Página 1 dos resultados de 141 itens digitais encontrados em 0.018 segundos

Gerenciamento baseado em modelos da configuração de sistemas de segurança em ambientes de redes complexos; Model-based configuration management of security systems in complex network environments

João Porto de Albuquerque Pereira
Fonte: Biblioteca Digital da Unicamp Publicador: Biblioteca Digital da Unicamp
Tipo: Tese de Doutorado Formato: application/pdf
Publicado em 24/05/2006 Português
Relevância na Pesquisa
79.111445%
Os mecanismos de segurança empregados em ambientes de redes atuais têm complexidade crescente e o gerenciamento de suas configurações adquire um papel fundamental para proteção desses ambientes. Particularmente em redes de computadores de larga escala, os administradores de segurança se vêem confrontados com o desafio de projetar, implementar, manter e monitorar um elevado número de mecanismos, os quais possuem sintaxes de configuração heterogêneas e complicadas. Uma conseqüência dessa situação é que erros de configuração são causas freqüentes de vulnerabilidades de segurança. O presente trabalho oferece uma sistemática para o gerenciamento da configuração de sistemas de segurança de redes que corresponde especialmente às necessidades dos ambientes complexos encontrados em organizações atuais. A abordagem, construída segundo o paradigma de Gerenciamento Baseado em Modelos, inclui uma técnica de modelagem que trata uniformemente diferentes tipos de mecanismos e permite que o projeto de suas configurações seja executado de forma modular, mediante um modelo orientado a objetos. Esse modelo é segmentado em Subsistemas Abstratos, os quais encerram um grupo de mecanismos de segurança e outras entidades relevantes do sistema ? incluindo seus diferentes tipos de mecanismo e as inter-relações recíprocas entre eles. Uma ferramenta de software apóia a abordagem...

Regions Security Policy (RSP) : applying regions to network security; RSP : applying regions to network security

Baratz, Joshua W. (Joshua William), 1981-
Fonte: Massachusetts Institute of Technology Publicador: Massachusetts Institute of Technology
Tipo: Tese de Doutorado Formato: 65 p.; 3243771 bytes; 3243575 bytes; application/pdf; application/pdf
Português
Relevância na Pesquisa
78.770625%
The Regions network architecture is a new look at network organization that groups nodes into regions based on common purposes. This shift from strict network topology groupings of nodes requires a change in security systems. This thesis designs and implements the Regions Security Policy (RSP). RSP allows a unified security policy to be set across a region, fully controlling data as it enters into, exits from, and transits within a region. In doing so, it brings together several existing security solutions so as to provide security comparable to existing systems that is more likely to function correctly.; by Joshua W. Baratz.; Thesis (M. Eng. and S.B.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2004.; Includes bibliographical references (p. 51-54).

Redefining attack: taking the offensive against networks

Michael, Robert J.; Staples, Zachary H.
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado Formato: xxiv, 141 p. : ill. (some col.) ;
Português
Relevância na Pesquisa
78.60173%
Approved for public release; distribution is unlimited; This thesis done in cooperation with the MOVES Institute; The Information Age empowers individuals, and affords small groups an opportunity to attack states' interests with an increasing variety of tactics and great anonymity. Current strategies to prevail against these emerging threats are inherently defensive, relying on potential adversaries to commit mistakes and engage in detectable behavior. While defensive strategies are a critical component of a complete solution set, they cede initiative to the adversary. Moreover, reactive measures are not suited to quickly suppress adversary networks through force. To address this shortfall in strategic planning, the science of networks is rapidly making clear that natural systems built over time with preferential attachment form scale-free networks. These networks are naturally resilient to failure and random attack, but carry inherent vulnerabilities in their highly connected hubs. Taking the offensive against networks is therefore an exercise in discovering and attacking such hubs. To find these hub vulnerabilities in network adversaries, this thesis proposes a strategy called Stimulus Based Discovery, which leads to rapid network mapping and then systematically improves the accuracy and validity of this map while simultaneously degrading an adversary's network cohesion. Additionally...

