Evaluation of virtual private network impact on network performance

Nawej, Mukatshung Claude

09 1900

The aim of the study is to investigate what impact the use of VPN has on network performance. An empirical investigation using quantitative research methods was carried out. Two sample scenarios were involved in the study: scenario without VPN and scenario with VPN. In both scenarios, three applications were used in turns, an HTTP, an FTP, and a CBR. FTP was configured to use window size and packet size, while CBR used connection rate and packet size. On the other side, the number of connection was the only parameter used for HTTP. These applications were injected in a 100 Mbps fixed link of an NS2 simulation environment. Throughput and delay averages were measured respectively for the two scenarios and values compared using Student’s t-test. While the TCP and HTTP throughputs were found decreasing, the UDP throughput was not affected by the presence of this VPN. Concerning the delay; the TCP, UDP and HTTP delay were found increasing. / Electrical Engineering / M. Tech. (Electrical Engineering (Computer Systems))

Simulation

VPN

NS2

Network performance

004.68

Extranets (Computer networks)

Computer simulation

Segurança em redes sem fio: estudo sobre o desenvolvimento de conjuntos de dados para comparação de IDS

Vilela, Douglas Willer Ferrari Luz [UNESP]

05 December 2014

Made available in DSpace on 2015-07-13T12:10:14Z (GMT). No. of bitstreams: 0 Previous issue date: 2014-12-05. Added 1 bitstream(s) on 2015-07-13T12:25:33Z : No. of bitstreams: 1 000836349.pdf: 1934096 bytes, checksum: c3f7c0657f64390bf9abd2cc13136962 (MD5) / O crescimento vertiginoso da tecnologia de redes sem fio tem sido muito significativo nos últimos anos, sua utilização ocorre em diversos setores da sociedade. O padrão IEEE 802.11 destaca-se nesse cenário. No entanto, os mecanismos de proteção empregados por este padrão de rede sem fio não tem apresentado eficiência no combate a ataques de negação de serviço. Os sistemas de detecção de intrusão são vistos como uma forma eficaz de minimizar essas ameaças. Nesta pesquisa foi proposta a construção de três conjuntos de dados que represente de forma significativa o tráfego de rede sem fio. Os conjuntos gerados têm finalidade de auxiliar na avaliação de algoritmos de detecção de intrusos para redes sem fio. Para a construção dos conjuntos de dados foram implementados três cenários de redes sem fio, todos em ambientes reais e operacionais. Em cada cenário foi habilitado um mecanismo de segurança: cenário 1 protocolo WEP, cenário 2 foi utilizado IEEE 802.11i e cenário 3 o IEEE 802.11i associada à emenda IEEE 802.11w. A escolha por cenários diferentes e divisão dos conjuntos de acordo com os ambientes tem a finalidade analisar a evolução dos mecanismos de segurança. Com isto é possível categorizar cada ambiente. Após a construção dos ambientes de rede sem fio foi inoculado tráfego de rede normal e anômalo, com isto iniciou-se a coleta dos dados. Com os dados coletados foi realizado um pré-processamento de cada conjunto capturando apenas os quadros do cabeçalho Media Access Control - MAC do IEEE 802.11. A escolha foi definida em virtude de este quadro possuir características especifica das redes sem fio. Para validar os conjuntos de dados foram empregadosalgoritmos de classificação e reconhecimento de padrões. Os algoritmos empregados na validação foram Multilayer Perceptron - MLP, Radial Basis Function - RBF e Bayes Net. Os resultados obtidos com a avaliação dos conjuntos de dados gerados... / The fast growth of wireless network technology has been very significant lately, its occurs in diverse sectors of society. The standard IEEE 802.11 stands out in this scenario. However, the protection mechanisms employed by this standard wireless network has not shown effectiveness in combating denial of service attacks. The intrusion detection systems are seen as an effective way to minimize these threats. We proposed in this research to build three data sets, which represent traffic wireless network. The sets are generated auxiliary purpose in assessing intrusion detection algorithms for wireless networks. For the construction of the data sets three scenarios of wireless networks, all in real operational environments and have been implemented. In each scenario was one enabled security mechanisms: WEP protocol scenario 1, scenario 2 was used IEEE 802.11i scenario 3 the associated IEEE 802.11i amendment to the IEEE 802.11w. The choice of different sets of scenarios and divide according to the environments aims to analyze the evolution of the security mechanisms. This makes it possible to categorize each environment. After the construction of wireless network environments normal and anomalous traffic were inoculated and thus collect the data. With the collected data pre-processing each set only extracting the frames from the MAC header was conducted. The choice was defined as this has specific characteristics of wireless networks. To validate the data sets and sorting algorithms were employed pattern recognition. The algorithms were used in the validation MLP, RBF and Bayes Net. The results obtained from the evaluation of the generated data sets demonstrate that the proposed approach is quite promising

