Tesi etd-10312023-121538 |
Link copiato negli appunti
Tipo di tesi
Tesi di laurea magistrale
Autore
MIRABELLA, LORENZO
URN
etd-10312023-121538
Titolo
Design, implementation and evaluation of a portable honeypot for intrusion detection.
Dipartimento
INGEGNERIA DELL'INFORMAZIONE
Corso di studi
COMPUTER ENGINEERING
Relatori
relatore Prof. Lettieri, Giuseppe
relatore Prof.ssa Bernardeschi, Cinzia
tutor Dott. Lucattini, Fabio
relatore Prof.ssa Bernardeschi, Cinzia
tutor Dott. Lucattini, Fabio
Parole chiave
- honeypot
- cybersecurity
- intrusion
- ids
- detection
- threat
- docker
- container
- security
- microservices
- grafana
- waf
- log
Data inizio appello
17/11/2023
Consultabilità
Non consultabile
Data di rilascio
17/11/2093
Riassunto
Honeypots, deceptive cybersecurity mechanisms designed to lure potential attackers, play a pivotal role in modern cyber-defense. By emulating vulnerable services, the honeypot captures data on the attacker's activities and diverts the attention away from the actual critical systems, enabling the enhancement of the overall network security. The goal of this thesis is to design, implement and evaluate a portable honeypot for intrusion detection in a corporate network, able to detect internal and external threats.
This work first explores the fundamental principles of honeypot technology, including its classification and taxonomy. It also examines various key deployment scenarios for such types of IDS in the network, aiming to determine which of these configurations best suits the specified requirements.
Portability and platform-independency are ensured using Docker containers with a strong emphasis on security. The system adopts a microservices architecture and utilizes the Grafana stack for log collection, data visualization, and alert management.
In addition to monitoring the honeypot, the system monitors all containers through cAdvisor and the host system through Node Exporter, in order to detect anomalous situations.
To mitigate risks, various security measures have been implemented, such as configurations to segregate malicious traffic from management traffic, user namespaces, SELinux, vulnerability scanners, and more.
To assess the practical effectiveness of the portable honeypot, a real-world scenario is considered and intrusion tests are conducted. Data collected from the tests is analyzed, and the results demonstrate the honeypot's capability to detect and respond to both internal and external threats. The study concludes with a summary of results, limitations and considerations for future developments.
The thesis provides valuable insights into security best practices and contributes to the ongoing efforts to strengthen cybersecurity defenses in an evolving threat landscape.
This work first explores the fundamental principles of honeypot technology, including its classification and taxonomy. It also examines various key deployment scenarios for such types of IDS in the network, aiming to determine which of these configurations best suits the specified requirements.
Portability and platform-independency are ensured using Docker containers with a strong emphasis on security. The system adopts a microservices architecture and utilizes the Grafana stack for log collection, data visualization, and alert management.
In addition to monitoring the honeypot, the system monitors all containers through cAdvisor and the host system through Node Exporter, in order to detect anomalous situations.
To mitigate risks, various security measures have been implemented, such as configurations to segregate malicious traffic from management traffic, user namespaces, SELinux, vulnerability scanners, and more.
To assess the practical effectiveness of the portable honeypot, a real-world scenario is considered and intrusion tests are conducted. Data collected from the tests is analyzed, and the results demonstrate the honeypot's capability to detect and respond to both internal and external threats. The study concludes with a summary of results, limitations and considerations for future developments.
The thesis provides valuable insights into security best practices and contributes to the ongoing efforts to strengthen cybersecurity defenses in an evolving threat landscape.
File
| Nome file | Dimensione |
|---|---|
La tesi non è consultabile. |
|