Publication
Open source IDS/IPS in a production environment: comparing, assessing and implementing
| datacite.subject.fos | Departamento de Informática | pt_PT |
| dc.contributor.advisor | Miranda, Hugo Alexandre Tavares, 1973- | |
| dc.contributor.advisor | Botas, Pedro Miguel Raminhos Ribeiro | |
| dc.contributor.author | Calado, João Paulo da Costa | |
| dc.date.accessioned | 2018-11-22T15:16:46Z | |
| dc.date.available | 2018-11-22T15:16:46Z | |
| dc.date.issued | 2018 | |
| dc.date.submitted | 2018 | |
| dc.description | Trabalho de projecto de mestrado, Segurança Informática, Universidade de Lisboa, Faculdade de Ciências, 2018 | pt_PT |
| dc.description.abstract | This work describes the realization of an IDS solution in a productive environment. It was intended to evaluate its feasibility comparing some options and thus opening the possibility of putting this solution in inline mode. Hence, the host organization may consider replacing a current security solution (proprietary hardware and software), with a Free Software or Open Source firewall and IPS. Typically the market presents products developed for this purpose using dedicated hardware, creating highly efficient and robust black boxes. For these products the manufacturers guarantee a series of commitments, taking advantage of high values for licensing, additional features or even product support. Sometimes these products are based on community projects being brought to market by vendors in proprietary variants. In this perspective, it was intended, in this work, to evaluate the possibility of creating a defense environment entirely based on alternatives to the manufacturers’, from the operating system to the application’s level evaluation layers. This work provides a series of laboratory simulations (using virtualization), the placement in staging of the IDS solution, the comparison of actual results with real traffic, and retrieving the physical evaluation of comparable resources. In this way an evaluation of this solution will be presented to the host organization so that an informed decision is made about its possible implementation in production, to replace a proprietary solution. We found that, in fact, it is possible to use commodity hardware to implement such solution in the tested environment, and with the presented traffic demand. At least one of the tested IDSs (Suricata) performed flawlessly, for several days, in a highly dense and complex network, where more than 3Gbps with peaks around 4.5Gbps were observed. The work also reports on scenarios where two concurrent instances were run, with each one inspecting a dedicated 10Gbps listening interface. | pt_PT |
| dc.identifier.tid | 202191222 | |
| dc.identifier.uri | http://hdl.handle.net/10451/35418 | |
| dc.language.iso | eng | pt_PT |
| dc.subject | IDS | pt_PT |
| dc.subject | IPS | pt_PT |
| dc.subject | Snort | pt_PT |
| dc.subject | Suricata | pt_PT |
| dc.subject | Trabalhos de projecto de mestrado - 2018 | pt_PT |
| dc.title | Open source IDS/IPS in a production environment: comparing, assessing and implementing | pt_PT |
| dc.type | master thesis | |
| dspace.entity.type | Publication | |
| rcaap.rights | openAccess | pt_PT |
| rcaap.type | masterThesis | pt_PT |
| thesis.degree.name | Trabalho de projecto de mestrado em Segurança Informática | pt_PT |