Research Article
Mobile Security Operation Centre (mSOC)
@ARTICLE{10.4108/eetiot.4586, author={Sudhir Walia and Qazi Mustafa Kaleem and Shinu Abhi}, title={Mobile Security Operation Centre (mSOC)}, journal={EAI Endorsed Transactions on Internet of Things}, volume={10}, number={1}, publisher={EAI}, journal_a={IOT}, year={2023}, month={12}, keywords={Internet, NIDS, IoT, NGFW, Raspberry Pi, SIEM}, doi={10.4108/eetiot.4586} }
- Sudhir Walia
Qazi Mustafa Kaleem
Shinu Abhi
Year: 2023
Mobile Security Operation Centre (mSOC)
IOT
EAI
DOI: 10.4108/eetiot.4586
Abstract
Attacks on the internet are becoming increasingly threatening. For naïve home users, who are poorly protected, there is always an imminent danger of getting cyber attacked. This paper is aimed to design and build an IoT-based Network Security device that would run as an access point for users to connect to the Internet in a home setting. The paper discusses a standalone perimeter security solution with Incident Response (IR) life cycle management and controls through an IoT device – Raspberry PI. Enterprise-level features such as Next Generation Firewall (NGFW), Network Intrusion Detection System (NIDS), Domain Control for Ad/Spam blocking, Security Information and Event Management (SIEM) for Log Co-ran System on Chip (SoC), which can be installed anywhere and carried for mobile operations. Hence, the name, Mobile Security Operation Centre (mSOC). This solution intends to protect the user when browsing the internet and blocking or providing visibility to the malicious connections made to or from users. The mSOC can filter domains based on whitelist/blacklist and Regex Pattern. It can also identify the domains that are blocked or allowed. It also provides visibility to traffic, application statistics, and IP reputation. IP reputation and Malicious Domains then can act as input to the iptables for L3/L4 blocking. A Software User Interface is developed to integrate and manage multiple Open-Sourced applications like dnsmasq/ elk/ graylog/ SQlite3/ Iptables/ adminlte as a single product that could serve as a complete security solution for a home or Small Medium Business (SMB). Thus, the proposed solution secures naïve users from security exploitations.
Copyright © 2023 S. Walia et al., licensed to EAI. This is an open access article distributed under the terms of the CC BY-NC-SA 4.0, which permits copying, redistributing, remixing, transformation, and building upon the material in any medium so long as the original work is properly cited.