Information Security and Wireless alternate approaches for controlling access to critical information

Nandram, Winsome
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado Formato: xiv, 75 p. : ill. (some col.) ;
Português
Relevância na Pesquisa
89.328%
Approved for public release; distribution is unlimited; The advent of Wireless Local Area Networking (WLAN) has seen a widespread adoption of its technology and functionality in many different areas. Many studies show more and more organizations are extending their networks to incorporate wireless devices and their applications. Permitting wireless devices to access private networks however, further complicates the tasks of protecting the network and its resources from unauthorized access. Now that they have become a significant element in today's networks, selecting and deploying adequate security measures have become the focus of many research efforts. Typically, network managers implement countermeasures to augment security. The goal of this thesis is to research approaches that compliment existing security measures with fine grain access control measures. The Extensible Markup Language (XML) is adopted to accommodate such granular access control as it provides the mechanisms for scaling security down to the document content level.; Captain, United States Marine Corps

Wireless network security: design considerations for an enterprise network

Oh, Khoon Wee
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado Formato: xiv, 63 p. : ill. (some col.)
Português
Relevância na Pesquisa
79.06895%
Approved for public release, distribution is unlimited; Since its introduction in 1999, the Institute of Electrical and Electronics Engineers (IEEE) 802.11 Wireless Local Area Network (WLAN) has become the de-facto standard for wireless networking, providing convenient and low cost connectivity. Increasingly, enterprises are extending their networks with 802.11-based WLANs to provide mobility and information-on-the-move for its employees. However, the introduction of WLANs into enterprise networks has raised major concerns about security. A poorly implemented WLAN introduces weaknesses in the enterprise network which can be exploited by attackers, resulting in severe consequences for the enterprise. This thesis was sponsored by the DoD to study the problem of designing a secure wireless architecture for an enterprise network. The specific requirements for the enterprise network were based extensively on DoD and the intelligence community's security guidelines and policies. This thesis provides an indepth analysis into the 802.11 standard and measures how far the standard goes in meeting the specific requirements of the enterprise network. This thesis presents a layered-defense architecture to provide a scalable design for secure wireless networks. A prototype system utilizing XML to control the flow of classified information in wireless networks is also presented. .; Civilian...

Security and efficiency concerns with distributed collaborative networking environments

Felker, Keith A.
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado Formato: xiv, 101 p. : ill. (some col.) ;
Português
Relevância na Pesquisa
68.95357%
Approved for public release, distribution unlimited; The progression of technology is continuous and the technology that drives interpersonal communication is not an exception. Recent technology advancements in the areas of multicast, firewalls, encryption techniques, and bandwidth availability have made the next level of interpersonal communication possible. This thesis answers why collaborative environments are important in today's online productivity. In doing so, it gives the reader a comprehensive background in distributed collaborative environments, answers how collaborative environments are employed in the Department of Defense and industry, details the effects network security has on multicast protocols, and compares collaborative solutions with a focus on security. The thesis ends by providing a recommendation for collaborative solutions to be utilized by NPS/DoD type networks. Efficient multicast collaboration, in the framework of security is a secondary focus of this research. As such, it takes security and firewall concerns into consideration while comparing and contrasting both multicast-based and non-multicast-based collaborative solutions.

Developing a reliable methodology for assessing the computer network operations threat of North Korea

Brown, Christopher
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado Formato: xiv, 77 p. : ill. (some col.) ;
Português
Relevância na Pesquisa
88.60033%
Approved for release; distribution is unlimited; Computer network operations (CNO) can be considered a relatively new phenomenon being encount modern warfare. Computer network operation is comprised of three components, computer network attack computer network exploitation (CNE), and computer network defense (CND). Computer network attack is def operations to disrupt, deny, degrade, or destroy information resident in computer networks, or the computers and ne themselves. Computer network exploitation is the intelligence collection and enabling operations to gather data from adversary automated information systems (AIS) or networks. Finally, computer network defense are those me internal to the protected entity, taken to protect and defend information, computers, and networks from disruption, degradation, or destruction. No longer is warfare limited to the use of kinetic weapons and conventional methods of war. Computer network operations have become an integral part of our adversary's arsenal and more attention must be paid to the effects of CNO activities, particularly CNA and CNE being conducted by our adversaries. Of the many states suspected of conducting active CNO activities against the United States and other nations, none warrants more attention than North Korea. This thesis presents the development of methodology using information available from open sources. This work is intended to prove that a useful methodology for assessing the CNO capabilities and limitations of North Korea can be developed using only open source information.; Lieutenant...

