Threats and Defenses in SDN Control Plane

January 2018

abstract: Network Management is a critical process for an enterprise to configure and monitor the network devices using cost effective methods. It is imperative for it to be robust and free from adversarial or accidental security flaws. With the advent of cloud computing and increasing demands for centralized network control, conventional management protocols like Simple Network Management Protocol (SNMP) appear inadequate and newer techniques like Network Management Datastore Architecture (NMDA) design and Network Configuration (NETCONF) have been invented. However, unlike SNMP which underwent improvements concentrating on security, the new data management and storage techniques have not been scrutinized for the inherent security flaws. In this thesis, I identify several vulnerabilities in the widely used critical infrastructures which leverage the NMDA design. Software Defined Networking (SDN), a proponent of NMDA, heavily relies on its datastores to program and manage the network. I base my research on the security challenges put forth by the existing datastore’s design as implemented by the SDN controllers. The vulnerabilities identified in this work have a direct impact on the controllers like OpenDayLight, Open Network Operating System and their proprietary implementations (by CISCO, Ericsson, RedHat, Brocade, Juniper, etc). Using the threat detection methodology, I demonstrate how the NMDA-based implementations are vulnerable to attacks which compromise availability, integrity, and confidentiality of the network. I finally propose defense measures to address the security threats in the existing design and discuss the challenges faced while employing these countermeasures. / Dissertation/Thesis / Masters Thesis Computer Science 2018

Computer science

Attacks

Network Management

NMDA

Security

Software Defined Network

Ideology in editorials : a comparison of selected editorials in English-medium newspapers after September 11

Lagonikos, Irene Theodosia

January 2006

September 11, 2001 presented the world with events that challenged its conception of reality and called into question current ideologies. In order to make sense of the attacks, people turned to the media for information and interpretation. My interest lies in the media’s role in shaping ideologies as a result of the events of September 11, 2001. I focus on the newspaper editorial because it, in particular, functions not only to report the news but also to interpret the news for the reader. My analysis is centred on the first reaction to the events in five ‘core’ editorials drawn, respectively, from an American, British, South African, Zimbabwean and Kenyan newspaper. The specific focus, in each case, is the representation and evaluation of social actors, the events themselves and the schematic structure of the editorial. I adopt a critical perspective through the use of Critical Discourse Analysis, supported by Systemic Functional Grammar and APPRAISAL. This perspective involves three inter-connected stages of analysis: a Description of the formal discourse properties of each editorial; an Interpretation of the prevailing situational context; and an Explanation of the sociohistorical context in each case. Language, being a form of social practice, is a means by which power relations in society are reproduced or contested (Janks 1997). By analysing the editorials’ discourse I identify whose interests are being served and how each text positions a reader’s attitudes and opinions. My analysis reveals the fact that the editorials distinguish between “us” and “them” groups for the purposes of advancing and confirming in-group ideologies and agendas. This is achieved in each case through comparing the paper’s ideology with the opposing ideology, which is presented as deviant and unsupportive of the in-group. My analysis of the African editorials, in particular, further reveals the exploitation of this division for the purposes of promoting and interpreting local political and social issues. Examination of the processes and conditions surrounding the production of the editorials shows how they are significantly influenced and constrained by the ideologies of both the writer and newspaper owner as well as by the situational context within which they were written. My analysis of the schematic structure of the editorials, in line with Bolivar (1994), reveals consistent use of three-part structures by which editorial opinions are evaluated. In concluding I provide suggestions, based on my research, for how critical language awareness can inform media education at high school level in South Africa. I argue that students should be equipped with tools, such as those I employed, to critically analyse and uncover how language is used to promote ideologies in the editorial of newspapers.

September 11 Terrorist Attacks, 2001

Editorials

Terrorism in mass media

An Analysis of Collaborative Attacks on Mobile Ad hoc Networks

Vu, Cong Hoan, Soneye, Adeyinka

January 2009

A Mobile Ad hoc Network (MANET) consists of a set of communicating wireless mobile nodes or devices that do not have any form of fixed infrastructure or centralized authority. The security in MANET has become a significant and active topic within the research community. This is because of high demand in sharing streaming video and audio in various applications, one MANET could be setup quickly to facilitate communications in a hostile environment such as battlefield or emergency situation likes disaster rescue operation. In spite of the several attacks aimed at specific nodes in MANET that have been uncovered, some attacks involving multiple nodes still receive little attention. A reason behind this is because people make use of security mechanisms applicable to wired networks in MANET and overlook the security measures that apply to MANET. Furthermore, it may also have to do with the fact that no survey or taxonomy has been done to clarify the characteristics of different multiple node attacks. This thesis addresses the aforementioned gap by providing a proper definition and categorization of collaborative attacks against MANET from the various multiple node attacks found. Simulation using OPNET Modeler was used to investigate the performance impact of a collaborative blackhole attack on a mobile ad hoc network. Network throughput, packet delivery ratio and end-to-end delay are the performance metrics used in our result analysis. Based on the analyses of performance metrics made, we realised the consequences of a collaborative blackhole attack on MANET. In order to prevent or reduce these consequences, we also discuss a number of mitigation plans to counteract the different kinds of collaborative attacks. Keywords: MANET, Collaborative Attacks, Multiple Node, Blackhole. / Contact Information: Author(s): Cong Hoan Vu Address: Folkparksvägen 19:08, 372 40 Ronneby, Sweden. E-mail: vuconghoan@gmail.com Adeyinka Soneye Address: Polhemsgatan 27B, LGH 30, 371 40 Karlskrona, Sweden. E-mail: adso07@student.bth.se

