Dissertação

IPSFlow: Um framework para Sistema de Prevenção de Intrusão baseado em Redes Definidas por Software

Intrusion Detection and Prevention Systems (IDSs/IPSs) are well known tools and well enshrined in the world of information security. However, the lack of integration with network equipment, such as switches and routers, tends to limit the performance of these tools leads to require a proper dimen...

ver descrição completa

Autor principal: NAGAHAMA, Fábio Yu
Grau: Dissertação
Idioma: por
Publicado em: Universidade Federal do Pará 2014
Assuntos:
IDS
IPS
Acesso em linha: http://repositorio.ufpa.br/jspui/handle/2011/5613
Resumo:
Intrusion Detection and Prevention Systems (IDSs/IPSs) are well known tools and well enshrined in the world of information security. However, the lack of integration with network equipment, such as switches and routers, tends to limit the performance of these tools leads to require a proper dimensioning of hardware resources such as processor, memory and high-speed network interfaces used to implement them. Faced with several limitations encountered by researchers and network administrators, the concept of Software Defined Network (SDN), that separates the data and control planes, emerged allowing to adapt the operation of the network according to their needs. Thus, due to standardization and flexibility offered by SDNs, and the limitations presented by IDSs, this dissertation proposes IPSFlow, a framework that uses a network based on the SDN architecture, and the OpenFlow protocol, to create an IPS with wide coverage that blocks a malicious traffic in the equipment closer to the origin. To validate the framework, experiments in the virtual Mininet environment were conducted using Snort as IDS to analyze scanning traffic generated by Nmap from a host to another. The results show that the IPSFlow worked as planned by blocking almost 85% of scanning traffic.