Design and analysis of information fusion, dynamic sensor management rules for cyber security systems using simulation

McConky, Katie
Fonte: Rochester Instituto de Tecnologia Publicador: Rochester Instituto de Tecnologia
Tipo: Tese de Doutorado
Português
Relevância na Pesquisa
79.27198%
Computer networks are vulnerable to attacks from outside threats. Intrusion detection systems are used to monitor computer networks for attacker activity. Intrusion detection systems consist of a set of sensors placed strategically throughout a computer network. The large amounts of data produced by intrusion detection system sensors may be sent to and processed by information fusion engines. Information fusion engines correlate alerts and identify attack paths of attackers. Sensor management strategies are developed to minimize the time taken to process attack data, minimize the bandwidth used by the security system of a network, and maximize the number of attacks successfully tracked. An experimental performance evaluation is conducted on sensor management strategies utilizing a variety of representative network topologies, network sizes, alert rates and attack scenarios so that a robust sensor management strategy can be identified. Performance measures of interest include the average time taken to process a real alert at the fusion engine, the percentage of real alerts processed, the percentage of noise alerts processed, the average bandwidth used to transfer alerts, and ability of a sensor management rule to successfully track multiple attacks consistently. Results indicate rules that attempt to meet but not exceed network constraints outperform rules that disregard network constraints. Additionally...

Practical implementation and performance analysis on security of sensor networks

Verma, Nidhi
Fonte: Rochester Instituto de Tecnologia Publicador: Rochester Instituto de Tecnologia
Tipo: Tese de Doutorado Formato: 975972 bytes; application/pdf
Português
Relevância na Pesquisa
68.81284%
A wireless sensor network (WSN) is a network made of thousands of sensing elements called as nodes with wireless capabilities. Their application is varied and diverse ranging from military to domestic and household. As the world of self-organizing sensor networks tip to the edge of maximum utilization, their wider deployment is adding pressure on the security front. Powerful laptops and workstations make it more challenging for small sensors. In addition, there are many security challenges in WSN, e.g- confidentiality, authentication, freshness, integrity etc. Contributions of this work are as follows: “Symmetric” security implementation: This thesis work designs a symmetric-key based security in sensor hardware in the Link layer of sensor network protocols. Link Layer security can protect a wireless network by denying access to the network itself before a user is successfully authenticated. This prevents attacks against the network infrastructure and protects the network from devastating attacks. “Public key” implementation in sensor hardware: Asymmetric key techniques are attractive for authentication data or session keys. Traditional schemes like RSA require considerable amounts of resources which in the past has limited their use. This thesis has implemented Elliptic Curve Cryptography (ECC) in Mica2 hardware...

Anomaly-based botnet detection for 10 Gb/s networks

Donaldson, Jonathon
Fonte: Rochester Instituto de Tecnologia Publicador: Rochester Instituto de Tecnologia
Tipo: Tese de Doutorado
Português
Relevância na Pesquisa
68.81056%
Current network data rates have made it increasingly difficult for cyber security specialists to protect the information stored on private systems. Greater throughput not only allows for higher productivity, but also creates a “larger” security hole that may allow numerous malicious applications (e.g. bots) to enter a private network. Software-based intrusion detection/prevention systems are not fast enough for the massive amounts of traffic found on 1 Gb/s and 10 Gb/s networks to be fully effective. Consequently, businesses accept more risk and are forced to make a conscious trade-off between threat and performance. A solution that can handle a much broader view of large-scale, high-speed systems will allow us to increase maximum throughput and network productivity. This paper describes a novel method of solving this problem by joining a pre-existing signature-based intrusion prevention system with an anomaly-based botnet detection algorithm in a hybrid hardware/software implementation. Our contributions include the addition of an anomaly detection engine to a pre-existing signature detection engine in hardware. This hybrid system is capable of processing full-duplex 10 Gb/s traffic in real-time with no packet loss. The behavior-based algorithm and user interface are customizable. This research has also led to improvements of the vendor supplied signal and programming interface specifications which we have made readily available.

