Constructing network security monitoring systems: MOVERTI Deliverable V9

Pasi Ahonen

    Research output: Book/ReportReport

    Abstract

    This report analyses and describes the basic construction of network security monitoring systems. The viewpoint is mainly research perspective, we aim for defining system constructions or elements which are also commercially relevant, but still maintain the open minded approach of research oriented work. The focus is on clarifying the overall network security follow up, but also on methods for investigating the "difficult to identify" or zero-day attacks or the preparation of such attacks, which try to exploit the application vulnerabilities that are currently unknown to operators and software developers. The necessary network security system construction depends much on the operator's targets for security monitoring. The threat environment of some specific operator may require a deeper analysis of the output from various security device logs, events and alarms. The needs of such operator may be to adjust the different alarm thresholds for the security devices accurately, according to the evolving network data traffic characteristics. Another operator, instead, would require holistic security monitoring of the production area, where e.g. the status information within physical access control systems and electronic access control systems shall be combined, and the aggregated summary results shall be presented to the operator for sanity checking. Therefore, we present in this report some building blocks that can be used to construct a security monitoring system, not a complete system that shall be feasible as such for all possible security monitoring needs and requirements.
    Original languageEnglish
    Place of PublicationEspoo
    PublisherVTT Technical Research Centre of Finland
    Number of pages57
    ISBN (Electronic)978-951-38-7769-9
    Publication statusPublished - 2011
    MoE publication typeNot Eligible

    Publication series

    SeriesVTT Tiedotteita - Research Notes
    Number2589
    ISSN1235-0605

    Keywords

    • network security
    • monitoring systems
    • data networks

    Fingerprint Dive into the research topics of 'Constructing network security monitoring systems: MOVERTI Deliverable V9'. Together they form a unique fingerprint.

  • Cite this

    Ahonen, P. (2011). Constructing network security monitoring systems: MOVERTI Deliverable V9. VTT Technical Research Centre of Finland. VTT Tiedotteita - Research Notes, No. 2589 http://www.vtt.fi/inf/pdf/tiedotteet/2011/T2589.pdf