Utilize este identificador para referenciar este registo: http://hdl.handle.net/10451/35418
Título: Open source IDS/IPS in a production environment: comparing, assessing and implementing
Autor: Calado, João Paulo da Costa
Orientador: Miranda, Hugo Alexandre Tavares, 1973-
Botas, Pedro Miguel Raminhos Ribeiro
Palavras-chave: IDS
IPS
Snort
Suricata
Trabalhos de projecto de mestrado - 2018
Data de Defesa: 2018
Resumo: This work describes the realization of an IDS solution in a productive environment. It was intended to evaluate its feasibility comparing some options and thus opening the possibility of putting this solution in inline mode. Hence, the host organization may consider replacing a current security solution (proprietary hardware and software), with a Free Software or Open Source firewall and IPS. Typically the market presents products developed for this purpose using dedicated hardware, creating highly efficient and robust black boxes. For these products the manufacturers guarantee a series of commitments, taking advantage of high values for licensing, additional features or even product support. Sometimes these products are based on community projects being brought to market by vendors in proprietary variants. In this perspective, it was intended, in this work, to evaluate the possibility of creating a defense environment entirely based on alternatives to the manufacturers’, from the operating system to the application’s level evaluation layers. This work provides a series of laboratory simulations (using virtualization), the placement in staging of the IDS solution, the comparison of actual results with real traffic, and retrieving the physical evaluation of comparable resources. In this way an evaluation of this solution will be presented to the host organization so that an informed decision is made about its possible implementation in production, to replace a proprietary solution. We found that, in fact, it is possible to use commodity hardware to implement such solution in the tested environment, and with the presented traffic demand. At least one of the tested IDSs (Suricata) performed flawlessly, for several days, in a highly dense and complex network, where more than 3Gbps with peaks around 4.5Gbps were observed. The work also reports on scenarios where two concurrent instances were run, with each one inspecting a dedicated 10Gbps listening interface.
Descrição: Trabalho de projecto de mestrado, Segurança Informática, Universidade de Lisboa, Faculdade de Ciências, 2018
URI: http://hdl.handle.net/10451/35418
Designação: Trabalho de projecto de mestrado em Segurança Informática
Aparece nas colecções:FC-DI - Master Thesis (projects)

Ficheiros deste registo:
Ficheiro Descrição TamanhoFormato 
ulfc121871_tm_João_Paulo_Calado.pdf2,57 MBAdobe PDFVer/Abrir


FacebookTwitterDeliciousLinkedInDiggGoogle BookmarksMySpace
Formato BibTex MendeleyEndnote 

Todos os registos no repositório estão protegidos por leis de copyright, com todos os direitos reservados.