Využití SIEM systémů při monitorování síťových událostí / Utilization of SIEM systems for network events monitoring

Kopřiva, Milan

January 2015

In the last years we can observe an increasing number of security incidents varying in their focus, motives and success rate. Attacks are often conducted by very skilled organized groups with high knowledge base and they are increasing in their sophistication and efficiency. Because of those reasons information security is now one of the main fields of interest of IT experts. This thesis deals with Security information and Event Management technology and its usage for the detection of potentially harmful activity in a company's internal network. In the first chapter the elementary concepts of security are placed into the context of this thesis. Next chapter deals with security information and event management technology itself, its clear definition and describing the main functionality. The end of the theoretical part is dedicated to the author's view of the future and also to the problems concerning the implementation of SIEM solutions including return on investment calculation which has certain specifics in security field. Main benefit coming from this thesis is a clear description and creation of use cases aimed at the detecting suspicious activity in internal computer networks combined with their deployment in SIEM solution in real environment. The practical part of this thesis is dedicated to the configuration of the chosen device and its connection to the SIEM solution, and the assessment of usability of security events generated by the threat detecting device. Based on this assessment the use cases will be modelled and then deployed in the test environment. This thesis aims to bring on overall view into the security information and event management technology, starting with its definition and base functions. The primary goal of this thesis is use case designing for real time threat detection in a practical environment.

Posouzení informačního systému firmy a návrh změn / Information System Assessment and Proposal for ICT Modification

Marek, Jaroslav

January 2015

This diploma thesis is focused on evaluation of the Allrisk, ltd. information system and on the changes proposal. The theoretical part of the work describes an essential background and an explanation of individual methods used for analysis of information systems. Shortcomings revealed by the analysis are worked up and measures are taken to improve the current state.

The Role of Firewalls in Network Security : A Prestudy for Firewall Threat Modeling / Brandväggars roll i nätverkssäkerhet : En förstudie för hotmodel- lering av brandväggar

Bonnevier, Jani, Heimlén, Sebastian

January 2018

Firewalls help protect computer networks from intrusions and malware by enforcing restrictions on what network traffic is allowed to pass through the firewall into the network. This thesis explores the role of firewalls in network security, with the ultimate goal of advancing attempts to create a threat model for firewalls. Five areas are explored, namely: Definitions of Concepts Firewalls vs. Services as Targets for Direct Attack The Past and Future of Firewalls Approach to Estimating Firewall Security Firewall Configuration and Security Policies These areas are explored using a questionnaire survey. Each question in the questionnaire is either tied to a particular area, or is used to evaluate the respondents’ credibility. The questionnaire has 15 questions, many of which ask for free text answers. The group of potential respondents consists of 209 individuals, of whom about 75 % are authors of scientific articles that discuss firewalls, penetration testing, and other relevant topics. The rest are information security professionals, journalists or bloggers of varying merit that were found online. 20 responses to the questionnaire were received. Responses to qualitative questions were codified to produce some quantitative data. The conclusions drawn based on the results include, among other things: Attackers tend to directly target network services rather than firewalls. Respondents disagreed on whether the role of firewalls is currently changing. A possible approach to estimating firewall security takes into account the network services that the firewall protects. Firewall configurations frequently do not match the security policies of the organizations in which the firewalls are deployed. / Brandväggar hjälper att skydda datornätverk från intrång och skadeprogram genom att begränsa den trafik som tillåts passera genom brandväggen in i nätverket. Denna uppsats utforskar brandväggars roll i nätverkssäkerhet med målet att göra framsteg i försök att skapa en hotmodell för brandväggar. Fem områden utforskas, nämligen: Definitioner av begrepp Brandväggar kontra tjänster som mål för direkta angrepp Brandväggens historia och framtid Tillvägagångssätt för att estimera brandväggssäkerhet Brandväggskonfiguration och säkerhetspolicyer Dessa områden utforskas via en enkätstudie. Varje fråga i enkäten tillhör antingen ett specifikt område, eller används för att evaluera respondenternas trovärdighet. Enkäten har 15 frågor, varav många efterfrågar fritextsvar. Gruppen potentiella respondenter består av 209 individer, varav cirka 75 % är författare av vetenskapliga artiklar som behandlar brandväggar, penetrationstestning och andra relevanta ämnen. Resten är professionella säkerhetskonsulter, journalister eller bloggare med olika meriter inom informationssäkerhet eller nätverk. 20 svar på enkäten togs emot. Svar på kvalitativa frågor klassificerades för att producera kvantitativ data. Slutsatserna som drogs baserat på resultaten inkluderar bl.a.: Angripare tenderar att ha nätverkstjänster som sina direkta mål, snarare än brandväggar. Respondenterna var oense om huruvida brandväggars roll just nu förändras. Ett möjligt tillvägagångssätt för att uppskatta brandväggssäkerhet tar hänsyn till de nätverkstjänster brandväggen skyddar. Brandväggskonfigurationer överrenstämmer ofta inte med säkerhetsriktlinjerna i de organisationer där brandväggarna är i bruk.