Characterization of cyber attacks through variable length Markov models

Fava, Daniel
Fonte: Rochester Instituto de Tecnologia Publicador: Rochester Instituto de Tecnologia
Tipo: Tese de Doutorado
Português
Relevância na Pesquisa
69.16249%
The increase in bandwidth, the emergence of wireless technologies, and the spread of the Internet throughout the world have created new forms of communication with effects on areas such as business, entertainment, and education. This pervasion of computer networks into human activity has amplified the importance of cyber security. Network security relies heavily on Intrusion Detection Systems (IDS), whose objective is to detect malicious network traffic and computer usage. IDS data can be correlated into cyber attack tracks, which consist of ordered collections of alerts triggered during a single multi-stage attack. The objective of this research is to enhance the current knowledge of attack behavior by developing a model that captures the sequential properties of attack tracks. Two sequence characterization models are discussed: Variable Length Markov Models (VLMMs), which are a type of finite-context models, and Hidden Markov Models (HMMs), which are also known as finite-state models. A VLMM is implemented based on attack sequences s = {x1, x2, ...xn} where xi 2 and is a set of possible values of one or more fields in an alert message. This work shows how the proposed model can be used to predict future attack actions (xj+1) belonging to a newly observed and unfolding attack sequence s = {x1...

Performance comparison between Ad Hoc On Demand Distance Vector and Dynamic Source Routing Protocols with security encryption using OPNET

Jafferi, Jaseem
Fonte: Rochester Instituto de Tecnologia Publicador: Rochester Instituto de Tecnologia
Tipo: Tese de Doutorado
Português
Relevância na Pesquisa
69.157324%
Application for wireless networking has been evolving rapidly and is becoming an integral part in our everyday life. Also with the recent performance advancement in wireless communication technologies, mobile wireless ad-hoc networks has been used in many areas such as military, health and commercial applications. Mobile ad hoc networks utilize radio waves and microwaves to maintain communication channel between computers. 802.11 (Wi-Fi) is the pre-eminent technology for building general purpose wireless networks. Mobile ad-hoc networking (MANET) utilize the Internet Protocol (IP) suite and aims at supporting robust and efficient operation by incorporating routing functionality into the mobile nodes. MANET is among one of the wireless networks that uses 802.11 to transmit data from the source to the destination. Since MANET is used in applications like defense, security is of vital importance due to its wireless nature. Wireless networks are vulnerable to attacks like eavesdropping, Man-In-The-Middle-Attack (MITM), hijacking, and so are MANETs. A malicious node can get within the wireless range of the nodes in the MANET and can disrupt the communication process. Various routing protocols have been proposed using encryption techniques to protect routing in MANETs. In this thesis...

Differential virtualization for large-scale system modeling

Koppe, Jason
Fonte: Rochester Instituto de Tecnologia Publicador: Rochester Instituto de Tecnologia
Tipo: Tese de Doutorado
Português
Relevância na Pesquisa
68.870933%
Today’s computer networks become more complex than ever with a vast number of connected host systems running a variety of different operating systems and services. Academia and industry alike realize that education in managing such complex systems is extremely important for computer professionals because, with computers, there are many levels of detailed configuration. Configuration points can occur during all facets of computer systems including system design, implementation, and maintenance stages. In order to explore various hypotheses regarding configurations, system modeling is employed – computer professionals and researchers build test environments. Modeling environments require observable systems that are easily configurable at an accelerated rate. Observation abilities increase through re-use and preservation of models. Historical modeling solutions do not efficiently utilize computing resources and require high preservation or restoration cost as the number of modeled systems increases. This research compares a workstation-oriented, virtualization modeling solution using system differences to a workstation-oriented, imaging modeling solution using full system states. The solutions are compared based on computing resource utilization and administrative cost with respect to the number of modeled systems. Our experiments have shown that upon increasing the number of models from 30 to 60...