MANET

Collaborative Attacks

Multiple Node

Blackhole

Computer Sciences

Datavetenskap (datalogi)

BlindCanSeeQL: Improved Blind SQL Injection For DB Schema Discovery Using A Predictive Dictionary From Web Scraped Word Based Lists

Wheeler, Ryan

27 October 2015

SQL Injections are still a prominent threat on the web. Using a custom built tool, BlindCanSeeQL (BCSQL), we will explore how to automate Blind SQL attacks to discover database schema using fewer requests than the standard methods, thus helping avoid detection from overloading a server with hits. This tool uses a web crawler to discover keywords that assist with autocompleting schema object names, along with improvements in ASCII bisection to lower the number of requests sent to the server. Along with this tool, we will discuss ways to prevent and protect against such attacks.

Security

Web Attacks

Microsoft SQL Server

Inferential

Bisection

Computer Sciences

Develop a Secure Network – A Case Study

Rayapati, Habeeb

January 2010

In recent years, so many networks are being built and some of the organizations are able to provide security to their networks. The performance of a network depends on the amount of security implemented on the network without compromising the network capabilities. For building a secure network, administrators should know all the possible attacks and their mitigation techniques and should perform risk analysis to find the risks involved in designing the network. And they must also know how to design security policies for implement the network and to educate the employees, to protect the organization’s information. The goal behind this case-study is to build a campus network which can sustain from reconnaissance attacks. This thesis describes all the network attacks and explores their mitigation techniques. This will help an administrator to be prepared for the coming attacks. This thesis explains how to perform risk analysis and the two different ways to perform risk analysis. It also describes the importance of security policies and how security policies are designed in real world.

Network Security

Attacks

Risk analysis

Security Policy

Computer Engineering

Datorteknik

Media representation of ethnic identity post-September 11th : a comparative case study

Lohmann, Sandra Oezlem.

10 April 2008

No description available.

September 11 Terrorist Attacks, 2001

Mass media and minorities

Simulation d'activités et d'attaques : application à la cyberdéfense / Simulation of activities and attacks : application to cyberdefense

Bajan, Pierre-Marie

05 July 2019

Alors que l'importance des infrastructures ne fait que croître, les systèmes de détections et de traitements des attaques sont majoritairement faits pour remonter un seul type des deux grands formats d'attaques : les attaques de masses. Les attaques ciblées quant à elle, bien que d'une grande dangerosité de par leur spécificité et des profondeurs atteintes dans les systèmes, restent traités avec une certaine inefficacité par les systèmes informatiques. Pourtant il y a des équipements remontants des informations et des alertes mais les opérateurs souvent peu entraînés à la gestion des incidents se retrouvent engloutis par la quantité d'informations qu'ils leur sont remontés. Le principe de cette thèse serait de fournir des outils permettant la formation des opérateurs et un meilleur traitement des informations remontées. On approcherait le problème de la manière suivante : on va tout d'abord émuler le système informatique d'une petite entreprise avec ces différents utilisateurs et ces services informatiques. Cela servira à générer les données d'un comportement normal et régulier du système mais également le comportement d'une attaque. Une fois le système est émulé et les données sont générées on va se servir de ces données pour simuler le système selon les besoins que nous avons de la simulation. Cette simulation sera plus légère que l'émulation et sera capable de passage à l'échelle et une modification plus dynamique de l'architecture et du comportement du système. Le but étant d'avoir un outil léger et adaptable capable de simuler différents comportements et conditions d'un système d'entreprise pour être utiliser pour faire des formations d'opérateurs et des tests d'utilisation plus complet d'outil de sécurité. Le tout sera supervisé par la console de contrôle de simulation qui va gérer la simulation mais également recevoir les informations de chaque composant et de la console opérateur. Le contrôle de la simulation inclue la capacité de créer des incidents et problèmes dans le système mais également de créer des attaques à l'encontre du système. / The concern over the security of the infrastructure of a company is only growing deeper and became a source of worries for companies. They use different systems to detect and deal with attack but those systems are usually made to detect one type only of the two main type of attack: attacks made to target the largest amount of people possible. Targeted attacks are rarer but more dangerous as it penetrates deep into a system and are very specifics. However the systems used to deal with it are proved of limited efficiency. Even when they send alerts and news to the operator, there is just to much information going along with it making the often ill-trained operators unable to react and overwhelm by massive information. The goal of this thesis is to create a tool that would help to form operator but also help to test more efficiently security systems. We'll approach the problem by first emulating the infrastructure and services of a small company with its different users and services. It will be use to create the data of the regular operations and interactions of a company during normal activity but also under attack. Once the system is emulated and we collected the necessary data, we will start to simulate the system according to what we need the simulation for. This simulation would need less resources than the emulation and will be scalable and capable to be dynamically change according to the needs. The aim is to have a light tool capable to simulate different behaviors and different type of realist simulation of a system to help improve the formation of operators and also test security devices more fully. The whole would be supervised by a console of control of the simulation who will receive the information of the simulated elements and the simulated operator console. It would have the capacity to create incidents and problems into the systems along with attacks.

