PIPS: Um sistema proativo de prevenÃÃo contra intrusÃes

AUTOR(ES)
DATA DE PUBLICAÇÃO

2005

RESUMO

Protecting a computer system involves a set of security procedures followed by continuous monitoring. Intrusion Detection Systems (IDS) have historically been used to monitor computer networks against threats. Recently the IDSâs have evolved to allow real-time protection against attacks and have been marketed as Intrusion Prevention Systems (IPS). These systems are essentially reactive and are limited in their analyses because they lack a global view of the monitored network. In this work we present a solution to the continuous monitoring problem called Proactive Intrusion Prevention Systems (PIPS). The system works in a proactive way, building an active view of the network using port scanners and vulnerability assessment tools. Besides providing a detailed vision of the network state, this profile is used for correlations with IDS events resulting in more refined analyses. PIPS is built upon distributed agents, that permanently collect data and deliver it to a central analysis system that keeps a global view of the network. The use of expert systems based on production rules allows the correlation between events gathered by the sensors and the network state. A flexible architecture, using plug-ins, allows the use of well-tested tools adding value to the system. Thoroughly tested in production environments the system delivered satisfactory results both in reducing false positives and providing metrics for threats and vulnerabilities. These metrics can further be used as real world sources of data for risk analysis

ASSUNTO(S)

sistemas de prevenÃÃo de intrusÃes sistemas proativos network inventory production systems correlaÃÃo de dados sistemas de detecÃÃo de intrusÃes data correlation proactive systems ciencia da computacao sistemas de produÃÃo inventÃrio de rede intrusion detection systems (ids) intrusion prevention systems

ACESSO AO ARTIGO

Documentos Relacionados