Constructing network security monitoring systems

MOVERTI Deliverable V9

Research output: Book/ReportReportProfessional

Abstract

This report analyses and describes the basic construction of network security monitoring systems. The viewpoint is mainly research perspective, we aim for defining system constructions or elements which are also commercially relevant, but still maintain the open minded approach of research oriented work. The focus is on clarifying the overall network security follow up, but also on methods for investigating the "difficult to identify" or zero-day attacks or the preparation of such attacks, which try to exploit the application vulnerabilities that are currently unknown to operators and software developers. The necessary network security system construction depends much on the operator's targets for security monitoring. The threat environment of some specific operator may require a deeper analysis of the output from various security device logs, events and alarms. The needs of such operator may be to adjust the different alarm thresholds for the security devices accurately, according to the evolving network data traffic characteristics. Another operator, instead, would require holistic security monitoring of the production area, where e.g. the status information within physical access control systems and electronic access control systems shall be combined, and the aggregated summary results shall be presented to the operator for sanity checking. Therefore, we present in this report some building blocks that can be used to construct a security monitoring system, not a complete system that shall be feasible as such for all possible security monitoring needs and requirements.
Original languageEnglish
Place of PublicationEspoo
PublisherVTT Technical Research Centre of Finland
Number of pages57
ISBN (Electronic)978-951-38-7769-9
Publication statusPublished - 2011
MoE publication typeNot Eligible

Publication series

NameVTT Tiedotteita - Research Notes
PublisherVTT
No.2589
ISSN (Print)1235-0605
ISSN (Electronic)1455-0865

Fingerprint

Network security
Monitoring
Access control
Control systems
Security systems

Keywords

  • network security
  • monitoring systems
  • data networks

Cite this

Ahonen, P. (2011). Constructing network security monitoring systems: MOVERTI Deliverable V9. Espoo: VTT Technical Research Centre of Finland. VTT Tiedotteita - Research Notes, No. 2589
Ahonen, Pasi. / Constructing network security monitoring systems : MOVERTI Deliverable V9. Espoo : VTT Technical Research Centre of Finland, 2011. 57 p. (VTT Tiedotteita - Research Notes; No. 2589).
@book{7d13916cface4dcb861dd50744f669db,
title = "Constructing network security monitoring systems: MOVERTI Deliverable V9",
abstract = "This report analyses and describes the basic construction of network security monitoring systems. The viewpoint is mainly research perspective, we aim for defining system constructions or elements which are also commercially relevant, but still maintain the open minded approach of research oriented work. The focus is on clarifying the overall network security follow up, but also on methods for investigating the {"}difficult to identify{"} or zero-day attacks or the preparation of such attacks, which try to exploit the application vulnerabilities that are currently unknown to operators and software developers. The necessary network security system construction depends much on the operator's targets for security monitoring. The threat environment of some specific operator may require a deeper analysis of the output from various security device logs, events and alarms. The needs of such operator may be to adjust the different alarm thresholds for the security devices accurately, according to the evolving network data traffic characteristics. Another operator, instead, would require holistic security monitoring of the production area, where e.g. the status information within physical access control systems and electronic access control systems shall be combined, and the aggregated summary results shall be presented to the operator for sanity checking. Therefore, we present in this report some building blocks that can be used to construct a security monitoring system, not a complete system that shall be feasible as such for all possible security monitoring needs and requirements.",
keywords = "network security, monitoring systems, data networks",
author = "Pasi Ahonen",
note = "Project code: 32923",
year = "2011",
language = "English",
series = "VTT Tiedotteita - Research Notes",
publisher = "VTT Technical Research Centre of Finland",
number = "2589",
address = "Finland",

}

Ahonen, P 2011, Constructing network security monitoring systems: MOVERTI Deliverable V9. VTT Tiedotteita - Research Notes, no. 2589, VTT Technical Research Centre of Finland, Espoo.

Constructing network security monitoring systems : MOVERTI Deliverable V9. / Ahonen, Pasi.

Espoo : VTT Technical Research Centre of Finland, 2011. 57 p. (VTT Tiedotteita - Research Notes; No. 2589).

Research output: Book/ReportReportProfessional

TY - BOOK

T1 - Constructing network security monitoring systems

T2 - MOVERTI Deliverable V9

AU - Ahonen, Pasi

N1 - Project code: 32923

PY - 2011

Y1 - 2011

N2 - This report analyses and describes the basic construction of network security monitoring systems. The viewpoint is mainly research perspective, we aim for defining system constructions or elements which are also commercially relevant, but still maintain the open minded approach of research oriented work. The focus is on clarifying the overall network security follow up, but also on methods for investigating the "difficult to identify" or zero-day attacks or the preparation of such attacks, which try to exploit the application vulnerabilities that are currently unknown to operators and software developers. The necessary network security system construction depends much on the operator's targets for security monitoring. The threat environment of some specific operator may require a deeper analysis of the output from various security device logs, events and alarms. The needs of such operator may be to adjust the different alarm thresholds for the security devices accurately, according to the evolving network data traffic characteristics. Another operator, instead, would require holistic security monitoring of the production area, where e.g. the status information within physical access control systems and electronic access control systems shall be combined, and the aggregated summary results shall be presented to the operator for sanity checking. Therefore, we present in this report some building blocks that can be used to construct a security monitoring system, not a complete system that shall be feasible as such for all possible security monitoring needs and requirements.

AB - This report analyses and describes the basic construction of network security monitoring systems. The viewpoint is mainly research perspective, we aim for defining system constructions or elements which are also commercially relevant, but still maintain the open minded approach of research oriented work. The focus is on clarifying the overall network security follow up, but also on methods for investigating the "difficult to identify" or zero-day attacks or the preparation of such attacks, which try to exploit the application vulnerabilities that are currently unknown to operators and software developers. The necessary network security system construction depends much on the operator's targets for security monitoring. The threat environment of some specific operator may require a deeper analysis of the output from various security device logs, events and alarms. The needs of such operator may be to adjust the different alarm thresholds for the security devices accurately, according to the evolving network data traffic characteristics. Another operator, instead, would require holistic security monitoring of the production area, where e.g. the status information within physical access control systems and electronic access control systems shall be combined, and the aggregated summary results shall be presented to the operator for sanity checking. Therefore, we present in this report some building blocks that can be used to construct a security monitoring system, not a complete system that shall be feasible as such for all possible security monitoring needs and requirements.

KW - network security

KW - monitoring systems

KW - data networks

M3 - Report

T3 - VTT Tiedotteita - Research Notes

BT - Constructing network security monitoring systems

PB - VTT Technical Research Centre of Finland

CY - Espoo

ER -

Ahonen P. Constructing network security monitoring systems: MOVERTI Deliverable V9. Espoo: VTT Technical Research Centre of Finland, 2011. 57 p. (VTT Tiedotteita - Research Notes; No. 2589).