Architectures The University of Trs -os- Montes e Alto Douro Case - - PowerPoint PPT Presentation

architectures the university of tr s os
SMART_READER_LITE
LIVE PREVIEW

Architectures The University of Trs -os- Montes e Alto Douro Case - - PowerPoint PPT Presentation

Jul 19, 2023 137 likes •425 views

Using Honeypots in Network Intelligence Architectures The University of Trs -os- Montes e Alto Douro Case Study Jos Bessa 1 , Hugo Coelho 1 , Pedro Monteiro 1 , Jos Brito 1 , Antnio Costa 1 1 University of Trs -os-Montes e Alto Douro

slide-1
SLIDE 1

Using Honeypots in Network Intelligence Architectures – The University of Trás-os- Montes e Alto Douro Case Study

José Bessa1, Hugo Coelho1, Pedro Monteiro1, José Brito1, António Costa1

1University of Trás-os-Montes e Alto Douro

slide-2
SLIDE 2

2

 Network Intelligence Architecture (NIA)  Case Study & Proposed Architecture  Tests and Results  Final Considerations & Future Work

slide-3
SLIDE 3

3

slide-4
SLIDE 4

4

“Knowledge is the combination of instincts, ideas, rules and procedures that guide the actions and decisions.” (Rascão, 2011)

slide-5
SLIDE 5

5

NARSON Technical Software

slide-6
SLIDE 6

6

Volume Variety Velocity Value Veracity

5V’s

slide-7
SLIDE 7

7

slide-8
SLIDE 8

8

DevExpress Software

slide-9
SLIDE 9

9

A Honeypot is a security resource without production value and whose true value lies in being probed, attacked or compromised

“ “

– Spitzner, 2002

Any traffic directed to a Honeypot is considered abnormal Who’s attacking? How’s attacking? What resources?

slide-10
SLIDE 10

10

Interaction Level Low Medium High Deployment & Maintenance Simple Advanced Complex Collected Data Detail Low Medium High Risk Low Low High

  • Three types:
  • As a result of how an attacker interacts with it
slide-11
SLIDE 11

11

Defines its Value Research Prevention, Detection, Reaction External Attack Sources Detection, Reaction Internal Attack Sources

slide-12
SLIDE 12

12

slide-13
SLIDE 13

13

 University of Trás-os-Montes e Alto Douro (UTAD)

 IT and Communications Services (SIC-UTAD) – Division of Infrastructures, Communications and Support

Douro Region UTAD

slide-14
SLIDE 14

14

slide-15
SLIDE 15

15

slide-16
SLIDE 16

16

DMZ

slide-17
SLIDE 17

17

slide-18
SLIDE 18

18

slide-19
SLIDE 19

19

slide-20
SLIDE 20

20

slide-21
SLIDE 21

21

slide-22
SLIDE 22

22

slide-23
SLIDE 23

23

slide-24
SLIDE 24

24

slide-25
SLIDE 25

25

 Organization’s data is important  Monitoring is vital  Knowledge on attacks  NIA with Elastic Stack  Low interaction honeypot deployed on UTAD’s Network  Improvement of network services

slide-26
SLIDE 26

26

 Continue research Network Intelligence  New dashboards for decision support  Include other event sources  Improve honeypot

  • Optimization, Expansion
slide-27
SLIDE 27

27

slide-28
SLIDE 28

28

University of Trás-os-Montes e Alto Douro:

 Address: Quinta de Prados, 5000-801 Vila Real, Portugal  Phone Number: 259 350 000  Fax: 259 350 480  Site: http://www.utad.pt

Authors:

 José Bessa: jmiguelbessa16@gmail.com  Hugo Coelho: coelho.hu@gmail.com  Pedro Monteiro: monteiro.p@outlook.pt  José Brito: jbrito@utad.pt  António Costa: acosta@utad.pt www.linkedin.com/in/jmiguelbessa www.linkedin.com/in/coelhohu www.linkedin.com/in/monteirop www.linkedin.com/in/josepedrobrito www.linkedin.com/in/ariocosta