Sistemas de comunicação sem fio

Sistemas de segurança

Algoritmos

Computer networks -- Security measures

Analysis of a South African cyber-security awareness campaign for schools using interdisciplinary communications frameworks

Leppan, Claudette

January 2017

To provide structure to cyber awareness and educational initiatives in South Africa, Kortjan and Von Solms (2014) developed a five-layer cyber-security awareness and education framework. The purpose of the dissertation is to determine how the framework layers can be refined through the integration of communication theory, with the intention to contribute towards the practical implications of the framework. The study is approached qualitatively and uses a case study for argumentation to illustrate how the existing framework can be further developed. Drawing on several comprehensive campaign planning models, the dissertation illustrates that not all important campaign planning elements are currently included in the existing framework. Proposed changes in the preparation layer include incorporating a situational and target audience analysis, determining resources allocated for the campaign, and formulating a communication strategy. Proposed changes in the delivery layer of the framework are concerned with the implementation, monitoring and adjustment, as well as reporting of campaign successes and challenges. The dissertation builds on, and adds to, the growing literature on the development of campaigns for cyber-security awareness and education aimed at children.

Internet -- Safety measures

Computer networks -- Security measures

Mass media and technology

Mass media -- Social aspects

User-centred design to engender trust in e-commerce

Obioha, Chinonye Leuna

January 2016

Thesis (MTech (Information Technology))--Cape Peninsula University of Technology, 2016. / Consumer trust is a core element for any e-commerce website. This study aimed to explore attributes of business-to-consumers (B2C) e-commerce websites that can communicate and engender trust from the users’ perspective using user-centred design. E-commerce websites are known to have features such as security certificates and encryption methods to ensure trust, but this requires technical knowhow to understand. The technologies used to develop websites have improved so far, but it has little effect on improving the trust of the users of e-commerce mostly in developing countries (Africa in particular). E-commerce users do not realise that these features have been put in place for the trustworthiness of the websites which contributes to their reluctance to conduct business transactions online, thus reducing their buying intentions. There is a need to design e-commerce websites to communicate/ convey trust from the users’ perspective. The study explored various sources of data to obtain insight and understanding of the research problem—user-centred design (UCD) group activity with users, interviews with developers, and secondary prior literature. Using UCD as the main methodology, an intensive UCD workshop activity with a group of eight e-commerce users was carried out. Furthermore, to obtain the view of experts (developers) on what is currently done to engender trust in B2C e-commerce websites, interviews with four respondents were also carried out. These interviews were intended to reduce any prejudice or bias and to obtain a clearer understanding of the phenomenon being studied. The findings from the study revealed six main attributes to engender trust, namely aesthetics design, security and information privacy, functionality design, trustworthiness based on content, development process, and vendor attributes. Proposed guidelines for each of the attributes were outlined. The findings from the users showed that those who were acquainted with the e-commerce technologies were those whose backgrounds are computer and technology related. Most users focused on aesthetics design, functionality, and security of their privacy and private details. Less emphasis was placed on the technology behind the e-commerce websites. Users use their aesthetic and cognitive value in their judgement for trust. The findings from the research were further validated using the Domestication of Technology Theory (DTT), which resulted in the development of a user-centred e-commerce trust model.

