Global ETD Search

21	Problematika firewallů Wagner, Oto January 2007 (has links) Práce se zabývá problematikou firewallů a jejich vývojem. Rozdělena je na 4 hlavní části. V první (teoretické) části jsou rozpracovány některé důležité koncepty síťového provozu ? především pak ty s dopadem na zajištění bezpečného přístupu k síti. Rovněž jsou roztříděny firewally a zmíněny konkrétní dopady (přínosy) jejich nasazení. Na konci kapitoly si ještě rozebereme Standardy, které v této oblasti existují (především pak TCSEC a CC). Další část je věnována samotnému vývoji fw a především pak současným trendům posledních 5 let. Rozebrány jsou rovněž kromě jejich dopadů na bezpečnost i externality, které s nimi byly spojeny (změna chování uživatelů, rychlost, propustnost, atp.). Konec kapitoly obsahuje ještě výhledy předpokládaného vývoje v této oblasti. V praktické části se podíváme na některé nejdůležitější způsoby ochrany. V části terminace otestujeme všechny publikované metody terminace a možnosti ochrany. Nakonec v části odchozí komunikace provedeme test všech dostupných metod průniku ven ze sítě ? vyzkoušíme tedy všechny publikované techniky, jak dostat data nepozorovaně ven z počítače a zjistíme, jaké jsou možnosti obrany u konkrétní techniky. V poslední části se podíváme na některá důležitá či zajímavá praktická řešení z oblasti bezpečnosti sítí. Především pak na zabezpečení sítě Vysoké Školy Ekonomické v Praze, Checkpoint Firewall-1, a nakonec jeho nasazení na VŠE.
22	Low Latency Stochastic Filtering Software Firewall Architecture Ghoshal, Pritha 14 March 2013 (has links) Firewalls are an integral part of network security. They are pervasive throughout networks and can be found in mobile phones, workstations, servers, switches, routers, and standalone network devices. Their primary responsibility is to track and discard unauthorized network traffic, and may be implemented using costly special purpose hardware to flexible inexpensive software running on commodity hardware. The most basic action of a firewall is to match packets against a set of rules in an Access Control List (ACL) to determine whether they should be allowed or denied access to a network or resource. By design, traditional firewalls must sequentially search through the ACL table, leading to increasing latencies as the number of entries in the table increase. This is particularly true for software firewalls implemented in commodity server hardware. Reducing latency in software firewalls may enable them to replace hardware firewalls in certain applications. In this thesis, we propose a software firewall architecture which removes the sequential ACL lookup from the critical path and thus decreases the latency per packet in the common case. To accomplish this we implement a Bloom filter-based, stochastic pre-classification stage, enabling the bifurcation of the predicted good and predicted bad packet code paths, greatly improving performance. Our proposed architecture improves firewall performance 67% to 92% under anonymized trace based workloads from CAIDA servers. While our approach has the possibility of incorrectly classifying a small subset of bad packets as good, we show that these holes are neither predictable nor permanent, leading to a vanishingly small probability of firewall penetration. ACL cache bloom filter architecture firewall Network
23	Misconfiguration Analysis of Network Access Control Policies Tran, Tung 16 February 2009 (has links) Network access control (NAC) systems have a very important role in network security. However, NAC policy configuration is an extremely complicated and error-prone task due to the semantic complexity of NAC policies and the large number of rules that could exist. This significantly increases the possibility of policy misconfigurations and network vulnerabilities. NAC policy misconfigurations jeopardize network security and can result in a severe consequence such as reachability and denial of service problems. In this thesis, we choose to study and analyze the NAC policy configuration of two significant network security devices, namely, firewall and IDS/IPS. In the first part of the thesis, a visualization technique is proposed to visualize firewall rules and policies to efficiently enhance the understanding and inspection of firewall configuration. This is implemented in a tool called PolicyVis. Our tool helps the user to answer general questions such as ‘‘Does this policy satisfy my connection/security requirements’’. If not, the user can detect all misconfigurations in the firewall policy. In the second part of the thesis, we study various policy misconfigurations of Snort, a very popular IDS/IPS. We focus on the misconfigurations of the flowbits option which is one of the most important features to offers a stateful signature-based NIDS. We particularly concentrate on a class of flowbits misconfiguration that makes Snort susceptible to false negatives. We propose a method to detect the flowbits misconfiguration, suggest practical solutions with controllable false positives to fix the misconfiguration and formally prove that the solutions are complete and sound. firewall intrusion detection system Computer Science
