Ανάπτυξη και ρύθμιση αισθητήρων συλλογής και επεξεργασίας πληροφοριών ασφαλείας, για τον εντοπισμό και αντιμετώπιση κυβερνοεπιθέσεων σε ετερόμορφη δικτυακή υποδομή
Αναγνωστόπουλος, Χρίστος Γ.
KeywordsΑσφάλεια δικτύων και συστημάτων
The idea that network and systems security is essential in the modern enterprise environment is of utmost importance. However, the requirement for constant connectivity of computational systems in modern information systems makes them vulnerable to a series of threats that increase the probability of violating the core security principles: integrity, reliability, confidentiality and availability of the data they process. Two of the most important mechanisms that limit the dangers in a network environment are a) the Intrusion Detection Systems, that constantly analyze the network traffic and when they identify a series of actions similar to a known attack, they act accordingly and b) the Intrusion Prevention Systems that take all necessary actions to deal with an identified security incident in real time in order to restore the network to its previous state. However, both of these methods present a series of limitations that deprive them of being an optimal solution. The need to cope with complex attacks led to the development of Security Information and Event Management Systems that combine and analyze information from multiple network security mechanisms and acting with increased accuracy and decreased chances of making false conclusions. The goal of this master thesis is to provide a detailed description of the architecture and the basic components of a typical SIEM tool, an analysis of its functionality and presenting its advantages and disadvantages. Another important contribution of this thesis is a detailed documentation of the installation and initialization of a well-known tool under this category, the SIEM AlienVault OSSIM and OSSEC, an open source IDS whose sensors cooperate with OSSIM.