MONITORING AND ALARM MANAGEMENT FOR SYSTEM AND NETWORK SECURITY - A web-based comprehensive approach

João Afonso, Edmundo Monteiro, Carlos Ferreira

2005

Abstract

In this work we propose a computer platform that aims to unify the tasks of monitoring, diagnosing, error detection, alarm management and intrusion detection associated with the administration of a computer network and related critical services. As main objective, we intend to develop a user-intuitive program that does not require specialized computer skills from the operators in order to assume full responsibility for the system. Open-source solutions were used, whenever possible, namely for server operating systems, application development tools, database engine and integrated Web solution. The project started by studying the existing solutions, exploring their strengths and shortcomings and iteratively defining the specific requirements to be implemented. The development phase was conceptually divided in three different levels: the agents and connectors collecting the data from the different areas being monitored; the database engine, cataloguing the information and the Web Interface (Security Portal) that allows the management of all functionalities and guarantees the operationability of the solution. An alarm management tool should also be developed permitting, according to programmed warnings for certain malfunctions, trigger the warning messages through the pre-defined medium – E-Mail, SMS (short message service) or IM (instant messaging), using a Unified Messaging (UM) solution. According to the defined specifications, the solution to be implemented was designed and a functional analysis was created. Finally the projected solution was implemented and applied to a case study – the Department of Fisheries Inspection from the General-Directorate of Fisheries and Aquiculture. The preliminary results from the reliability and user- friendliness tests were very positive and a decision was made to move into the production phase. The platform was developed in line with current accessibility requirements and can be operated / consulted by users with disabilities.

References

  1. Caswell, B., Beale, J., Foster, J., Faircloth, J., 2003. Snort 2.0 Intrusion Detection, Syngress.
  2. Eaton, I., 2003. The Ins and Outs of System Logging Using Syslog. SANS Institute.
  3. Gerg, C., Cox, K., 2004. Managing Security with Snort and IDS Tools, O'Reilly.
  4. Laat, C., Gross, G., Gommans, L. Vollbrecht, J., 2000. Generic AAA Architecture, RFC 2903.
  5. Lonvick, C., The BSD syslog Protocol. RFC 3164.
  6. P. Saint-Andre, Ed., 2004. Extensible Messaging and Presence Protocol (XMPP): Core, RFC 3920.
  7. P. Saint-Andre, Ed., 2004. Extensible Messaging and Presence Protocol (XMPP): Instant messagind and presence, RFC 3921.
  8. Rehman, R., 2003. Intrusion Detection with SNORT: Advanced IDS Techniques Using SNORT, Apache, MySQL, PHP ad ACID. Prentice Hall.
  9. Rigney, C., Rubens, A., Simpson, W. and S. Willens, 2000. Remote Authentication Dial In User Service (RADIUS), RFC 2865.
  10. Rigney, C., 2000. RADIUS Accounting, RFC 2866.
  11. Shearer, A., 2003. Firewall log analysis using ACID. SANS Institute.
  12. Simões, P., 2000. Gestão distribuída de Redes Baseada em Tecnologia de Agentes Móveis. Universidade de Coimbra.
  13. Strebe, M. et al, 2002. Firewalls 24Seven, second edition. San Francisco: Sybex.
Download


Paper Citation


in Harvard Style

Afonso J., Monteiro E. and Ferreira C. (2005). MONITORING AND ALARM MANAGEMENT FOR SYSTEM AND NETWORK SECURITY - A web-based comprehensive approach . In Proceedings of the Second International Conference on e-Business and Telecommunication Networks - Volume 1: ICETE, ISBN 972-8865-32-5, pages 348-356. DOI: 10.5220/0001417103480356


in Bibtex Style

@conference{icete05,
author={João Afonso and Edmundo Monteiro and Carlos Ferreira},
title={MONITORING AND ALARM MANAGEMENT FOR SYSTEM AND NETWORK SECURITY - A web-based comprehensive approach},
booktitle={Proceedings of the Second International Conference on e-Business and Telecommunication Networks - Volume 1: ICETE,},
year={2005},
pages={348-356},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001417103480356},
isbn={972-8865-32-5},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Second International Conference on e-Business and Telecommunication Networks - Volume 1: ICETE,
TI - MONITORING AND ALARM MANAGEMENT FOR SYSTEM AND NETWORK SECURITY - A web-based comprehensive approach
SN - 972-8865-32-5
AU - Afonso J.
AU - Monteiro E.
AU - Ferreira C.
PY - 2005
SP - 348
EP - 356
DO - 10.5220/0001417103480356