Open-source high-availability network security system

Detalhes bibliográficos
Autor(a) principal: Matos, Dário Alexandre Cancelas
Data de Publicação: 2022
Tipo de documento: Dissertação
Idioma: eng
Título da fonte: Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
Texto Completo: http://hdl.handle.net/10773/36861
Resumo: Due to the growing number of cyber-attacks and the overall digital world knowledge, there is an urgent need to improve cyber security systems. Some of the measures implemented in these systems use network monitoring systems. This document regards a security system with a similar approach focused on prevention and reaction to a shortage of service. It is an Open-Source solution aiming to prevent DDoS attacks and adapt a network to realtime failures through smart configurations of security devices like Firewalls and Load-Balancers. The system is capable of periodically monitoring the state of the devices, as well as reconfiguring routing policies and packet filtering rules in scenarios of cyber attacks. Moreover, it provides an interface of interaction with the network admin to deliver data regarding the state of the security equipment and the connection between them, enhancing traffic flow analysis and preventive implementation of traffic filtering rules in Firewalls. As for technologies, these changes in the machines were designed to be implemented in IPTables and NFTables to be compatible with most Linux distributions. The monitoring and reconfiguration process was automated with Python scripts and SSH connections. The whole testing scenario was developed while being simulated with GNS3 and Virtualbox, interacting with a physical computer hosting the system. All functionalities defined along the document were tested and showed positive results.
id RCAP_fee5dbd81bd57995fc4e863d5cd0b8d5
oai_identifier_str oai:ria.ua.pt:10773/36861
network_acronym_str RCAP
network_name_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository_id_str 7160
spelling Open-source high-availability network security systemHigh-availabilityFirewallLoad-balanceRedundanceScalabilityDDoSIPtablesNFtablesDue to the growing number of cyber-attacks and the overall digital world knowledge, there is an urgent need to improve cyber security systems. Some of the measures implemented in these systems use network monitoring systems. This document regards a security system with a similar approach focused on prevention and reaction to a shortage of service. It is an Open-Source solution aiming to prevent DDoS attacks and adapt a network to realtime failures through smart configurations of security devices like Firewalls and Load-Balancers. The system is capable of periodically monitoring the state of the devices, as well as reconfiguring routing policies and packet filtering rules in scenarios of cyber attacks. Moreover, it provides an interface of interaction with the network admin to deliver data regarding the state of the security equipment and the connection between them, enhancing traffic flow analysis and preventive implementation of traffic filtering rules in Firewalls. As for technologies, these changes in the machines were designed to be implemented in IPTables and NFTables to be compatible with most Linux distributions. The monitoring and reconfiguration process was automated with Python scripts and SSH connections. The whole testing scenario was developed while being simulated with GNS3 and Virtualbox, interacting with a physical computer hosting the system. All functionalities defined along the document were tested and showed positive results.Atualmente, devido ao crescente número de ataques informáticos e conhecimento geral do mundo digital, existe uma necessidade urgente de aprimorar medidas de segurança informática. Algumas destas medidas passam por implementar mecanismos de monitorização da rede. Esta dissertação aborda um sistema de segurança que implementa um mecanismo semelhante, com capacidade de prevenção e reação a possíveis falhas. Foca-se na implementação de uma solução Open-Source com vista a prevenir ataques DDoS e adaptar uma rede a dificuldades vividas em realtime, através de configurações inteligentes de equipamento de segurança como Load-Balancers e Firewalls. O sistema é capaz de monitorizar periodicamente o estado destas máquinas, bem como reconfigurar poltíticas de encaminhamento e regras de filtro de tráfego em cenários de falha de funcionamento de equipamento devido a ciber ataques. Mais ainda, providencia uma interface de interação com o administrador de rede para fornecer dados acerca de cada máquina e das ligações que constituem a infrastrutura de segurança, potenciando uma análise dos fluxos de tráfego e aplicação de regras de filtragem em Firewalls. No que toca a tecnologias, foram preparadas configurações tanto em IPTables como NFTables, com vista a ser compatível com o maio número de distribuições de Linux possível. O processo de monitorização e a implementação novas regras é automatizado através da linguagem Python e ligações SSH. O cenário de testes foi simulado em máquinas virtuais através dos softwares VirtualBox e GNS3, interagindo com o sistema implementado num computador real, e todas as funcionalidades definidas ao longo do documento poderam ser testadas com resultados positivos.2023-04-04T07:30:50Z2022-12-15T00:00:00Z2022-12-15info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://hdl.handle.net/10773/36861engMatos, Dário Alexandre Cancelasinfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2024-02-22T12:10:48Zoai:ria.ua.pt:10773/36861Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-20T03:07:26.391572Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse
dc.title.none.fl_str_mv Open-source high-availability network security system
title Open-source high-availability network security system
spellingShingle Open-source high-availability network security system
Matos, Dário Alexandre Cancelas
High-availability
Firewall
Load-balance
Redundance
Scalability
DDoS
IPtables
NFtables
title_short Open-source high-availability network security system
title_full Open-source high-availability network security system
title_fullStr Open-source high-availability network security system
title_full_unstemmed Open-source high-availability network security system
title_sort Open-source high-availability network security system
author Matos, Dário Alexandre Cancelas
author_facet Matos, Dário Alexandre Cancelas
author_role author
dc.contributor.author.fl_str_mv Matos, Dário Alexandre Cancelas
dc.subject.por.fl_str_mv High-availability
Firewall
Load-balance
Redundance
Scalability
DDoS
IPtables
NFtables
topic High-availability
Firewall
Load-balance
Redundance
Scalability
DDoS
IPtables
NFtables
description Due to the growing number of cyber-attacks and the overall digital world knowledge, there is an urgent need to improve cyber security systems. Some of the measures implemented in these systems use network monitoring systems. This document regards a security system with a similar approach focused on prevention and reaction to a shortage of service. It is an Open-Source solution aiming to prevent DDoS attacks and adapt a network to realtime failures through smart configurations of security devices like Firewalls and Load-Balancers. The system is capable of periodically monitoring the state of the devices, as well as reconfiguring routing policies and packet filtering rules in scenarios of cyber attacks. Moreover, it provides an interface of interaction with the network admin to deliver data regarding the state of the security equipment and the connection between them, enhancing traffic flow analysis and preventive implementation of traffic filtering rules in Firewalls. As for technologies, these changes in the machines were designed to be implemented in IPTables and NFTables to be compatible with most Linux distributions. The monitoring and reconfiguration process was automated with Python scripts and SSH connections. The whole testing scenario was developed while being simulated with GNS3 and Virtualbox, interacting with a physical computer hosting the system. All functionalities defined along the document were tested and showed positive results.
publishDate 2022
dc.date.none.fl_str_mv 2022-12-15T00:00:00Z
2022-12-15
2023-04-04T07:30:50Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/masterThesis
format masterThesis
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/10773/36861
url http://hdl.handle.net/10773/36861
dc.language.iso.fl_str_mv eng
language eng
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.source.none.fl_str_mv reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron:RCAAP
instname_str Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron_str RCAAP
institution RCAAP
reponame_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
collection Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository.name.fl_str_mv Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
repository.mail.fl_str_mv
_version_ 1799137729373536256

Registros relacionados