Electronic commerce

Consumer protection

Consumer confidence

Consumers -- Attitudes

A framework for software patch management in a multi-vendor environment

Hughes, Grant Douglas

January 2016

Thesis (MTech (Information Technology))--Cape Peninsula University of Technology, 2016. / Software often requires patches to be installed post-implementation for a variety of reasons. Organisations and individuals, however, do not always promptly install these patches as and when they are released. This study investigated the reasons for the delay or hesitation, identified the challenges, and proposed a model that could assist organisations in overcoming the identified challenges. The research investigated the extent to which the integration of software patch management and enterprise data security is an important management responsibility, by reviewing relevant documents and interviewing key role players currently involved in the patch management process. The current challenges and complexities involved in patch management at an enterprise level could place organisations at risk by compromising their enterprise-data security. This research primarily sought to identify the challenges causing the management of software patches to be complex, and further attempted to establish how organisations currently implement patch management. The aim of the study was to explore the complexities of software patch management in order to enhance enterprise data security within organisations. A single case study was used, and data were obtained from primary sources and literature. The study considered both technological and human factors, and found that both factors play an equally important role with regard to the successful implementation of a patch management program within an organisation.

Software maintenance

Software configuration management

Computer networks -- Security measures

Managing infrastructure risks in information communication technology outsourced projects : a case study at Transnet, South Africa

Basson, Delton Jade

January 2017

Thesis (MTech (Information Technology))--Cape Peninsula University of Technology, 2017. / The balance between the dependency on Information and Communications Technology (ICT) and reducing costs has led to an increase in ICT outsourcing in many organisations. ICT outsourcing has benefits, but organisations have limited knowledge on information security and risks when outsourcing these functions. A lack of information security knowledge or a poor organisational risk culture carries the risk of project failure and security breaches. It is unclear how to manage information risks through the usage of ICT infrastructure risk management when outsourcing ICT projects, and this exposes organisations to ICT security risks. The aim of the study is to explore how a selected transport organisation can manage information risks through the usage of infrastructure risk management when outsourcing ICT projects. Two primary research questions are posed namely, “what information risks does the ICT department manage when outsourcing ICT projects?”, and “how can the ICT department protect their information through the usage of infrastructure risk management against ICT security threats when outsourcing ICT?” To answer these two questions, a study was conducted at a transport organisation in South Africa. A subjective ontological and interpretivist epistemological stance has been adopted and an inductive research approach was followed. The research strategy was a case study. Data for this study was gathered through interviews (17 in total) using semi-structured questionnaires. Data collected were transcribed, summarised, and categorised to provide a clear understanding of the data. For this study, forty findings and eight themes were identified. The themes are ICT outsourcing, information risks, costs, ICT vendor dependency, vendor access and management, risk management, user awareness, and frameworks. Guidelines are proposed, comprising six primary components. The results point to gaps that need to be addressed to ensure that information is protected when outsourcing ICT projects. Measures need to be put in place and communication has to be improved among operating divisions. The findings lead to questions such as, ““how does business create an ICT security culture to ensure that information is protected at all times”, and “does vendor access management really get the necessary attention it requires?” Further studies on human behaviour towards ICT security is needed to ensure the protection of organisations against security risks.

Segurança em redes sem fio: estudo sobre o desenvolvimento de conjuntos de dados para comparação de IDS /

Vilela, Douglas Willer Ferrari Luz.

