Trabalho de Conclusão de Curso - Graduação

Avaliação de sistemas de detecção de intrusão em uma rede acadêmica

At any moment new attacks or even variations of existing attacks arise and are launched only on networks. Only the use of firewall is insufficient, because the attacker can use ports, in which services provided by the company / institution run, to execute attacks. Given this scenario, it is essen...

ver descrição completa

Autor principal: ARAÚJO, Glenon Mateus Barbosa
Grau: Trabalho de Conclusão de Curso - Graduação
Publicado em: 2019
Assuntos:
Acesso em linha: http://bdm.ufpa.br/jspui/handle/prefix/1375
Resumo:
At any moment new attacks or even variations of existing attacks arise and are launched only on networks. Only the use of firewall is insufficient, because the attacker can use ports, in which services provided by the company / institution run, to execute attacks. Given this scenario, it is essential for a network administrator to use tools such as a Intrusion Detection and Prevention System that alert or even block attacks. This work aims to evaluate the most popular open source Intrusion Detection Systems, Snort and Suricata. Snort is a detection system launched in 1998 by Martin Roesch and was one of the first in its segment to perform real-time traffic analysis and package logging in a lightweight manner using minimal processing capabilities. Suricata was launched in 2010 and its main feature is the use of multithreading technology, taking advantage of processors to improve performance. The evaluation was performed comparing the performance and intrusion detections that were put into operation in an actual production network, verifying their advantages and disadvantages. In the tests performed, auxiliary tools were used to simulate attacks on a target machine installed for this purpose.