Computer and Information Sciences

Data- och informationsvetenskap

Sobre a estruturação de informação em sistemas de segurança computacional: o uso de ontologias / On the structuring of information in computing security systems: the use of ontologies

Martimiano, Luciana Andréia Fondazzi

18 September 2006

Como a quantidade e a complexidade de informações disponíveis sobre incidentes de segurança é crescente, as tarefas de manipular e gerenciar essas informações tornaram-se bastante custosas. Diversas ferramentas de gerenciamento de segurança estão disponíveis para auxiliar os administradores. Essas ferramentas podem monitorar tudo que entra e saí de uma intranet, como os firewalls; podem monitorar o tráfego interno da rede para saber o que está acontecendo e detectar possíveis ataques, como os sistemas de detecção de intrusão (SDIs); podem varrer arquivos em busca de códigos maliciosos, como os antivírus; podem criar filtros de emails para evitar spams, vírus ou worms; ou podem varrer uma rede em busca de vulnerabilidades nos sistemas, como os scanners e os agentes móveis inteligentes. Essas ferramentas geram uma grande quantidade de logs com informações que são coletadas e armazenadas em formatos próprios e diferentes. Essa falta de um formato único para armazenar as informações de incidentes de segurança, faz com que o trabalho dos administradores fique ainda mais difí?cil, pois eles/elas devem ser capazes de entender todos esses formatos para identificar e correlacionar informações quando, por exemplo, há um ataque ou uma invasãoo em andamento. Esta tese descreve o projeto e o desenvolvimento de ontologias para representar em uma estrutura padronizada informações sobre incidentes de segurança. A ontologia desenvolvida é denominada OntoSec - Security Incident Ontology. Este trabalho cobre: (i) como utilizar ontologias para compartilhar e reusar informações sobre incidentes; (ii) como correlacionar incidentes por meio de ontologias; (iii) como facilitar a interoperabilidade entre diferentes ferramentas de segurança; (iv) a modelagem de um sistema de gerenciamento de incidentes com base na ontologia; e (v) o processo de avaliação da ontologia desenvolvida. Além disso, a OntoSec pretende apoiar as decisões gerenciais realizadas pelos administradores quando problemas de segurança acontecem, possibilitando que essas decisões sejam tomadas de maneira mais eficiente e eficaz / As the amount and the complexity of security incidents information have grown exponentially, managing and manipulating these information have become more expensive. Several security tools can be used to assist the administrators in performing these tasks. These tools can monitor what comes from Internet and goes to it, as the firewalls do; they can monitor the intranet traffic, as usually is done by an Intrusion Detection System (IDS); they can search for malicious codes in files or emails, as made by the antivirus; they can create filters to process spams, viruses or worms; or they can scan the intranet for vulnerabilities, as the scanners and the intelligent agents. These tools collect and store a great amount of information, using different formats. This lack of unique commonly agreed formats to store information about security incidents, make the administrators? job even harder, because they have to be able to understand all these formats to identify and to correlate information when, for instance, there is an attack or an invasion in progress. In this thesis I describe the design and development of ontologies to represent in a standard structure information about security incidents. The ontology developed is named OntoSec - Security Incident Ontology. This work covers: (i) how to use ontologies to share and reuse information about incidents; (ii) how to make it easier to correlate incidents; (iii) how to make it possible the interoperability amongs security tools; (iv) modeling of a security incident management system based on OntoSec; and (v) evaluation process of the ontology that has been developed. Besides that, the OntoSec aims to support the decisions made by the administrators when security problems happen, making the process more efficient and effective

Conhecimento

Gerenciamento de segurança

Incidentes de segurança

Interoperabilidade

Interoperability

Ontologias

Ontologies

Security incidentes

Security knowledges

Security management

Standardized security information

Monitorování bezpečnosti firemní počítačové sítě / Company network security monitoring

Kališ, Martin

January 2009

Main focus of this work is on computer network security monitoring. In first part basic definitions for the area are formed and it also offers different ways to encompass monitoring into company security. Next part defines main functions of monitoring systems and provides guidelines for its implementation in organization. Practical part consists of defining key conditions for selection of monitoring solution and it also applies them when comparing several products available on the market. Then it presents author's view on future trends and development in this area based on facts from previous chapters. Whole work provides complete approach to security monitoring and offers definition of all key concepts and competencies for monitoring systems.

