Análisis e implementación de un DIDS para generación de firmas de comportamientos anómalos en la red del edificio matriz de la Empresa Eléctrica Quito

In This degree work, we proposed to implement a tool. It tool will help strengthen of network security of pricpal building of the Electric Enterprice Quito, It network has a extended star topology composed by aproximately 1500 communications devices the divices generate a lot of traffic and maybe a...

Descripción completa

Autor Principal: Acosta Cortez, Edwin Santiago
Otros Autores: Muñoz Vega, Jimena Alejandra
Formato: bachelorThesis
Idioma: spa
Publicado: 2015
Materias:
Acceso en línea: http://dspace.ups.edu.ec/handle/123456789/10097
Etiquetas: Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
Sumario: In This degree work, we proposed to implement a tool. It tool will help strengthen of network security of pricpal building of the Electric Enterprice Quito, It network has a extended star topology composed by aproximately 1500 communications devices the divices generate a lot of traffic and maybe a security network breach.The System Distributed Intrusion Detection will be composed by a server and sensors Pi, these sensors are Raspberry P1, essentially they’re small microcomputers. The System will be mounted on Linux plataform with Debian distribution and Snort as the main Intrusion Detection System, it should be emphasized both Snort and Linux will use the distribution is OpenSource, providing great economic advantage to whatever network IDS sensed. The sensors pi will be located at the points considered most vulnerable, which will communicate with the central node or server mounted on Security Onion plataform, it server will receive events processed by Snort and it’ll be written to the database (Mysql) to present a detailed analysis on a graphical interface called Snorby. This interface will report events as high, medium and low alerts in daily, weekly, monthly times and also details the type of protocol used rules, addresses and source and destination ports which alerts are generated. This way you can help the network administrator with a real analysis of the current situation of the network so that you can prevent future vulnerabilities.