HTTP man-in-the-middle code execution

Adeloye, Brian
Fonte: Rochester Instituto de Tecnologia Publicador: Rochester Instituto de Tecnologia
Tipo: Tese de Doutorado
Português
Relevância na Pesquisa
68.972656%
As the Internet continues to mature, users are faced with an increasingly hostile environment on the World Wide Web. Additionally, public WiFi networks continue to become more popular, hackers infiltrate corporate networks with regularity, and oppressive governments continue to intercept and modify their citizens' web traffic. The concept of using an untrusted network is becoming more familiar. Accordingly, it is no longer acceptable to design and build systems under the assumption that they will only operate in trusted environments, or that they are not important enough to warrant basic security measures. This thesis describes a relatively basic HTTP man-in-the-middle attack that results in arbitrary code execution. It demonstrates the ease with which users can be exploited when using systems that do not attempt to ensure their safety, and details the methods attackers can use to avoid detection. The goal of this methodology is twofold - to illustrate the consequences of such an attack, and to discover methods for mitigating such attacks using existing technologies and best practices.

Evaluating the effectiveness of an intrusion prevention / honeypot hybrid

Tamagna-Darr, Lucas
Fonte: Rochester Instituto de Tecnologia Publicador: Rochester Instituto de Tecnologia
Tipo: Tese de Doutorado
Português
Relevância na Pesquisa
68.832163%
An intrusion prevention system is a variation of an intrusion detection system that drops packets that are anomalous based on a chosen criteria. An intrusion prevention system is typically placed on the outer perimeter of a network to prevent intruders from reaching vulnerable machines inside the network, though it can also be placed inside the network in front of systems requiring extra security measures. Unfortunately, intrusion prevention systems, even when properly configured, are susceptible to both false positives and false-negatives. The risk of false positives typically leads organizations to deploy these systems with the prevention capability disabled and only focus on detection. In this paper I propose an expansion to current intrusion prevention systems that combines them with the principles behind honeypots to reduce false positives while capturing attack traffic to improve prevention rules. In an experiment using the Snort-inline intrusion prevention system, I was able to reduce the rate of false positives to zero without negatively impacting the rate of false-negatives. I was further able to capture a successful attack in a way that minimized disruption to legitimate users but allowed the compromised system to be later analyzed to find weaknesses...

Identifying a weak link in the network chain: Determining how prepared Dominican IT administrators are to confront today’s security issues

Henríquez Badía, Héctor
Fonte: Rochester Instituto de Tecnologia Publicador: Rochester Instituto de Tecnologia
Tipo: Tese de Doutorado
Português
Relevância na Pesquisa
68.844316%
Enterprises in Dominican Republic are growing in size; this means that sooner or later these enterprises will have the necessity to create an IT department to manage their systems and networks. This research studied how secure an enterprise can be with Network administrators from the mentioned country. This study used mixed methods to get more deep results about the mentioned problem. This research discovered that Dominican IT administrators are well versed in network security theory, but when it comes to apply this knowledge at work, according to the qualitative part of this research they are slothful, and take things lightly; they usually believe that the network of the company they work for can't be the target of an attack resulting in a high threat. In the end, the last conclusion that this research gives, is that for IT Administrators in Dominican Republic it depends more on the network security policies that the enterprise impose than the skills of the IT administrators.

Policy driven security architectures for eBusiness

Cutts, Marcus
Fonte: Rochester Instituto de Tecnologia Publicador: Rochester Instituto de Tecnologia
Tipo: Tese de Doutorado
Português
Relevância na Pesquisa
69.30263%
The dawning of the twenty-first century and genesis of a new millennium has been extremely kind to technological advance. Industries and society alike have reaped the extreme benefits of technology at its finest. Technological progress has also proven to be extraordinarily beneficial to businesses and their bottom lines when properly employed. The need for automated business logic and functionality has spawned numerous concepts and efforts to capitalize on advanced business requirements. Probably the most popular and revolutionary to date of all initiatives is the advent of eBusiness. A direct descendant of Electronic Data Interchange (EDI), eBusiness has and continues to evolve into more than a phenomenon, but rather a sound component of successful corporations and organizations. The evolution and acceptance of eBusiness has created a ripple effect throughout the technical and business worlds. The promise of this wonderful concept and its accompanying technology has forced companies to completely rethink strategic planning efforts, and to sit up and pay full attention to this ever-growing development. One area that has been extremely affected by the wide spread acceptance of eBusiness and its counterparts are the architectures and infrastructures now utilized to support these efforts. Enterprise architectures that had originally been designed to shield internal business activities from the public eye of the Internet and other domains have been either replaced...

