Navegando por Autor "Pereira, Valson da Silva"

Filtrar resultados informando o último nome do autor
Agora exibindo 1 - 1 de 1
  • Imagem de Miniatura
    Item
    DmzVisor: uma abordagem para segurança de zonas desmilitarizadas corporativas em redes definidas por software
    (2018) Pereira, Valson da Silva; Sena, Ygor Amaral Barbosa Leite de; http://lattes.cnpq.br/2441367990383979; http://lattes.cnpq.br/1271684226502864
    The advance in the use of the world-wide network of computers in the last decades made theinternet become one of the main communication tools around the world. However, the morecompanies provide services via the web, the more they tend to expose their important informationin the network in some way. In this way, there is a need for concern about the safety of theseservices. One of the recommendations for data security of organizations providing externalservices is to use a demilitarized zone (DMZ), which consists of the use of one or more firewallsin their configuration, but can have a considerable financial cost for the company. In addition,many firewall equipment is provided as a black box of proprietary solutions with embeddedsoftware by the manufacturer, so they are few flexible from a personalization point of view.However, through the Software-Defined Networking (SDN) paradigm along with the OpenFlowprotocol, which allows for flexibility in developing software solutions for networks, one has thebenefit of offering a software product as a low-cost alternative and customizable. Through theSDN, the application can be implemented in a high-level programming language and makinguse of free open source tools, so that it also enables the maintenance of the software to suitthe needs of the client. As a result, the overall goal of this work was to develop a corporateSDN firewall as a low-cost alternative, using open source tools, which acts as a packet filter andisolates traffic between the local network and the demilitarized zone , through SDN rules andthe secure implementation of protocol messages such as Dynamic Host Configuration Protocol(DHCP) and Address Resolution Protocol (ARP). In addition to the development of packetfiltering mechanisms for the network and transport layers and to provide more security throughnetwork isolation, a friendly web graphic user interface has also been developed in which theadministrator is able to manage the creating high-level firewall rules, so the user does not needto be aware of the OpenFlow protocol. The evaluation of the proposal was composed by 02scenarios using 6 machines virtualized by VirtualBox. The proposal demonstrated that bothits ARP and DHCP security rules and the firewall rules are effective in the networks that areprotected by the prototype proposed in this work, being able to avoid man in the middle attacks,IP and MAC address spoof, as well as perform filtering and routing of network and transportlayer packets securely.