Sobre a estruturação de informação em sistemas de segurança computacional: o uso de ontologias / On the structuring of information in computing security systems: the use of ontologies

Luciana Andréia Fondazzi Martimiano

18 September 2006

Como a quantidade e a complexidade de informações disponíveis sobre incidentes de segurança é crescente, as tarefas de manipular e gerenciar essas informações tornaram-se bastante custosas. Diversas ferramentas de gerenciamento de segurança estão disponíveis para auxiliar os administradores. Essas ferramentas podem monitorar tudo que entra e saí de uma intranet, como os firewalls; podem monitorar o tráfego interno da rede para saber o que está acontecendo e detectar possíveis ataques, como os sistemas de detecção de intrusão (SDIs); podem varrer arquivos em busca de códigos maliciosos, como os antivírus; podem criar filtros de emails para evitar spams, vírus ou worms; ou podem varrer uma rede em busca de vulnerabilidades nos sistemas, como os scanners e os agentes móveis inteligentes. Essas ferramentas geram uma grande quantidade de logs com informações que são coletadas e armazenadas em formatos próprios e diferentes. Essa falta de um formato único para armazenar as informações de incidentes de segurança, faz com que o trabalho dos administradores fique ainda mais difí?cil, pois eles/elas devem ser capazes de entender todos esses formatos para identificar e correlacionar informações quando, por exemplo, há um ataque ou uma invasãoo em andamento. Esta tese descreve o projeto e o desenvolvimento de ontologias para representar em uma estrutura padronizada informações sobre incidentes de segurança. A ontologia desenvolvida é denominada OntoSec - Security Incident Ontology. Este trabalho cobre: (i) como utilizar ontologias para compartilhar e reusar informações sobre incidentes; (ii) como correlacionar incidentes por meio de ontologias; (iii) como facilitar a interoperabilidade entre diferentes ferramentas de segurança; (iv) a modelagem de um sistema de gerenciamento de incidentes com base na ontologia; e (v) o processo de avaliação da ontologia desenvolvida. Além disso, a OntoSec pretende apoiar as decisões gerenciais realizadas pelos administradores quando problemas de segurança acontecem, possibilitando que essas decisões sejam tomadas de maneira mais eficiente e eficaz / As the amount and the complexity of security incidents information have grown exponentially, managing and manipulating these information have become more expensive. Several security tools can be used to assist the administrators in performing these tasks. These tools can monitor what comes from Internet and goes to it, as the firewalls do; they can monitor the intranet traffic, as usually is done by an Intrusion Detection System (IDS); they can search for malicious codes in files or emails, as made by the antivirus; they can create filters to process spams, viruses or worms; or they can scan the intranet for vulnerabilities, as the scanners and the intelligent agents. These tools collect and store a great amount of information, using different formats. This lack of unique commonly agreed formats to store information about security incidents, make the administrators? job even harder, because they have to be able to understand all these formats to identify and to correlate information when, for instance, there is an attack or an invasion in progress. In this thesis I describe the design and development of ontologies to represent in a standard structure information about security incidents. The ontology developed is named OntoSec - Security Incident Ontology. This work covers: (i) how to use ontologies to share and reuse information about incidents; (ii) how to make it easier to correlate incidents; (iii) how to make it possible the interoperability amongs security tools; (iv) modeling of a security incident management system based on OntoSec; and (v) evaluation process of the ontology that has been developed. Besides that, the OntoSec aims to support the decisions made by the administrators when security problems happen, making the process more efficient and effective

Conhecimento

Gerenciamento de segurança

Incidentes de segurança

Interoperabilidade

Ontologias

Interoperability

Ontologies

Security incidentes

Security knowledges

Security management

Standardized security information

Návrh zavedení bezpečnostních opatření v souladu s ISMS pro obchodní společnost / Design of security countermeasures implementation in accordance with ISMS for business company

Dočekal, Petr

January 2018

The master’s thesis focuses on area of security countermeasures in accordance with information security management system. Presents basic theoretical background of information and cyber security and describes a current state in the company. The thesis’s output is the design of security countermeasures implementation which contribute to information security in the company.

Posouzení informačního systému firmy a návrh změn / Information System Assessment and Proposal of ICT Modification

Muž, Jan

January 2021

Diploma thesis focuses on the analysis of current situation of Lingua Centrum s.r.o. and the information system they developed. Using the inner and outer environment analysis, several vulnerabilities have been discovered. Consequently a draft of improvements was developed, that aims at ensuring higher security and effectivity working with information system. New module is also suggested to be implemented providing better utilisation of the system itself. The thesis is devided into three chapters. First part describes the theoretical resources and analytical instruments which have been used for analysis of the company in part two. The final part provides changes, that would lead to eradicating the systems deficiencies.

Posouzení informačního systému firmy a návrh změn / Information System Assessment and Proposal for ICT Modification

Parolek, Pavel

January 2012

My thesis focuses on information system analysis of local municipalities, specifically on Břeclav Municipal Office information system. My thesis evaulates the information system's efficiency, identifies its weak points and suggests measures eliminating these weak points.

Zavedení managementu informační bezpečnosti v malém podniku / The Implementation of Information Security Management System in Small Company

Čampula, Roman

January 2013

This master’s (diploma) thesis analyzes security situation of the software company. It contains theoretical information which is necessary for the installation of the information security system. It also demonstrates the method of its application. On the basis of the security risks analysis it suggests arrangements which are currently necessary for the required information security in the company. The whole thesis is covered on the basis of the ČSN ISO/IEC 27001:2006 norm.