1 |
Um Data Diode com hardware criptográfico para Redes Industriais CríticasTeixeira, Gabriel Carrijo Bento, 69-99292-1505 15 December 2017 (has links)
Submitted by Divisão de Documentação/BC Biblioteca Central (ddbc@ufam.edu.br) on 2018-03-05T15:59:13Z
No. of bitstreams: 2
license_rdf: 0 bytes, checksum: d41d8cd98f00b204e9800998ecf8427e (MD5)
Dissertação_Gabriel C. B. Teixeira.pdf: 7518481 bytes, checksum: f8b49cd06f0d81fce33b270fade5aa54 (MD5) / Approved for entry into archive by Divisão de Documentação/BC Biblioteca Central (ddbc@ufam.edu.br) on 2018-03-05T15:59:25Z (GMT) No. of bitstreams: 2
license_rdf: 0 bytes, checksum: d41d8cd98f00b204e9800998ecf8427e (MD5)
Dissertação_Gabriel C. B. Teixeira.pdf: 7518481 bytes, checksum: f8b49cd06f0d81fce33b270fade5aa54 (MD5) / Made available in DSpace on 2018-03-05T15:59:25Z (GMT). No. of bitstreams: 2
license_rdf: 0 bytes, checksum: d41d8cd98f00b204e9800998ecf8427e (MD5)
Dissertação_Gabriel C. B. Teixeira.pdf: 7518481 bytes, checksum: f8b49cd06f0d81fce33b270fade5aa54 (MD5)
Previous issue date: 2017-12-15 / Industrial networks are highly sensitive environments from the point of view of
information security with a view to computer incidents can cause incalculable
damage. Over the years the connection of those networks with enterprise environments
and consequently the Internet, has brought serious concerns about the
integrity of the information and equipment involved. Several solutions have been
proposed with the aim of protecting Industrial Networks in data communications
infrastructure. However, is it really possible or feasible to ensure that the solutions
implemented are really safe? In this sense, this work presents a security
scheme able to deal with the problems encountered in the integration of critical
industrial networks with insecure corporate networks, aiming to ensure data integrity
and reliability being the devices. To this end it is proposed to use a Data
Diode in the interconnection of networks for the protection of industrial plant
and a cryptographic hardware TPM (Trusted Platform Module) to guarantee integrity
and reliability of the devices involved. In order to prove the effectiveness
of this architecture, tests were carried out to the end the work show that it is
possible to achieve better results than those existing in the literature. / Redes Industriais são ambientes altamente sensíveis do ponto de vista da Segurança
da Informação, visto que incidentes computacionais podem ocasionar
prejuízos incalculáveis. Com o passar dos anos a interligação dessas redes com
ambientes corporativos e, consequentemente a Internet, trouxe sérias preocupações
sobre a integridade das informações e equipamentos envolvidos. Diversas
soluções têm sido propostas com o objetivo de proteger infraestruturas de comunicação
de dados em Redes Industriais. Contudo, será que realmente é possível
ou factível garantir que as soluções implementadas são realmente seguras? Neste
sentido, esta dissertação apresenta um esquema de segurança capaz de tratar
os problemas encontrados na integração de redes industriais críticas com redes
corporativas inseguras, objetivando garantir integridade dos dados e confiabilidade
entre os dispositivos. Para esse fim é proposta a utilização de um Data
Diode na interligação das redes para a proteção da planta industrial e um hardware
criptográfico TPM (Trusted Platform Module) para garantia de integridade
e confiabilidade dos dispositivos envolvidos. Como forma de provar a efetividade
dessa arquitetura, foram realizados testes, que ao final no trabalho, mostram que
é possível alcançar resultados superiores aos trabalhos já existentes na literatura.
|
2 |
Monitoring of a Modelled Real-Time System : with Data Diode Enabled Unidirectional Network / Övervakning av ett modellerat realtidssystem : Enkelriktat nätverk möjliggjort av dioderSterneling, Hanna January 2020 (has links)
Monitoring and logging is fundamental in systems. Today, these techniques are widely used to detect functionality issues as well as malicious event. This thesis compares and evaluates two techniques commonly used for this purpose: the Simple Network Management Protocol (SNMP) and the Syslog protocol. The protocols are evaluated with regard to their vulnerability to traffic pattern analysis, impact on network load and performance of the system, and the attack surface of the technique. Each protocol’s applicability is investigated on a modelled system, containing a data diode, using experiments and analysis of their individual features. We observe only small differences in traffic load and performance of the two techniques. The findings suggest that each of the two techniques can successfully be applied on the modelled system, and the decision on which technique should be used at each instance can therefore be left to the customer of each specific system implementation instance.
|
Page generated in 0.0557 seconds