izpis_h1_title_alt

Principi zaznavanja neželjenih dogodkov v večjih informacijskih sistemih
ID POČIČ, ALJOŠA (Author), ID Mraz, Miha (Mentor) More about this mentor... This link opens in a new window

.pdfPDF - Presentation file, Download (4,08 MB)
MD5: 3C0A873D65C3B1A19573598A5EAF9B09
PID: 20.500.12556/rul/1af7ccfb-9034-4874-b392-ed80eeaf6c8e

Abstract
Varnost v informacijskem okolju ni odvisna samo od uporabljenih tehnologij, temveč tudi od vpeljanih politik in pravil. Kot odgovor na pojav novih napadov in groženj, so se pojavile nove varnostne zaščite. Da lahko izkoristimo podatke pridobljene s strani različnih varnostnih zaščit in vpeljemo politke v vsakodnevne aktivnosti znotraj informacijskega sistema, uporabimo SIEM sistem. SIEM sistem prevzame centralno vlogo v varnosti informacijskega sistema. Vsi zapisi, dogodki in mrežni promet se hranijo na enotnem mestu v normalizirani obliki, ki omogoča analizo njihove korelacije. S tem pridobimo centralno mesto iz katerega lahko spremljamo stanje varnosti v informacijskem sistemu in izvajamo analize ter poročila iz področja varnosti. V diplomskem delu so opisani ključni viri podatkov za SIEM sisteme in možnosti pridobivanja podatkov iz mrežnega prometa. Opisan je razvoj SIEM sistemov skozi čas in pričakovanja od današnjih SIEM sistemov naslednje generacije. V nadaljevanju dela sta podrobneje opisana vzorčni naročnik SIEM sistema in njegovo okolje. Navedene in opisane so vrste naprav v okolju naročnika in integracija naprav v uporabljeni SIEM sistem. V zaključku naloge je prikazana uporaba rešitve in tri tipična področja analiz, ki se izvajajo v SIEM sistemu. Za analizo iskanja naprednih napadov je prikazana tudi uporaba brezplačnih spletnih orodij, s katerimi lahko potrdimo ali ovržemo zaznave ugotovljene s strani varnostnih rešitev v informacijskem okolju.

Language:Slovenian
Keywords:SIEM, varovanje informacijske infrastrukture, zapisi, dogodki, korelacije, varnost
Work type:Bachelor thesis/paper
Organization:FRI - Faculty of Computer and Information Science
Year:2017
PID:20.500.12556/RUL-96339 This link opens in a new window
Publication date in RUL:28.09.2017
Views:2031
Downloads:518
Metadata:XML DC-XML DC-RDF
:
Copy citation
Share:Bookmark and Share

Secondary language

Language:English
Title:Detection of critical events in complex information systems
Abstract:
Safety in the information environment depends not just on the technologies used, but also on the policies and rules in place. New security protections have developed as a response to new threats and attacks. In order to make use of the data obtained from different security protections and introduce policies into everyday activities within the information system, we used a SIEM system. SIEM system assumes the essential role regarding security of the information system. All records, events and network traffic are stored in one place and in a normalized form, which allows analysis of their correlation. This is how we gain a central position, allowing us to monitor the security situation in the information system, and also to conduct analyses and security reports. The thesis discusses the key sources of information for SIEM systems and the possibilities for data collection from the network traffic. The development of SIEM systems over time and the expectations of next generation SIEM systems available today are also described. The following part focuses on the sample customer and on the model environment. The types of devices in the customer’s environment and the integration of devices in the SIEM system used are listed and described as well. The last part of the thesis shows the use of the solution and three typical areas of analyses performed in the SIEM system. The analysis of advanced attacks also shows the use of free online tools that help us to confirm or reject the threats identified by the security solutions in the information environment.

Keywords:SIEM, protection of information infrastructure, logs, events, correlations, security

Similar documents

Similar works from RUL:
Similar works from other Slovenian collections:

Back