Propuesta de mejoramiento de la herramienta ossim siem (Open Source), para obtener los niveles óptimos de gestión en la administración de la seguridad, en una red implementada en cloud computing

Abstract

The investigation is about the OSSIM system optimization, this system is implemented on the Cloud Computing, in the enterprise world has increased this technology and this is the reason because seeks to integrate a monitor system that provide reliability in the network and your connected assets. In the environment exist some systems for assemble a Cloud Computing, in this work has used CITRIX XenServer platform because it’s an Open Source system. Considering that two of characteristics of Cloud are the accessibility and the stability, has been implemented through software a RAID 5 server for generate a storage logical device and configure the high availability system is attached in the Cloud Computing platform, this certifies inexistence of services losses or information losses. Investigating into enterprise requirements one of common themes they have is the cost, mostly looking for security optimization with low cost so it was used AlienVault OSSIM system which is open source, based in Debian kernel. The system meets some expectations because it's a platform that manages several monitoring tools unitedly. Among the tools used are the OSSEC detector, that works based in generated logs by the equipments connected in the network, the monitors NMAP and NAGIOS that their works based in responses requests that been generated this tools. The joint work of NMAP tool and helpful terminal commands have allowed optimize the host management for NAGIOS tool with the automatic register for each connected host on the network that was done by creating a assets information generator script.