Diseño de un sistema de detección de intrusos (NIDS) para una red simulada PYMES en GNS3, implementada en un módulo Raspberry Pi portátil

Abstract

In the Ecuadorian market, network solutions have high costs, which do not fit the budget of an SME, the main objective of this work is to implement an intrusion detection system (NIDS), using a Raspberry Pi 3 B module, the operating system to be used is Raspbian Stretch and the intrusion detection system, Snort. This will be evaluated in a simulated SME environment in GNS3, to assess the detection of incidents, controlled intrusion tests such as: DoS and probing will be carried out. In addition to this, an evaluation of the performance of the Raspberry Pi module will be carried out during the intrusion tests. The alerts that are issued from the IDS will be saved in files, recording the time in which the incident occurred, the type of incident, in addition to the origin and destination of the attack. The IDS through ten tests has shown that it has an analyzed packet effectiveness of 96.87% and an average of 3.13% of unresolved packets, the average CPU efficiency of the Raspberry Pi module at the time of the attacks is 1.96% of the overall CPU usage since the attacks are initialized. In which it was demonstrated that, with a low budget, a NIDS can be developed for a scenario like that of an SME and thus benefit from better security, alerting possible incidents in the availability of the network.