24	Misconfiguration Analysis of Network Access Control Policies Tran, Tung 16 February 2009 (has links) Network access control (NAC) systems have a very important role in network security. However, NAC policy configuration is an extremely complicated and error-prone task due to the semantic complexity of NAC policies and the large number of rules that could exist. This significantly increases the possibility of policy misconfigurations and network vulnerabilities. NAC policy misconfigurations jeopardize network security and can result in a severe consequence such as reachability and denial of service problems. In this thesis, we choose to study and analyze the NAC policy configuration of two significant network security devices, namely, firewall and IDS/IPS. In the first part of the thesis, a visualization technique is proposed to visualize firewall rules and policies to efficiently enhance the understanding and inspection of firewall configuration. This is implemented in a tool called PolicyVis. Our tool helps the user to answer general questions such as ‘‘Does this policy satisfy my connection/security requirements’’. If not, the user can detect all misconfigurations in the firewall policy. In the second part of the thesis, we study various policy misconfigurations of Snort, a very popular IDS/IPS. We focus on the misconfigurations of the flowbits option which is one of the most important features to offers a stateful signature-based NIDS. We particularly concentrate on a class of flowbits misconfiguration that makes Snort susceptible to false negatives. We propose a method to detect the flowbits misconfiguration, suggest practical solutions with controllable false positives to fix the misconfiguration and formally prove that the solutions are complete and sound. firewall intrusion detection system Computer Science
25	Firewalls - Brandmauer oder Feuermelder ? Schreiber, Alexander 03 October 1999 (has links) Firewalls - oft als scheinbar magisches Wundermittel für den Schutz von Firmennetzen vor dem Schrecken der allgegenwärtigen Hacker angepriesen - sind nur ein Teil einer Sicherheitsarchitektur. Wie funktionieren sie, was tun sie? Was vermögen sie wirklich zu leisten, was nicht? Ist die Installation eines Firewalls ausreichend oder muß noch mehr getan werden um wirklich sicher zu sein und sich nicht nur sicher zu fühlen? Sind sie nur lästig (Sicherheit versus Bequemlichkeit) oder notwendig? Datensicherheit ddc:004 Firewall Internet Sicherheit Netzwerk
26	EDV-Paranoia unter Linux Schreiber, Alexander 18 June 2000 (has links) (PDF) Der Vortrag gibt einen Ueberblick ueber die Moeglichkeiten die Linux bietet um ein System oder Netzwerk vor unerwuenschten Zugriffen zu sichern. Linux VPN ddc:004 Sicherheit Firewall Netzwerk
27	Evaluation of the CSF Firewall / Utvärdering av CSF brandväggen Mudhar, Ahmad January 2013 (has links) The subject of web server security is vast, and it is becoming bigger as time passes by. Every year, researches, both private and public, are adding to the number of possible threats to the security of web servers, and coming up with possible solutions to them. A number of these solutions are considered to be expensive, complex, and incredibly time-consuming, while not able to create the perfect web to challenge any breach to the server security. In the study that follows, an attempt will be made to check whether a particular firewall can ensure a strong security measure and deal with some security breaches or severe threat to an existing web server. The research conducted has been done with the CSF Firewall, which provides a suit of scripts that ensure a portal’s security through a number of channels. The experiments conducted under the research provided extremely valuable insights about the application in hand, and the number of ways the CSF Firewall can help in safety of a portal against Secured Shell (SSH) attacks, dedicated to break the security of it, in its initial stages. It further goes to show how simple it is to actually detect the prospective attacks, and subsequently stop the Denial of Service (DoS) attacks, as well as the port scans made to the server, with the intent of breaching the security, by finding out an open port. By blocking the IP Addresses of