Loading...
Publication
Mecanismos de deteção de intrusão – OSSEC HIDS: análise e implementação numa organização
| Name: | Description: | Size: | Format: | |
|---|---|---|---|---|
| 4.11 MB | Adobe PDF |
Authors
Advisor(s)
Abstract(s)
Nesta dissertação, realizou-se um estudo comparativo analítico, com o objetivo de testar a inclusão do
Open Source Security (OSSEC), um Host Intrusion Detection System (HIDS), na infraestrutura de
segurança de uma organização de grande porte. Inseriu-se a infraestrutura de Segurança Digital já
implementada uma nova ferramenta para auxiliar o monitoramento, testar a utilização em conjunto
com ferramentas de rede, cito: Firewall, Intrusion Prevention System (IPS) e Web Application Firewall
(Waf). Para a execução do estudo, propõe-se a utilização de um mecanismo de deteção de intrusão em
servidor como complemento à política de segurança da instituição.
Foram definidos os principais elementos componentes da infraestrutura. Os alertas gerados
foram analisados e comparados aos alertas produzidos por mecanismos de prevenção de intrusão como
de um Intrusion Prevention System (IPS), identificando falhas. Com estes resultados analisados,
se demonstra que a complementação da infraestrutura de rede com a inclusão da ferramenta para
monitoramento, trouxe resultados favoráveis e comprovou sua eficácia.
O estudo de caso foi realizado em um ambiente real, numa organização de grande porte no Brasil. Por
questões de confidencialidade, o nome e quaisquer outros dados que possam identificar a instituição
foram preservados, a fim de garantir o anonimato e a segurança da instituição que possibilitou o
estudo.
In this dissertation, an analytical comparative study was carried out to test the inclusion of Open Source Security (OSSEC), a Host Intrusion Detection System (HIDS), in the security infrastructure of a large organization. The Digital Security infrastructure was implemented a new tool to help the monitoring, test the use in conjunction with network tools, I cite: Firewall, Intrusion Prevention System (IPS) and Web Application Firewall (Waf). For the execution of the study, it is proposed to use a server intrusion detection mechanism as a complement to the institution's security policy. The main components of the infrastructure were defined. The generated alerts were analyzed and compared to alerts produced by intrusion prevention mechanisms such as an Intrusion Prevention System (IPS), identifying faults. With these results, it is demonstrated that the complementation of the network infrastructure with the inclusion of the tool for monitoring, has brought favorable results and proved its effectiveness. The case study was carried out in a real environment, in a large organization in Brazil. For reasons of confidentiality, the name and any other data that may identify the institution were preserved in order to guarantee the anonymity and security of the institution that made the study possible.
In this dissertation, an analytical comparative study was carried out to test the inclusion of Open Source Security (OSSEC), a Host Intrusion Detection System (HIDS), in the security infrastructure of a large organization. The Digital Security infrastructure was implemented a new tool to help the monitoring, test the use in conjunction with network tools, I cite: Firewall, Intrusion Prevention System (IPS) and Web Application Firewall (Waf). For the execution of the study, it is proposed to use a server intrusion detection mechanism as a complement to the institution's security policy. The main components of the infrastructure were defined. The generated alerts were analyzed and compared to alerts produced by intrusion prevention mechanisms such as an Intrusion Prevention System (IPS), identifying faults. With these results, it is demonstrated that the complementation of the network infrastructure with the inclusion of the tool for monitoring, has brought favorable results and proved its effectiveness. The case study was carried out in a real environment, in a large organization in Brazil. For reasons of confidentiality, the name and any other data that may identify the institution were preserved in order to guarantee the anonymity and security of the institution that made the study possible.