Network security: Risk assessment of information systems

Lurain, Sher
Fonte: Rochester Instituto de Tecnologia Publicador: Rochester Instituto de Tecnologia
Tipo: Tese de Doutorado
Português
Relevância na Pesquisa
79.21675%
This paper investigates fundamental security issues and the growing impact of security breaches on computer networks. Cost-effective security measures, such as asset-threat analysis, enable monitoring of security levels in complex systems. An evaluation of one technique, called the Livermore Risk Analysis Methodology (LRAM) is documentedC 1 ] . Untrusted communication lines, unauthorized access and unauthorized dissemination of information must be contained. The complexity and corresponding sophistication of todays' systems and the reliance of management on information generated by these systems make them attractive targets for computer related crimes. A profile of computer criminals and their crimes emphasize the importance of management involvement and social ethics as determents to crime. An overview of system security, control concepts, communication and transmission security, and a discussion of threats, vulnerabilities, and countermeasures is provided. The growing need for risk management models is presented as well as an overview of LRAM. Risk assessment of a specific system case study and risk profiles are developed using LRAM.

Development of a cyber attack simulator for network modeling and cyber security analysis

Costantini, Kevin
Fonte: Rochester Instituto de Tecnologia Publicador: Rochester Instituto de Tecnologia
Tipo: Tese de Doutorado
Português
Relevância na Pesquisa
79.19054%
Computer networks are now relied on more than ever before for gathering information and performing essential business functions. In addition, cyber crime is frequently used as a means of exploiting these networks to obtain useful and private information. Although intrusion detection tools are available to assist in detecting malicious activity within a network, these tools often lack the ability to clearly identify cyber attacks. This limitation makes the development of effective tools an imperative task to assist in both detecting and taking action against cyber attacks as they occur. In developing such tools, reliable test data must be provided that accurately represents the activities of networks and attackers without the large overhead of setting up physical networks and cyber attacks. The intent of this thesis is to use operation research and simulation techniques to provide both data and data-generation tools representative of real-world computer networks, cyber attacks, and security intrusion detection systems. A simulation model is developed to represent the structure of networks, the unique details of network devices, and the aspects of intrusion detection systems used within networks. The simulation is also capable of generating representative cyber attacks that accurately portray the capabilities of attackers and the intrusion detection alerts associated with the attacks. To ensure that the data provided is reliable...

The Development of a graduate course on identity management for the Department of Networking, Security, and Systems Administration

Mitchell, Marsha
Fonte: Rochester Instituto de Tecnologia Publicador: Rochester Instituto de Tecnologia
Tipo: Tese de Doutorado
Português
Relevância na Pesquisa
69.38761%
Digital identities are being utilized more than ever as a means to authenticate computer users in order to control access to systems, web services, and networks. To maintain these digital identities, administrators turn to Identity Management solutions to offer protection for users, business partners, and networks. This paper proposes an analysis of Identity Management to be accomplished in the form of a graduate level course of study for a ten-week period for the Networking, Security, and Systems Administration department at Rochester Institute of Technology. This course will be designed for this department because of its emphasis on securing, protecting, and managing the identities of users within and across networks. Much of the security-related courses offered by the department focus primarily on security within enterprises. Therefore, Identity Management, a topic that is becoming more popular within enterprises each day, would compliment these courses. Students that enroll in this course will be more equipped to satisfy the needs of modern enterprises when they graduate because they will have a better understanding of how to address security issues that involve managing user identities across networks, systems, and enterprises. This course will focus on several aspects of Identity Management and its use in enterprises today. Covered during the course will be the frameworks of Identity Management...