/img alt="Imagem da capa" class="recordcover" src="""/>
Dissertação
IPSFlow: Um framework para Sistema de Prevenção de Intrusão baseado em Redes Definidas por Software
Intrusion Detection and Prevention Systems (IDSs/IPSs) are well known tools and well enshrined in the world of information security. However, the lack of integration with network equipment, such as switches and routers, tends to limit the performance of these tools leads to require a proper dimen...
Autor principal: | NAGAHAMA, Fábio Yu |
---|---|
Grau: | Dissertação |
Idioma: | por |
Publicado em: |
Universidade Federal do Pará
2014
|
Assuntos: | |
Acesso em linha: |
http://repositorio.ufpa.br/jspui/handle/2011/5613 |
Resumo: |
---|
Intrusion Detection and Prevention Systems (IDSs/IPSs) are well known tools and
well enshrined in the world of information security. However, the lack of integration with
network equipment, such as switches and routers, tends to limit the performance of these tools
leads to require a proper dimensioning of hardware resources such as processor, memory and
high-speed network interfaces used to implement them. Faced with several limitations
encountered by researchers and network administrators, the concept of Software Defined
Network (SDN), that separates the data and control planes, emerged allowing to adapt the
operation of the network according to their needs. Thus, due to standardization and flexibility
offered by SDNs, and the limitations presented by IDSs, this dissertation proposes IPSFlow, a
framework that uses a network based on the SDN architecture, and the OpenFlow protocol, to
create an IPS with wide coverage that blocks a malicious traffic in the equipment closer to the
origin. To validate the framework, experiments in the virtual Mininet environment were
conducted using Snort as IDS to analyze scanning traffic generated by Nmap from a host to
another. The results show that the IPSFlow worked as planned by blocking almost 85% of
scanning traffic. |