Using Honeypots in Network Intelligence Architectures – The University of Trás -os- Montes e Alto Douro Case Study José Bessa 1 , Hugo Coelho 1 , Pedro Monteiro 1 , José Brito 1 , António Costa 1 1 University of Trás -os-Montes e Alto Douro
Network Intelligence Architecture (NIA) Case Study & Proposed Architecture Tests and Results Final Considerations & Future Work 2
3
“Knowledge is the combination of instincts, ideas, rules and procedures that guide the actions and decisions.” (Rascão, 2011) 4
NARSON Technical Software 5
Velocity Volume Variety 5V’s Value Veracity 6
7
DevExpress Software 8
“ A Honeypot is a security resource without production value and whose true value lies in being probed, attacked or compromised “ – Spitzner, 2002 Any traffic directed to a Honeypot is considered abnormal Who ’s attacking? How ’s attacking? What resources? 9
Three types: As a result of how an attacker interacts with it Interaction Level Low Medium High Deployment & Simple Advanced Complex Maintenance Collected Data Detail Low Medium High Risk Low Low High 10
Defines its Value Research Prevention, Detection, Reaction External Attack Sources Detection, Reaction Internal Attack Sources 11
12
University of Trás -os-Montes e Alto Douro (UTAD) IT and Communications Services (SIC-UTAD) – Division of Infrastructures, Communications and Support UTAD Douro Region 13
14
15
DMZ 16
17
18
19
20
21
22
23
24
Organization’s data is important Monitoring is vital Knowledge on attacks NIA with Elastic Stack Low interaction honeypot deployed on UTAD’s Network Improvement of network services 25
Continue research Network Intelligence New dashboards for decision support Include other event sources Improve honeypot Optimization, Expansion 26
27
University of Trás -os-Montes e Alto Douro: Address: Quinta de Prados, 5000-801 Vila Real, Portugal Phone Number: 259 350 000 Fax: 259 350 480 Site: http://www.utad.pt Authors: José Bessa: jmiguelbessa16@gmail.com www.linkedin.com/in/jmiguelbessa Hugo Coelho: coelho.hu@gmail.com www.linkedin.com/in/coelhohu Pedro Monteiro: monteiro.p@outlook.pt www.linkedin.com/in/monteirop José Brito: jbrito@utad.pt www.linkedin.com/in/josepedrobrito António Costa: acosta@utad.pt www.linkedin.com/in/ariocosta 28
Recommend
More recommend