polito.it
Politecnico di Torino (logo)

Asset Discovery Tools Supporting Cybersecurity Inventory

Giorgio Olivero

Asset Discovery Tools Supporting Cybersecurity Inventory.

Rel. Paolo Ernesto Prinetto, Nicolò Maunero, Fabio De Rosa. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2022

[img]
Preview
PDF (Tesi_di_laurea) - Tesi
Licenza: Creative Commons Attribution Non-commercial No Derivatives.

Download (1MB) | Preview
Abstract:

The impact of digitalization and all kinds of computer sciences is very significant on everyday life, and its importance can be perceived in various fields that concern both the private and public life of a citizen. The rise of these new kind of technologies produced a lot of benefits but also some drawback, one above all the fact that there are now more risks involving security and the protection of sensitive data. This has led to the creation of a new sub-field in the area of Information Technology (IT): cybersecurity. With this term is indicated the act of providing protection to certain assets (i.e., computer systems, data, networks, etc.) from information disclosure, theft or any kind of damage that could be caused to their integrity. Since cybersecurity has become such an important topic, the Italian government has decided to set up a new legislation called Perimetro di Sicurezza Nazionale Cibernetica (PSNC) with the purpose of ensuring a high level of security to the entities that are part of it, i.e. public administrations and public or private institutions that provide essential functions to the State. In the constitutive law it is explained that an entity belonging to the PSNC has various obligations, in particular for the purpose of this thesis the focus was put on the part regarding asset discovery and asset inventory. The idea was to be able to create, with the aid of open-source tools, a set of tools useful for the collection of the most important assets and to the creation of a map of the network. Asset inventory is a crucial requirement in the domain of PSNC since it is needed to keep track of all the resources and to find possible vulnerabilities that could affect a certain system (e.g. outdated software, hardware malfunctions, etc.) and should be reported as soon as possible to reduce the window of exposure. In this thesis different approaches were used and there was a notable part of study of the state of the art to find useful instruments in the field of asset discovery and asset inventory. This was done to understand which method would be the most efficient to create a knowledge base that could eventually be used to perform security activities such as vulnerability assessment and risk analysis. Another driving idea behind this thesis was being able to create a set of tools that could be used by all the entities belonging to the PSNC, even the ones that have less resources to invest in asset inventory. For this reason all the scripts and parts of code presented are based on open-source and free tools, instead of commercial ones, so that they can be accessible and used in a standard way. In this document are presented all the strategies that were pursued with their positive and negative aspects, and it is also provided an explanation of the test environment and the context on which the research was focused.

Relatori: Paolo Ernesto Prinetto, Nicolò Maunero, Fabio De Rosa
Anno accademico: 2021/22
Tipo di pubblicazione: Elettronica
Numero di pagine: 53
Soggetti:
Corso di laurea: Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering)
Classe di laurea: Nuovo ordinamento > Laurea magistrale > LM-32 - INGEGNERIA INFORMATICA
Aziende collaboratrici: NON SPECIFICATO
URI: http://webthesis.biblio.polito.it/id/eprint/22638
Modifica (riservato agli operatori) Modifica (riservato agli operatori)