Implementación de un SIEM para la defensa activa ante intrusiones en una red : Implementación de un SIEM para la defensa activa ante un ataque de denegación de servicio.

Abstract

The purpose of this project is to configure and implement two SIEMs to analyze and detect alerts related to DoS (Denial of Service) attacks. The purpose is to detect and alert on threats present in the network and to protect the information of an organization, whether public or private; and in doing so, reinforce cybersecurity, thereby minimizing the risks of service unavailability and downtime. In the first instance, there is the description of the component, the general objective, the specific objectives, the scope and the theoretical framework. In the second instance, a methodology is outlined to achieve the specific objectives of this project. In the third instance, a comparative analysis is carried out between the SIEMs, as well as the hardware and software requirements for the implementation in virtual machines. In addition, the configuration and creation of the two SIEM servers is carried out in a controlled environment, where a network topology with the same characteristics for both was designed, necessary components were added to simulate a DoS attack and evaluated. the performance and ability of each SIEM to alert and identify possible DoS attacks. Next, a technical comparison between both implemented SIEMs was shown, providing a suggestion to select the most competent SIEM against a DoS attack. In the fourth instance, the results achieved were captured and used to draw conclusions and recommendations. Finally, the bibliography and annexes are presented.