Incident Response to Brute-Force Attack : a Study of Azure and Traditional Approaches
Phung, Julius (2024)
2024
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2024112830862
https://urn.fi/URN:NBN:fi:amk-2024112830862
Tiivistelmä
The primary objective of this thesis was to implement and evaluate the performance of two distinct incident response systems in identifying and responding to simulated brute-force attacks. One system utilised Azure public cloud services while the other employed an open-source application.
This study was conducted in two sandbox environments, which are isolated setups allowing safe application testing without affecting production systems. Specifically, one testing environment integrated with Azure public cloud services, namely Azure Monitor, Azure Logic Apps, Azure Network Security Groups, and Microsoft Entra ID. The other environment utilised manual script configurations, firewall rules, and the open-source application Fail2Ban. The Hydra application, a password-cracking tool, was employed to simulate brute-force attacks in both sandboxes to evaluate the performance of the two systems.
Data from multiple test runs in each environment were analysed to compare the systems' detection and response times. The findings revealed that the Azure-based system exhibited slightly faster and more effective responses due to its automation capabilities. Conversely, the open-source system demonstrated higher latency in both detection and mitigation processes.
In conclusion, this research highlighted the advantages of Azure public cloud services for incident response automation, particularly in monitoring and mitigating brute-force attacks. Organisations managing critical workloads may consider implementing Azure’s automation capabilities to enhance their cybersecurity postures. This study provides a foundation for further research into optimising cloud-based security solutions and exploring more complex threat scenarios.
This study was conducted in two sandbox environments, which are isolated setups allowing safe application testing without affecting production systems. Specifically, one testing environment integrated with Azure public cloud services, namely Azure Monitor, Azure Logic Apps, Azure Network Security Groups, and Microsoft Entra ID. The other environment utilised manual script configurations, firewall rules, and the open-source application Fail2Ban. The Hydra application, a password-cracking tool, was employed to simulate brute-force attacks in both sandboxes to evaluate the performance of the two systems.
Data from multiple test runs in each environment were analysed to compare the systems' detection and response times. The findings revealed that the Azure-based system exhibited slightly faster and more effective responses due to its automation capabilities. Conversely, the open-source system demonstrated higher latency in both detection and mitigation processes.
In conclusion, this research highlighted the advantages of Azure public cloud services for incident response automation, particularly in monitoring and mitigating brute-force attacks. Organisations managing critical workloads may consider implementing Azure’s automation capabilities to enhance their cybersecurity postures. This study provides a foundation for further research into optimising cloud-based security solutions and exploring more complex threat scenarios.