Ενίσχυση ασφάλειας δικτύου μέσω πολυεπίπεδης άμυνας : μελέτη ολοκληρωμένων τεχνολογιών ασφάλειας και ανάλυσης επιθέσεων
Enhancing network security through multi-layered defense : a study of integrated security technologies and attack analysis
View/
Abstract
The primary goal of this thesis is to explore the interaction and integration of key cybersecurity technologies within a simulated lab environment. The core technologies utilized include the MISP (Malware Information Sharing Platform & Threat Sharing) for threat intelligence sharing, the IBM QRadar SIEM for event and flow correlation, and pfSense as a network firewall and security gateway. Additional tools such as Snort (Intrusion Detection System) and Squid Proxy are employed to enhance traffic control and detection capabilities.
The lab environment has been built using VirtualBox, leveraging virtual machines to represent different security zones (DMZ, internal network, external users), each assigned distinct roles and technologies. The aim is to simulate a realistic enterprise setup where tool interoperability enables centralized visibility, correlation of threat data, and timely incident response.
MISP is used to collect and distribute Indicators of Compromise (IoCs), enriching threat context from external sources. QRadar aggregates logs and network flows, detects anomalies, and triggers alerts based on predefined rules. pfSense acts as the first layer of defense by filtering traffic through granular firewall rules, while Snort detects potential exploit attempts across the network.
Ultimately, this work aims to demonstrate that the holistic integration of these technologies — even in resource-constrained environments — can deliver actionable threat awareness, collaborative intelligence sharing, and effective response to cyber threats. The architecture proposed could serve as a model for small and mid-sized organizations seeking to enhance their cybersecurity posture with practical, open-source, and commercial tools.