January 2014

Orientador: Aílton Akira Shinoda / Co-orientador: Ed' Wilson Tavares Ferreira / Banca: Christiane Marie Schweitzer / Banca: Valtemir Emerencio do Nascimento / Resumo: O crescimento vertiginoso da tecnologia de redes sem fio tem sido muito significativo nos últimos anos, sua utilização ocorre em diversos setores da sociedade. O padrão IEEE 802.11 destaca-se nesse cenário. No entanto, os mecanismos de proteção empregados por este padrão de rede sem fio não tem apresentado eficiência no combate a ataques de negação de serviço. Os sistemas de detecção de intrusão são vistos como uma forma eficaz de minimizar essas ameaças. Nesta pesquisa foi proposta a construção de três conjuntos de dados que represente de forma significativa o tráfego de rede sem fio. Os conjuntos gerados têm finalidade de auxiliar na avaliação de algoritmos de detecção de intrusos para redes sem fio. Para a construção dos conjuntos de dados foram implementados três cenários de redes sem fio, todos em ambientes reais e operacionais. Em cada cenário foi habilitado um mecanismo de segurança: cenário 1 protocolo WEP, cenário 2 foi utilizado IEEE 802.11i e cenário 3 o IEEE 802.11i associada à emenda IEEE 802.11w. A escolha por cenários diferentes e divisão dos conjuntos de acordo com os ambientes tem a finalidade analisar a evolução dos mecanismos de segurança. Com isto é possível categorizar cada ambiente. Após a construção dos ambientes de rede sem fio foi inoculado tráfego de rede normal e anômalo, com isto iniciou-se a coleta dos dados. Com os dados coletados foi realizado um pré-processamento de cada conjunto capturando apenas os quadros do cabeçalho Media Access Control - MAC do IEEE 802.11. A escolha foi definida em virtude de este quadro possuir características especifica das redes sem fio. Para validar os conjuntos de dados foram empregadosalgoritmos de classificação e reconhecimento de padrões. Os algoritmos empregados na validação foram Multilayer Perceptron - MLP, Radial Basis Function - RBF e Bayes Net. Os resultados obtidos com a avaliação dos conjuntos de dados gerados... / Abstract: The fast growth of wireless network technology has been very significant lately, its occurs in diverse sectors of society. The standard IEEE 802.11 stands out in this scenario. However, the protection mechanisms employed by this standard wireless network has not shown effectiveness in combating denial of service attacks. The intrusion detection systems are seen as an effective way to minimize these threats. We proposed in this research to build three data sets, which represent traffic wireless network. The sets are generated auxiliary purpose in assessing intrusion detection algorithms for wireless networks. For the construction of the data sets three scenarios of wireless networks, all in real operational environments and have been implemented. In each scenario was one enabled security mechanisms: WEP protocol scenario 1, scenario 2 was used IEEE 802.11i scenario 3 the associated IEEE 802.11i amendment to the IEEE 802.11w. The choice of different sets of scenarios and divide according to the environments aims to analyze the evolution of the security mechanisms. This makes it possible to categorize each environment. After the construction of wireless network environments normal and anomalous traffic were inoculated and thus collect the data. With the collected data pre-processing each set only extracting the frames from the MAC header was conducted. The choice was defined as this has specific characteristics of wireless networks. To validate the data sets and sorting algorithms were employed pattern recognition. The algorithms were used in the validation MLP, RBF and Bayes Net. The results obtained from the evaluation of the generated data sets demonstrate that the proposed approach is quite promising / Mestre

Sistemas de comunicação sem fio.

Sistemas de segurança.

Algoritmos.

