Constructing network security monitoring systems: MOVERTI Deliverable V9

    Research output: Book/ReportReport

    Abstract

    This report analyses and describes the basic construction of network security monitoring systems. The viewpoint is mainly research perspective, we aim for defining system constructions or elements which are also commercially relevant, but still maintain the open minded approach of research oriented work. The focus is on clarifying the overall network security follow up, but also on methods for investigating the "difficult to identify" or zero-day attacks or the preparation of such attacks, which try to exploit the application vulnerabilities that are currently unknown to operators and software developers. The necessary network security system construction depends much on the operator's targets for security monitoring. The threat environment of some specific operator may require a deeper analysis of the output from various security device logs, events and alarms. The needs of such operator may be to adjust the different alarm thresholds for the security devices accurately, according to the evolving network data traffic characteristics. Another operator, instead, would require holistic security monitoring of the production area, where e.g. the status information within physical access control systems and electronic access control systems shall be combined, and the aggregated summary results shall be presented to the operator for sanity checking. Therefore, we present in this report some building blocks that can be used to construct a security monitoring system, not a complete system that shall be feasible as such for all possible security monitoring needs and requirements.
    Original languageEnglish
    Place of PublicationEspoo
    PublisherVTT Technical Research Centre of Finland
    Number of pages57
    ISBN (Electronic)978-951-38-7769-9
    Publication statusPublished - 2011
    MoE publication typeNot Eligible

    Publication series

    SeriesVTT Tiedotteita - Research Notes
    Number2589
    ISSN1235-0605

    Fingerprint

    Network security
    Monitoring
    Access control
    Control systems
    Security systems

    Keywords

    • network security
    • monitoring systems
    • data networks

    Cite this

    Ahonen, P. (2011). Constructing network security monitoring systems: MOVERTI Deliverable V9. Espoo: VTT Technical Research Centre of Finland. VTT Tiedotteita - Research Notes, No. 2589
    Ahonen, Pasi. / Constructing network security monitoring systems : MOVERTI Deliverable V9. Espoo : VTT Technical Research Centre of Finland, 2011. 57 p. (VTT Tiedotteita - Research Notes; No. 2589).
    @book{7d13916cface4dcb861dd50744f669db,
    title = "Constructing network security monitoring systems: MOVERTI Deliverable V9",
    abstract = "This report analyses and describes the basic construction of network security monitoring systems. The viewpoint is mainly research perspective, we aim for defining system constructions or elements which are also commercially relevant, but still maintain the open minded approach of research oriented work. The focus is on clarifying the overall network security follow up, but also on methods for investigating the {"}difficult to identify{"} or zero-day attacks or the preparation of such attacks, which try to exploit the application vulnerabilities that are currently unknown to operators and software developers. The necessary network security system construction depends much on the operator's targets for security monitoring. The threat environment of some specific operator may require a deeper analysis of the output from various security device logs, events and alarms. The needs of such operator may be to adjust the different alarm thresholds for the security devices accurately, according to the evolving network data traffic characteristics. Another operator, instead, would require holistic security monitoring of the production area, where e.g. the status information within physical access control systems and electronic access control systems shall be combined, and the aggregated summary results shall be presented to the operator for sanity checking. Therefore, we present in this report some building blocks that can be used to construct a security monitoring system, not a complete system that shall be feasible as such for all possible security monitoring needs and requirements.",
    keywords = "network security, monitoring systems, data networks",
    author = "Pasi Ahonen",
    note = "Project code: 32923",
    year = "2011",
    language = "English",
    series = "VTT Tiedotteita - Research Notes",
    publisher = "VTT Technical Research Centre of Finland",
    number = "2589",
    address = "Finland",

    }

    Ahonen, P 2011, Constructing network security monitoring systems: MOVERTI Deliverable V9. VTT Tiedotteita - Research Notes, no. 2589, VTT Technical Research Centre of Finland, Espoo.

    Constructing network security monitoring systems : MOVERTI Deliverable V9. / Ahonen, Pasi.

    Espoo : VTT Technical Research Centre of Finland, 2011. 57 p. (VTT Tiedotteita - Research Notes; No. 2589).

    Research output: Book/ReportReport

    TY - BOOK

    T1 - Constructing network security monitoring systems

    T2 - MOVERTI Deliverable V9

    AU - Ahonen, Pasi

    N1 - Project code: 32923

    PY - 2011

    Y1 - 2011

    N2 - This report analyses and describes the basic construction of network security monitoring systems. The viewpoint is mainly research perspective, we aim for defining system constructions or elements which are also commercially relevant, but still maintain the open minded approach of research oriented work. The focus is on clarifying the overall network security follow up, but also on methods for investigating the "difficult to identify" or zero-day attacks or the preparation of such attacks, which try to exploit the application vulnerabilities that are currently unknown to operators and software developers. The necessary network security system construction depends much on the operator's targets for security monitoring. The threat environment of some specific operator may require a deeper analysis of the output from various security device logs, events and alarms. The needs of such operator may be to adjust the different alarm thresholds for the security devices accurately, according to the evolving network data traffic characteristics. Another operator, instead, would require holistic security monitoring of the production area, where e.g. the status information within physical access control systems and electronic access control systems shall be combined, and the aggregated summary results shall be presented to the operator for sanity checking. Therefore, we present in this report some building blocks that can be used to construct a security monitoring system, not a complete system that shall be feasible as such for all possible security monitoring needs and requirements.

    AB - This report analyses and describes the basic construction of network security monitoring systems. The viewpoint is mainly research perspective, we aim for defining system constructions or elements which are also commercially relevant, but still maintain the open minded approach of research oriented work. The focus is on clarifying the overall network security follow up, but also on methods for investigating the "difficult to identify" or zero-day attacks or the preparation of such attacks, which try to exploit the application vulnerabilities that are currently unknown to operators and software developers. The necessary network security system construction depends much on the operator's targets for security monitoring. The threat environment of some specific operator may require a deeper analysis of the output from various security device logs, events and alarms. The needs of such operator may be to adjust the different alarm thresholds for the security devices accurately, according to the evolving network data traffic characteristics. Another operator, instead, would require holistic security monitoring of the production area, where e.g. the status information within physical access control systems and electronic access control systems shall be combined, and the aggregated summary results shall be presented to the operator for sanity checking. Therefore, we present in this report some building blocks that can be used to construct a security monitoring system, not a complete system that shall be feasible as such for all possible security monitoring needs and requirements.

    KW - network security

    KW - monitoring systems

    KW - data networks

    M3 - Report

    T3 - VTT Tiedotteita - Research Notes

    BT - Constructing network security monitoring systems

    PB - VTT Technical Research Centre of Finland

    CY - Espoo

    ER -

    Ahonen P. Constructing network security monitoring systems: MOVERTI Deliverable V9. Espoo: VTT Technical Research Centre of Finland, 2011. 57 p. (VTT Tiedotteita - Research Notes; No. 2589).