Please use this identifier to cite or link to this item: https://rda.sliit.lk/handle/123456789/2928
Title: An Open-Source Solution for Corporates to Implement Scenario based Intrusion Detection for Incident Response
Authors: Kithulgoda, D.S.
Issue Date: 2021
Abstract: Detecting potential security compromises to aid in formulating a proactive response strategy is still a relatively new field in the local network security arena. Even managed security service providers who support these corporates on different digital security tiers face difficulties when using practical implementations that have the capability to detect and escalate to relevant parties for mitigation. This research discusses how a third-tier detection strategy can be developed with open-source toolkits like the Snort intrusion detection system as the second line of defense to support network teams. The necessity of auxiliary packages to work along with Snort must be stressed upon because the demands are higher in corporate environment settings. Some examples include Zeek and Security Onion. The placement of an IDS to perform as expected requires careful planning after a thorough examination of the relevant network diagrams. For this, the recommendation is to use dedicated hardware composed of all tools mentioned on an ad-hoc basis with a switch-span setup. It is also commonly known as port mirroring, so that an exact copy of the traffic that flows can be fed for investigation. To suit the Sri Lankan context, a stripped-down version of the MITRE ATT&CK + SHIELD Active Defense Matrix will be used to choose the applied malicious datasets and for designing the security playbooks
URI: http://rda.sliit.lk/handle/123456789/2928
Appears in Collections:MSc 2021

Files in This Item:
File Description SizeFormat 
MS20907198.pdf
  Until 2050-12-31
2.46 MBAdobe PDFView/Open Request a copy
MS20907198_Abs.pdf249.57 kBAdobe PDFView/Open


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.