Simulation

Attaques

Activité

Cyber-défense

Simulation

Attacks

Activity

Cyber-defence

The efficiency of strategies for the prevention of xenophobia in post-apartheid South Africa

Tirivangasi, Happy Mathew.

January 2017

Thesis (M. A. (Sociology)) -- University of Limpopo, 2017 / South Africa as a nation has been battling with the problem of recurring xenophobic attacks since the attainment of democratic rule in 1994. This comes against the background of a well-defined vision of South Africa stipulated by the former president Mr. Nelson Rolihlahla Mandela. Mr. Mandela said ‘South Africa is a Rainbow Nation’ meaning it will accommodate people of different backgrounds. However, the world witnessed with disbelief the occurrence of xenophobic attacks in 2008 which left 62 people dead and thousands displaced and injured. These incidences were followed by the April 2015 violent xenophobic attacks. The attacks resulted in seven (7) people dead, destruction of property, looting of goods and the displacement of hundreds of people. Given this account, this study examined the efficiency of strategies for the prevention of xenophobia in post-apartheid South Africa. This was achieved through the following objectives: determining the extent of xenophobic attacks in South Africa, secondly, describing the current strategies adopted by South African Government to prevent xenophobic attacks and lastly, the limitations of the strategies in addressing xenophobia. The researcher conducted a secondary research to get the relevant information. The results of this study reveal eight strategies implemented by the South African government to address xenophobia. The research described the strength of all the strategies implemented to stem out violence. The strategies implemented include the following: Policy strategies, intergovernmental strategies, citizenship empowerment and educational strategies, State-civil society engagement, technical and media related strategies, legal and constitutional strategies and humanitarian strategies. Moreover, this study reveals the three important limitations of the strategies namely lack of sustainability; failure to address the root cause and denialism of the existence of xenophobia. In conclusion, the study reveals that there is need to set long term and sustainable strategies as the means to prevent future xenophobic attacks in South Africa. Key words: Xenophobia, Prevention, Strategies, Xenophobic attacks, Post-Apartheid

Xenophobia

Xenophobic attacks

Post-Apartheid

Xenophobia - South Africa.

Systém prevence průniků využívající Raspberry Pi / Intrusion prevention system based on Raspberry Pi

Hirš, David

January 2021

The number of discovered vulnerabilities rapidly increases. For example in 2019 there were discovered 20 362 vulnerabilities. The probability of cyber-attacks realization is high. Therefore it is necessary to propose and implement automated and low-cost Intrusion Prevention or Intrusion Detection Systems (IPS/IDS). This implemetation can focus on home use or small corporate networks. The main goal of the system is to detect or mitigate cyber-attack impact as fast as possible. The master's thesis proposes IPS/IDS based on Raspberry Pi that can detect and prevent various cyber-attacks. Contents of this thesis are focus on description of cyber-attacks based on ISO/OSI model's Link and Network layers. Then there is description of IPS/IDS systems and theirs open source representatives. The practical part is focus on experimental workspace, hardware consumption of choosen detection systems, cyber-attacks scenarios and own implementation of detection program. Detection program is based on these chosen systems and puts them together to be easily manageable.

Laboratorní úloha CISCO Security / CISCO security laboratory exercise

Švec, Martin

January 2009

The main purpose of this diploma thesis is to become familiar with the principles and technical solutions regarding security components of Cisco company and configure assigned system according to valid rules of security. In introduction are explained the reasons for networks security solutions. This work also analyses different kinds of security weaknesses which include deficiencies of networks protocols and also the attacks from hackers. The principle of firewall is described and also its particular types. This work is focused on explanation and classification of PIX firewall, which has dominant role in the field of network security. The other equipments of Cisco, which are improving the level of security, are also mentioned. The practical part of this diploma thesis is composed of networks connections and configuration of system consisting of router, PIX firewall and switch. It also includes the detailed procedure and description of configuration of network equipments. The focus is put on minimalization of threats and elimination of DoS attacks.