Abstract
The system responsive to ICT security incidents in the LAN is presented. The system is implemented in the Industrial Research Institute for Automation and Measurements PIAP, Poland. In everyday practice, while processing of information, it is necessary to deal with IT security incidents. They are single events or series of events related to the security of classified information. They threaten the confidentiality, availability and integrity of information. Implementation of the system required the following steps: choice of the sources of information based on which assessment of the level of threats will be carried out, definition of the method of analysis of data from the chosen sources of information, definition of a single, common storage of information about threats, realization of the feedback which will introduce modifications in the router in order to counteract threats. For the sources of information were selected: continuously recorded packet flows from CISCO router, information from RBL servers, web server logs and current behavior of LAN, observed by the system administrator. The methods of data analysis included: threat assessment based on the analysis of flows in the router, assessment of the level of threats based on a web server log analysis and assessment of risks in router and web server based on information from the RBL servers. For storage of data coming from sources of information, the MySQL database was used. The essence of feedback is a self-acting modification of Access Control List (ACL) on the CISCO router. As a result of the research work, the system was implemented which attempts to automatically remove LAN security threats.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Maj, M., Silicki, K.: Classification and terminology of the network security incidents. CERT POLSKA, Warsaw (1999). http://www.cert.pl/PDF/SECURE99_referatCP_klasyf.doc
Regulation of the Prime Minister of Poland from 20th July 2011 on the basic safety requirements of ICT, Warsaw (2011)
Wrzesień, M., Olejnik, Ł., Ryszawa, P.: IDS/IPS: Systems Detection and Prevention Against the Intrusion to Computer Networks. PAR, Warsaw (2013)
RFC 3954 (2004). http://www.ietf.org/rfc/rfc3954
Krmicek, V., Vykopal, J.: NetFlow Based Network Protection, Security and Privacy in Communication Networks. Springer (2012)
NetFlow Version 9 Flow-Record Format (2011). http://www.cisco.com/en/US/technologies/tk648/tk362/technologies_white_paper09186a00800a3db9_ps6601_Products_White_Paper.html
Introduction to Cisco IOS NetFlow—A Technical Overview (2012). http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6555/ps6601/prod_white_paper0900aecd80406232.html
Dooley, K., Brown, I.J.: Cisco. Cookbook. O’Reilly Media (2003)
Fry, Ch., Nystrom, M.: Security Monitoring. O’Reilly Media (2009)
Santos, O.: Network Security with NetFlow and IPFIX: Big Data Analytics for Information Security. Cisco Press (2015)
Lucas, M.W.: Network Flow Analysis. No Starch Press, Inc (2010)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Wrzesień, M., Ryszawa, P. (2016). System Responsive to ICT Security Incidents in the LAN. In: Szewczyk, R., Zieliński, C., Kaliczyńska, M. (eds) Challenges in Automation, Robotics and Measurement Techniques. ICA 2016. Advances in Intelligent Systems and Computing, vol 440. Springer, Cham. https://doi.org/10.1007/978-3-319-29357-8_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-29357-8_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-29356-1
Online ISBN: 978-3-319-29357-8
eBook Packages: EngineeringEngineering (R0)