/img alt="Imagem da capa" class="recordcover" src="""/>
Trabalho de Conclusão de Curso - Graduação
Avaliação de sistemas de detecção de intrusão em uma rede acadêmica
At any moment new attacks or even variations of existing attacks arise and are launched only on networks. Only the use of firewall is insufficient, because the attacker can use ports, in which services provided by the company / institution run, to execute attacks. Given this scenario, it is essen...
Autor principal: | ARAÚJO, Glenon Mateus Barbosa |
---|---|
Grau: | Trabalho de Conclusão de Curso - Graduação |
Publicado em: |
2019
|
Assuntos: | |
Acesso em linha: |
http://bdm.ufpa.br/jspui/handle/prefix/1375 |
Resumo: |
---|
At any moment new attacks or even variations of existing attacks arise and are launched
only on networks. Only the use of firewall is insufficient, because the attacker can use ports,
in which services provided by the company / institution run, to execute attacks. Given
this scenario, it is essential for a network administrator to use tools such as a Intrusion
Detection and Prevention System that alert or even block attacks. This work aims to
evaluate the most popular open source Intrusion Detection Systems, Snort and Suricata.
Snort is a detection system launched in 1998 by Martin Roesch and was one of the first
in its segment to perform real-time traffic analysis and package logging in a lightweight
manner using minimal processing capabilities. Suricata was launched in 2010 and its main
feature is the use of multithreading technology, taking advantage of processors to improve
performance. The evaluation was performed comparing the performance and intrusion
detections that were put into operation in an actual production network, verifying their
advantages and disadvantages. In the tests performed, auxiliary tools were used to simulate
attacks on a target machine installed for this purpose. |