Implementação da integração do barramento de serviços da UnB com ferramentas de monitoramento

Dissertação (mestrado)—Universidade de Brasília, Instituto de Ciências Exatas, Departamento de Ciência da Computação, 2020.A implementação de serviços e microsserviços para aplicações de sistemas distribuí- dos com a utilização de uma Arquitetura Orientada a Serviços (SOA) permite utilizar padrões de desenvolvimento, facilitar a manutenção, flexibilizar o desenvolvimento de serviços e permitir a interoperabilidade de serviços e sistemas. O Centro de Informática (CPD) da Universidade de Brasília (UnB) trabalha com vários processos de automação de softwares, desde a manutenção de sistemas legados, passando pelo desenvolvimento de novas aplicações até a implantação de softwares adquiridos, com várias frentes tec- nológicas relacionadas à sistemas. Acompanhar e monitorar o funcionamento de serviços, microsserviços e sistemas é imprescindível. Este trabalho tem caráter exploratório e busca investigar sobre soluções e ferramentas para implementação e implantação de monitora- mento de serviços e sistemas distribuídos da Universidade de Brasília (UnB), por meio de um mapeamento sistemático. Com embasamento teórico obteve-se um modelo que foi im- plementado como módulo de monitoramento do barramento de serviços da Universidade de Brasília (UnB). Neste trabalho foram executadas simulações na solução que permi- tiu analisar a integração do barramento de serviços com a ferramenta de monitoramento através da solução proposta.The Implementation services and microservices for distributed system applications us- ing a Service Oriented Architecture (SOA) allows to use development standards facilitate maintenance flexibly develop services and enable interoperability of services and systems. Computer Center (CPD) of the University of Brasilia (UnB) works with several softwares automation processes, from the maintenance of legacy systems, through the development of new applications to the deployment of purchased softwares, with several systems related technological fronts. Mark and monitor the functioning of services, microservices and sys- tems is essential. This work is exploratory and seeks to investigate solutions and tools for the implementation of monitoring of distributed services and systems of the University of Brasilia (UnB), through systematic mapping. With a theoretical basis, a model was obtained, which was implemented as a service bus monitoring module at the University of Brasilia (UnB). In this work, simulations were performed on the solution that allowed to analyze the integration of the service bus with the monitoring tool through the proposed solution

Agentless approach for security information and event management in industrial IoT

The Internet of Things (IoT) provides ease of real-time communication in homes, industries, health care, and many other dependable and interconnected sectors. However, in recent years, smart infrastructure, including cyber-physical industries, has witnessed a severe disruption of operation due to privilege escalation, exploitation of misconfigurations, firmware hijacking, malicious node injection, botnets, and other malware infiltrations. The proposed agentless module for Wazuh security information and event management (SIEM) solution contributes to securing small- to large-scale IoT networks of industry 4.0. An agentless module is implemented by vigilantly examining the IoT device traffic without installing any agent or software on the endpoints. In the proposed research scheme, a module sniffs the network traffic of IoT devices captured from the gateway and passes it to a machine learning model for initial detection and prediction. The output of the ML model is embedded in the JSON log format and passed through the Wazuh agent to the Wazuh server where a decoder is added that decodes the network traffic logs. For event monitoring in Wazuh, industrial protocols are also thoroughly analyzed, and the feature set is determined. These features are used to write rules which are tested on the SWaT dataset, utilizing a common industrial protocol (CIP) for communication. Custom and dynamic rules are written at the Wazuh end to generate alerts to respond to any anomaly detected by the machine learning (ML) model or in the protocols used. Finally, in case of any event or an attack is detected, the alerts are fired on the Wazuh dashboard. This agentless SIEM solution has practical implications for the security of the industrial control systems of industry 4.0

Scalable Agentless Cloud Network Monitoring

With the growth of Infrastructure as a Service (IaaS) in cloud computing, and the Internet of Things (IoT), network monitoring of the global infrastructure will continue to expand, as cybersecurity will become of primary importance. Current network monitoring approaches, particularly those that are agent-based, are proprietary, costly, and may not scale. This paper proposes a lightweight, scalable agentless system which can be configured, setup, and begin monitoring network health within minutes. The architecture utilizes a polling script to query Simple Network Monitoring Protocol (SNMP) demon for metrics, Prometheus Time Series Database instances for storage, and a Grafana Dashboard for metric presentation and alerting. The system design removes the learning curve necessary for most open source monitoring systems, while still providing similar metrics. The approach demonstrated here shows the ease and security with which specific site network monitoring can be deployed in a cloud configuration. Data from the network monitoring can be forwarded to a central analysis site for assessment and correlation. The proposed system is scalable, extensible for use in most cloud hosting environments, and provides network managers with direct control over the monitoring process and dashboard