://
github.com/open-nsm/containnsm
. We currently have more than 100
images including Bro, Snort, Suricata, Tshark, Tcpdump, and more. In addition, we have written a command-line tool called ./containnsm to manage and utilize the images efficiently.
Real World Use Cases:
•
Created images of all available versions of Bro.
•
100+ images available for NSM tools such as
Snort, Suricata, Bro, Tcpdump, Tshark, etc.
From the host we perform common tasks where execution of the tool is completed in a container.
1. Read a network trace file on the host by the tool in the container and display the results on the host
2. Listen on a virtual network interface in the container with the tool and display results on host
31
Experimentation

3. Listen on a physical interface on the host from the container and write the results on the host
For a brief look I created a Docker image for a number of different
Bro versions from 1.5 to 2.4. We can iterate through every Bro container at different versions and execute a task such as a policy. The image shows a concise example of running Bro printing the different versions.
32
Deploying Secure Containers for Training and Development

CONCLUSION
Roadmap:
•
Develop command-line tool to manage and utilize images
•
Pass and configure various inputs and output e.g. PCAP, logs
•
User contributed configurations for applications
The future includes providing user contributed configurations for tools as well as supporting multiple input and output settings. The project is incredibly easy to contribute to and the directory structure is very simple to follow. We think this is going to be a very powerful ref- erence for allowing security analysts and researchers in the defensive field to get more work done and faster. At the point we have explored the use of containers for two less commonly used topics and I hope it gets you thinking about other possibilities and problems that can be solved by taking advantage of the technology.

REFERENCES
ContainNSM Docker Hub.
,
https://hub.docker.com/u/opennsm/
ContainNSM Github.
,
https://github.com/open-nsm/ContainNSM
Docker Inc.
,
www.docker.com
IBM Research Report: An Undated Performance Comparison of Virtual Machines and Linux
Containers.
,
http://domino.research.ibm.com/library/cybedig.nsf/papers/0929052195DD819C85257D
2300681E7B/$File/rc25482.pdf
Lightweight Virtualization with Linux Containers (LXC).
,
http://www.ciecloud.org/2013/subject/
07-track06-Jerome%20Petazzoni.pdf
Linux Containers and the Future Cloud.
,
http://www.haifux.org/lectures/320/netLec8_final.
pdf
NSF Grant.
,
http://www.nsf.gov/awardsearch/showAward?AWD_ID
5 1032889
Realizing Linux Containers (LXC): Building Blocks, Underpinnings, and Motivations.
,
www.
slideshare.net/BodenRussell/realizing-linux-containerslxc
Resource management: Linux kernel Namespaces and cgroups.
,
http://www.haifux.org/lectures/
299/netLec7.pdf
Schipp, J., Dopheide, J., Slagell, A. ISLET: An Isolated, Scalable & Lightweight Environment for Training. In: The Proceedings of XSEDE 2015, St. Louis, MO, Jul. 15.