Captura y Análisis de Bitácora y Correlación de Eventos de Seguridad de un Laboratorio de Informática Forense para la Carrera de Ingeniería en Networking y Telecomunicaciones
No hay miniatura disponible
Fecha
2016-11
Título de la revista
ISSN de la revista
Título del volumen
Editor
Universidad de Guayaquil. Facultad de Ciencias Matemáticas y Físicas. Carrera de Ingeniería en Networking y Telecomunicaciones
Resumen
En la actualidad la Carrera de Ingeniería en Networking y Telecomunicaciones perteneciente a la Facultad de Ciencias Matemáticas y Físicas, se encuentra en el levantamiento de información para la implementación de un Laboratorio de Informática Forense, debido a las necesidades que se requiere, recordando que se trata de una institución de especialidad tecnológica y enseñanza de nivel superior. Adicional a la construcción de un espacio físico, el proyecto se especializa en los temas que surgen a partir de este, como son la resolución a los casos de inseguridad que se presentan en las organizaciones que manejan información, sean estas por personas ajenas o herramientas tecnológicas usadas con fines malignos. Dar a conocer la forma en que se debe actuar cuando se presenten casos de ataques cibernéticos e identificar desde que dispositivo de la red el atacante realizo su ingreso, el tipo de mecanismo que utilizo y otra información relevante, que permita referenciar las razones en que se generaron los sucesos. Todo lo mencionado anteriormente se lo podría realizar bajo un proceso de correlación de eventos, el cual permite averiguar la manipulación por la que han pasado los equipos y las consecuencias generadas por tales ataques. Existe un software que permite realizar estas acciones, el programa propuesto para el presente proyecto es SIEM (Security Information and Event Management), herramienta para la gestión de eventos e información que protegen la seguridad informática. Son plataformas completas dedicadas al escaneo activo y pasivo de las redes para detectar eventos y actividades sospechosas, y predecir los ataques antes de que tengan lugar. Para poder plantear la solución dentro de la institución se debió seguir metodologías y planificaciones de aceptación.
At present the Career of Engineering in Networking and Telecommunications belonging to the Faculty of Mathematical and Physical Sciences, is in the information gathering for the implementation of a Computer Forensic Laboratory, due to the needs that are required, remembering that it is about Of an institution of technological specialty and teaching of superior level. In addition to the construction of a physical space, the project specializes in issues arising from this, such as resolution to the cases of insecurity that are presented in organizations that handle information, whether by outsiders or technological tools Used for evil purposes. Provide information on how to act when cyber attacks occur and identify the network device the attacker made, the type of mechanism that I use and other relevant information, which allows to reference the reasons for the attack. Generated the events. All of the aforementioned could be done under an event correlation process, which allows to verify the manipulation by which the equipment has passed and the consequences generated by such attacks. There is a software that allows to carry out these actions, the program proposed for the present project is SIEM (Security Information and Event Management), tool for the management of events and information that protect the computer security. They are complete platforms dedicated to the active and passive scanning of the networks to detect suspicious events and activities, and to predict the attacks before they take place. In order to propose the solution within the institution, methodologies and acceptance planning should be followed.ADOBE
At present the Career of Engineering in Networking and Telecommunications belonging to the Faculty of Mathematical and Physical Sciences, is in the information gathering for the implementation of a Computer Forensic Laboratory, due to the needs that are required, remembering that it is about Of an institution of technological specialty and teaching of superior level. In addition to the construction of a physical space, the project specializes in issues arising from this, such as resolution to the cases of insecurity that are presented in organizations that handle information, whether by outsiders or technological tools Used for evil purposes. Provide information on how to act when cyber attacks occur and identify the network device the attacker made, the type of mechanism that I use and other relevant information, which allows to reference the reasons for the attack. Generated the events. All of the aforementioned could be done under an event correlation process, which allows to verify the manipulation by which the equipment has passed and the consequences generated by such attacks. There is a software that allows to carry out these actions, the program proposed for the present project is SIEM (Security Information and Event Management), tool for the management of events and information that protect the computer security. They are complete platforms dedicated to the active and passive scanning of the networks to detect suspicious events and activities, and to predict the attacks before they take place. In order to propose the solution within the institution, methodologies and acceptance planning should be followed.ADOBE
Descripción
ADOBE
Palabras clave
Logs, Bitácoras, Correlación de eventos.