Home Lehre Vorlesungen Praktika Seminare Oberseminare Studentische Arbeiten Bachelorarbeiten Masterarbeiten Regeln für Ausarbeitungen Regeln für Vorträge Mündliche Prüfungen Downloads MNM Team Projekte Publikationen en
 

Funktionen

Print[PRINT]
Lehre MNM Team Projekte Publikationen en
.  Home  .  Lehre  .  Studentische Arbeiten  .  Bachelorarbeiten  .  Ausschreibung

Conception and Implementation of an Network Security Monitor for the Security Monitoring of the Munich Scientific Network

Background

The Leibniz Supercomputing Centre of the Bavarian Academy of Sciences and Humanities (LRZ) operates the Munich Scientific Network (MWN). The MWN consists of a backbone network with routers and switches for connecting the networks of the institutions at the various locations. In order to operate and maintain the network, certain network security monitoring tools are in place. The current systems could be expanded by implementing another type of network security monitor called Zeek.

Zeek is not an active security device, like a firewall or intrusion prevention system. Rather, Zeek sits on a “sensor,” a hardware, software, virtual, or cloud platform that quietly and unobtrusively observes network traffic. Zeek interprets what it sees and creates compact, high-fidelity transaction logs, file content, and fully customized output, suitable for manual review on disk or in a more analyst-friendly tool like a security and information event management (SIEM) system. Analyzing the network traffic in real-time is no easy task and requires a lot of processing power. To overcome this challenge, we require a distributed Zeek sensor architecture to be implemented that comes with its own challenges (management of individual sensors, configuration updates, etc.).

The outcome of this thesis should be a concept and prototypical implementation of a distributed network security monitor using Zeek with additional threat analytics (e.g. RITA https://github.com/activecm/rita) that can be part of the greater security monitoring at LRZ.

Outline of this work:

  • Create a concept for a distributed network security monitor based on Zeek for high-speed networks like the MWN
  • Evaluate how this network monitor could fit into the existing security monitoring at LRZ
  • Implement and evaluate a prototype using real network data
  • Evaluate what kind of threat analytics can be used with Zeek and how the existing security monitoring can profit from it

Aufgabensteller: Prof. Dr. Helmut Reiser

Prerequisites:

  • Good knowledge of IP networking
  • Basic knowledge of Linux
  • Experience with Netflow, PCAP, Network Monitoring is a plus
  • Able to work and study independently

Dauer der Diplomarbeit bzw. der Masterarbeit: gemäß Studienordnung

Anzahl Bearbeiter: 1

Supervisor:




Last Change: Mon, 11 Dec 2023 07:33:30 +0100 - Viewed on: Thu, 25 Apr 2024 12:22:40 +0200
Copyright © MNM-Team http://www.mnm-team.org - Impressum / Legal Info  - Datenschutz / Privacy