Please use this identifier to cite or link to this item:
Title: Despliegue de la herramienta "Zeek" y su posterior explotación para el análisis de actividades sospechosas en la red
Author: Álvarez Rubio, Sergio
Director: García Font, Víctor
Tutor: Guaita Pérez, Borja
Keywords: network intrusion detection system
patient security
Zeek-ELK Stack
Issue Date: Dec-2019
Publisher: Universitat Oberta de Catalunya (UOC)
Abstract: The main purpose of this work is to assess the advantages offered by the implementation of an Intrusion Detection System in combination with log transformation tools for storage in NoSQL Databases and its subsequent exploitation through the use of advanced tools for creating different graphs that help us to detect anomalous behaviors in our network within the workplace and at reduced cost, taking advantage of the available resources. The particularity of our work environment means that many electromedical devices with embedded Windows are connected to the network and, given the difficulty of applying security patches, pose a significant threat to information security and, more specifically, to the security of the patient. For this, Zeek has been used as a Network Intrusion Detection System (NIDS) and ELK Stack for the transformation of logs (Beats), data warehouse (Elastic Search) and for the subsequent exploitation and graphic visualization of information, Machine Learning and SIEM (Kibana). Virtualized hardware has been used for ELK Stack on Windows Server 2012 R2 and PCs, whose residual value is 0, to install Zeek on Linux as a Network Sniffer using mirror port configuration on managed switch. It has been possible to visualize several anomalies, which has not been necessary to simulate attacks or infections, which has led us to the detection of two Wannacry infections. Concluding that the implemented environment helps us to detect network anomalies.
Language: Spanish
Appears in Collections:Bachelor thesis, research projects, etc.

Files in This Item:
File Description SizeFormat 
sergioalruTFM1219memoria.pdfMemoria del TFM3.37 MBAdobe PDFView/Open

This item is licensed under a Creative Commons License Creative Commons