Open source IDS/IPS in a production environment: comparing, assessing and implementing
| Autor(a) principal: | |
|---|---|
| Data de Publicação: | 2018 |
| Tipo de documento: | Dissertação |
| Idioma: | eng |
| Título da fonte: | Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| Texto Completo: | http://hdl.handle.net/10451/35418 |
Resumo: | Trabalho de projecto de mestrado, Segurança Informática, Universidade de Lisboa, Faculdade de Ciências, 2018 |
| id |
RCAP_96267240cce399b2c6245e8ec30ff92b |
|---|---|
| oai_identifier_str |
oai:repositorio.ul.pt:10451/35418 |
| network_acronym_str |
RCAP |
| network_name_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| repository_id_str |
7160 |
| spelling |
Open source IDS/IPS in a production environment: comparing, assessing and implementingIDSIPSSnortSuricataTrabalhos de projecto de mestrado - 2018Departamento de InformáticaTrabalho de projecto de mestrado, Segurança Informática, Universidade de Lisboa, Faculdade de Ciências, 2018This work describes the realization of an IDS solution in a productive environment. It was intended to evaluate its feasibility comparing some options and thus opening the possibility of putting this solution in inline mode. Hence, the host organization may consider replacing a current security solution (proprietary hardware and software), with a Free Software or Open Source firewall and IPS. Typically the market presents products developed for this purpose using dedicated hardware, creating highly efficient and robust black boxes. For these products the manufacturers guarantee a series of commitments, taking advantage of high values for licensing, additional features or even product support. Sometimes these products are based on community projects being brought to market by vendors in proprietary variants. In this perspective, it was intended, in this work, to evaluate the possibility of creating a defense environment entirely based on alternatives to the manufacturers’, from the operating system to the application’s level evaluation layers. This work provides a series of laboratory simulations (using virtualization), the placement in staging of the IDS solution, the comparison of actual results with real traffic, and retrieving the physical evaluation of comparable resources. In this way an evaluation of this solution will be presented to the host organization so that an informed decision is made about its possible implementation in production, to replace a proprietary solution. We found that, in fact, it is possible to use commodity hardware to implement such solution in the tested environment, and with the presented traffic demand. At least one of the tested IDSs (Suricata) performed flawlessly, for several days, in a highly dense and complex network, where more than 3Gbps with peaks around 4.5Gbps were observed. The work also reports on scenarios where two concurrent instances were run, with each one inspecting a dedicated 10Gbps listening interface.Miranda, Hugo Alexandre Tavares, 1973-Botas, Pedro Miguel Raminhos RibeiroRepositório da Universidade de LisboaCalado, João Paulo da Costa2018-11-22T15:16:46Z201820182018-01-01T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://hdl.handle.net/10451/35418TID:202191222enginfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2023-11-08T16:31:23Zoai:repositorio.ul.pt:10451/35418Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-19T21:49:53.370754Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse |
| dc.title.none.fl_str_mv |
Open source IDS/IPS in a production environment: comparing, assessing and implementing |
| title |
Open source IDS/IPS in a production environment: comparing, assessing and implementing |
| spellingShingle |
Open source IDS/IPS in a production environment: comparing, assessing and implementing Calado, João Paulo da Costa IDS IPS Snort Suricata Trabalhos de projecto de mestrado - 2018 Departamento de Informática |
| title_short |
Open source IDS/IPS in a production environment: comparing, assessing and implementing |
| title_full |
Open source IDS/IPS in a production environment: comparing, assessing and implementing |
| title_fullStr |
Open source IDS/IPS in a production environment: comparing, assessing and implementing |
| title_full_unstemmed |
Open source IDS/IPS in a production environment: comparing, assessing and implementing |
| title_sort |
Open source IDS/IPS in a production environment: comparing, assessing and implementing |
| author |
Calado, João Paulo da Costa |
| author_facet |
Calado, João Paulo da Costa |
| author_role |
author |
| dc.contributor.none.fl_str_mv |
Miranda, Hugo Alexandre Tavares, 1973- Botas, Pedro Miguel Raminhos Ribeiro Repositório da Universidade de Lisboa |
| dc.contributor.author.fl_str_mv |
Calado, João Paulo da Costa |
| dc.subject.por.fl_str_mv |
IDS IPS Snort Suricata Trabalhos de projecto de mestrado - 2018 Departamento de Informática |
| topic |
IDS IPS Snort Suricata Trabalhos de projecto de mestrado - 2018 Departamento de Informática |
| description |
Trabalho de projecto de mestrado, Segurança Informática, Universidade de Lisboa, Faculdade de Ciências, 2018 |
| publishDate |
2018 |
| dc.date.none.fl_str_mv |
2018-11-22T15:16:46Z 2018 2018 2018-01-01T00:00:00Z |
| dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
| dc.type.driver.fl_str_mv |
info:eu-repo/semantics/masterThesis |
| format |
masterThesis |
| status_str |
publishedVersion |
| dc.identifier.uri.fl_str_mv |
http://hdl.handle.net/10451/35418 TID:202191222 |
| url |
http://hdl.handle.net/10451/35418 |
| identifier_str_mv |
TID:202191222 |
| dc.language.iso.fl_str_mv |
eng |
| language |
eng |
| dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
| eu_rights_str_mv |
openAccess |
| dc.format.none.fl_str_mv |
application/pdf |
| dc.source.none.fl_str_mv |
reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação instacron:RCAAP |
| instname_str |
Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
| instacron_str |
RCAAP |
| institution |
RCAAP |
| reponame_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| collection |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| repository.name.fl_str_mv |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
| repository.mail.fl_str_mv |
|
| _version_ |
1799134432490160128 |