|
|
Central processing and evaluation of security events
Žáček, Dominik ; Malina, Lukáš (referee) ; Paučo, Daniel (advisor)
The work discusses the topic of improving the security of IT networks. The shortcomings of some of the current solutions are revealed and selected facts are highlighted that can be used to improve the security. The main theme and objective was generally to improve the security of Flowmon customers' networks by sharing information about the perpetrators of security incidents detected by Flowmon ADS. The firm's customers include hospitals, for example, which may fall victim one after another to the same attacker or attack. By implementing a mechanism to share this information between customers, the attack could be avoided. A system has been designed and implemented to achieve this goal. At the beginning, there was one application sending security events for central processing. An application acting as a central server was then created to receive these events. A mechanism has been established to normalize the data received, based on which a number is created indicating the severity of the event. This mechanism can be configured with a configuration file for individual event types. Finally, this information is evaluated in one single piece of data, the so-called Future Misbehavior Probability score. Each attacker is therefore rated between 0 and 1, with 1 indicating the most serious attackers. Attackers are then grouped by score and can be shared with customers. This allows customers to take various countermeasures, such as pre-emptively blocking the attackers.
|
|
|
Automated Testing of Flowmon Products
Hromádka, Petr ; Grégr, Matěj (referee) ; Matoušek, Petr (advisor)
This thesis is about testing of Flowmon products: Flowmon collector and Flowmon ADS. The goal is to implement frameworks for automatic testing of Flowmon tools. Beginning is about theory of testing. In next parts are dedicated to description of Flowmon tools and draft of testing frameworks.
|
|
|
Central processing and evaluation of security events
Žáček, Dominik ; Malina, Lukáš (referee) ; Paučo, Daniel (advisor)
The work discusses the topic of improving the security of IT networks. The shortcomings of some of the current solutions are revealed and selected facts are highlighted that can be used to improve the security. The main theme and objective was generally to improve the security of Flowmon customers' networks by sharing information about the perpetrators of security incidents detected by Flowmon ADS. The firm's customers include hospitals, for example, which may fall victim one after another to the same attacker or attack. By implementing a mechanism to share this information between customers, the attack could be avoided. A system has been designed and implemented to achieve this goal. At the beginning, there was one application sending security events for central processing. An application acting as a central server was then created to receive these events. A mechanism has been established to normalize the data received, based on which a number is created indicating the severity of the event. This mechanism can be configured with a configuration file for individual event types. Finally, this information is evaluated in one single piece of data, the so-called Future Misbehavior Probability score. Each attacker is therefore rated between 0 and 1, with 1 indicating the most serious attackers. Attackers are then grouped by score and can be shared with customers. This allows customers to take various countermeasures, such as pre-emptively blocking the attackers.
|
|
|
Automated Testing of Flowmon Products
Hromádka, Petr ; Grégr, Matěj (referee) ; Matoušek, Petr (advisor)
This thesis is about testing of Flowmon products: Flowmon collector and Flowmon ADS. The goal is to implement frameworks for automatic testing of Flowmon tools. Beginning is about theory of testing. In next parts are dedicated to description of Flowmon tools and draft of testing frameworks.
|
guest ::