Computer networks -- Security measures

Framework de kernel para auto-proteção e administração em um sistema de segurança imunológico / A kernel framework for administration and selfprotection for a immunological security system

Pereira, André Augusto da Silva, 1986-

23 August 2018

Orientador: Paulo Lício de Geus / Dissertação (mestrado) - Universidade Estadual de Campinas, Instituto de Computação / Made available in DSpace on 2018-08-23T23:09:29Z (GMT). No. of bitstreams: 1 Pereira_AndreAugustodaSilva_M.pdf: 2078139 bytes, checksum: 3b321df6a81e4d3aaa8cf753b119f8a1 (MD5) Previous issue date: 2013 / Resumo: O resumo poderá ser visualizado no texto completo da tese digital / Abstract: The complete abstract is available with the full electronic document / Mestrado / Ciência da Computação / Mestre em Ciência da Computação

Sistemas operacionais (Computadores)

Imunoinformática

Operating systems (Computers)

Computer networks - Security measures

Immunoinformatics

Artificial intelligence and knowledge management principles in secure corporate intranets

Barry, Christopher

23 February 2010

M.Sc. (Computer Science) / Corporations throughout the world are facing numerous challenges in today’s competitive marketplace and are continuously looking for new and innovative means and methods of gaining competitive advantage. One of the means used to gain this advantage is that of information technology, and all the associated technologies and principles. These are primarily used to facilitate business processes and procedures that are designed to provide this competitive advantage. Significant attention has been given to each of the individual technologies and principles of Artificial Intelligence, Knowledge Management, Information Security, and Intranets and how they can be leveraged in order to improve efficiency and functionality within a corporation. However, in order to truly reap the benefits of these technologies and principles, it is necessary to look at them as a collaborative system, rather as individual components. This dissertation therefore investigates each of these individual technologies and principles in isolation, as well as in combination with each other to outline potential advantages, associated risks, and disadvantages when combining them within the corporate world. Based on these, the Intelligently Generated Knowledge (IGK) framework is outlined to implement such a collaborative system. Thereafter, an investigation of a theoretical situation is conducted based on this framework to examine the impact of the implementation of this type of collaborative system. The potential increase in cost savings, efficiency and functionality of corporations that would employ the IGK framework is clearly outlined in the theoretical example, and should this approach be adopted, it would be able to provide significant competitive advantage for any corporation.

Artificial intelligence

Knowledge management

Intranets (Computer networks)

Computer networks security measures

Information security using intelligent software agents

Van der Merwe, Jacobus

20 August 2012

Ph.D. / Many organisations are starting to make large parts of their information resources publicly accessible. For example, many organisations publish information using the Internet. Some organisations allow non-employees to connect to their systems and retrieve information - many banks allow customers to retrieve account statements via the Internet. There is a trend towards more open information systems and more distributed processing such as client/server processing. The above are just some of the trends in computer information processing that creates new and complex problems in providing information systems that are both secure and manageable. To add to the complexity of the information security problem, organisations use the Internet to conduct some of their business and use many different applications, each with its own unique access control mechanisms. Central management of information security in a heterogeneous and distributed environments, such as the Internet has become a nightmare. There is a need for an information security model that will allow organisations to make use of the new trends in information processing, but still have confidence that they have adequate security and that the management of their information security systems is fairly easy. In this thesis we propose a model that satisfies the above requirements. We call this model the Intelligent Security Agent Model (ISAM). The ISAM model is based on two technologies: intelligent software agents and distributed objects. The main component of the model is Intelligent Security Agents that act as security brokers for its users in a distributed environment. In chapter 2 of the thesis, we design an Intelligent Security Agent which provides various information security services in open client/server environments. The Intelligent Security Agent Model addresses certain problems/requirements, such as single sign-on, in information security. These problems and possible solutions are described in chapter 4 to chapter 10 of this thesis. An Intelligent Security Agent must be protected from unauthorised modification, theft, etc. Chapter 3 shows how an Intelligent Security Agent is secured by implementing it as a distributed object. We show that the combination of intelligent software agents and distributed objects creates an agent that was not possible before, and solves many information security problems.In short, this thesis documents the results of a study in computer information security. The result of the study is a new information security model in which intelligent software agents and distributed objects are combined to create a security agent which acts on behalf of a user in open environments such as client/server systems and the Internet. The agent provides a set of services to its user and handles all information security related requests on behalf of its user.

Computer security

Computer networks - Security measures

Internet - Security measures

Intelligent agents (Computer software)