Sistema de detección de intrusos (ids) para fortalecer la seguridad informática en la empresa Ambacar

Abstract

Network security in corporate environments is crucial to safeguarding and ensuring the confidentiality, integrity, and availability of data and services, addressing a growing concern in cybersecurity. The development of an Intrusion Detection System (IDS) emerges as an effective solution to mitigate threats in a corporate setting. The methodology applied consisted of three stages. The first stage involved legal agreements, a grey-box reconnaissance phase, and threat analysis. Tools like Nmap were utilized, and under the PTE’s methodology, several critical vulnerabilities were identified in services such as SMB, OpenSSH, RDP, and insecure SSL configurations, which exposed corporate data to potential MiTM and DoS attacks. The second stage focused on the implementation and configuration of the IDS using Suricata, alongside the integration of a visualization system with the ELK Stack. Finally, in the third stage, the IDS’s functionality was validated through simulated attacks, including Slowloris exploits, EternalBlue, DoS attacks, and MiTM scenarios. After allowing the IDS to mature, a high volume of events from legitimate traffic was identified, leading to the implementation of thresholds to filter events and prioritize critical alerts. This optimization enhanced the system’s efficiency in detecting real threats, ensuring more accurate responses. By the end of the process, the system achieved 100% precision in threat detection with an average response time of 25.16 seconds. It enabled the generation of precise alerts and detailed reports, which will be utilized by IT personnel for audits.