Abstract
In modern organizations, computer networks are ubiquitous and play a central role inachieving business objectives. However, the construction of such networks presents
specific challenges depending on the type of business, particularly when considering the
monitoring of network activities. This is especially true for critical infrastructures, where
micro-segmented areas with detailed access rights exist within the larger corporate network. These areas are subject to stricter security and monitoring requirements. This
paper analyzes how a micro-segmented network, containing particularly sensitive data
according to internal and external classifications as well as the General Data Protection
Regulation (GDPR), can be efficiently monitored to meet predefined protection goals
in such critical infrastructure. The protection goals include the detection of network
intrusions, unauthorized attempts to modify protected data, monitoring of unauthorized data flow and the creation of a complete backup of the SIEM solution in case of
compromise.
For the monitoring of the present prototypical network, the Security Information
and Event Monitoring (SIEM) system "Wazuh" was chosen due to its open-source approach and versatile application possibilities. It was then evaluated whether Wazuh is
capable of meeting the established protection goals. It was found that monitoring micro-segmented networks, taking into account the protection goals with the help of the
SIEM "Wazuh", is indeed feasible. The conducted tests were able to detect network
breaches outside of the allowed IP range and attempts to access and modify data. Additionally, a complete backup system of the SIEM system was designed and subsequently tested to ensure the availability of log files in the event of a compromise.
Date of Award | 2024 |
---|---|
Original language | German (Austria) |
Supervisor | Harald Lampesberger (Supervisor) |