the attackers dedicated to such an act, preventing them from creating nuisance, the CSF Firewall has been able to keep alien intrusions away from the server. It also aids in creating a secure zone for the server, to continue smoothly, while alerting the server administrators of the same, and gives them an opportunity to check those threatening IPs, and the time of attack, makes sure that the server administrators stay alert in the future, and is able to keep an eye on such attacks. In doing this, the experiment adds valuable data in the effective nature of the CSF Firewall. CSF Firewall Iptables Firewall Web server Security SPI Configserver Security & Firewall SYN-flood DoS attack Port Scan Exploit checks Firewall notifications SSH attacks Computer Sciences Datavetenskap (datalogi)
28	VPN Mesh in Industrial Networking Berndtsson, Andreas January 2013 (has links) This thesis report describes the process and present the results gained while evaluating available VPN mesh solutions and equipment for integration into Industrial systems. The task was divided into several sub steps; summarize the previous work done in the VPN mesh area, evaluate the available VPN mesh solutions, verify that the interesting equipment comply with the criteria set by ABB and lastly verify that the equipment can be integrated transparently into already running systems. The result shows that there is equipment that complies with the criteria, which can also be integrated transparently into running systems. The result also shows that IPSec should be used as the VPN protocol since IPSec can make use of the crypto hardware whereas TLS based VPNs currently cannot. Even though the implementation of secure gateways would provide authentication and authorization to the network, the cost of implementing these gateways would be great. The best solution would be to present the evaluated equipment as an optional feature instead of making it standard equipment in each system. / Denna examensarbetesrapport beskriver den process, samt presenterar de resultat som har insamlats, när tillgängliga VPN-mesh-lösningar- och utrustning har utvärderats för integrering i Industriella system. Uppgiften var uppdelad i ett flertal delmoment, varvid det första bestod i att summera tidigare utfört arbete inom VPN-mesh-området. De efterföljande delmomenten bestod i att utvärdera tillgängliga VPN-mesh-lösningar, verifiera att den utvärderade utrustningen uppfyller de krav som fastställts av ABB samt verifiera att utrustningen har stöd för transparent integrering i system under drift. Resultatet visar att det finns utrustning som uppfyller ABB’s krav, vilken även kan bli transparent integrerade i system under drift. Resultatet visar även att IPSec bör användas som VPN-protokoll eftersom IPSec kan nyttja krypto-hårdvara medan TLS-baserade VPN-lösningar för tillfället saknar denna funktionalitet. Implementeringen av säkra gateways medför autentisering och auktorisering till nätverket, dock är kostnaden att implementera dessa hög. Den bästa lösningen vore att erbjuda de utvärderade produkterna som möjliga tillägg, istället för att göra dem till standardutrustning vid köp av ett industriellt system. Industrial Networking Firewall Computer Sciences Datavetenskap (datalogi)
29	Zabezpečení operačního systému Linux / Security of Linux OS Polách, Milan January 2011 (has links) This thesis is focused on the possibility of better networking security operating system GNU/Linux with an appropriate set of rules Netfilter. There was established a program to allow easy configuration of rules for IP Address versions 4 and 6. This program not only allows to set individual rules, but also interfere with the newly required service and decide, how it will be further worked with. The first is the theoretical part describes the network communication with the model TCP/IP, the following is the introduction of Netfilter and outlining the local security. The practical part describes the various technologies and methods used for programming. The result of this work is easy to use program to set firewall rules for IP Address versions 6 with the possibility of deciding on the new established network traffic. The program is designed for new users of the operating system, who want to better secure their computer without the knowledge of Netfilter.
30	Estudo sobre a extração de políticas de firewall e uma proposta de metodologia / A Study about firewall policy extraction and a proposal for a methodology Horowitz, Eduardo January 2007 (has links) Com o aumento das ameaças na Internet, firewalls tornaram-se mecanismos de defesa cada vez mais utilizados. No entanto, sua configuração é notadamente complexa, podendo resultar em erros. Vários estudos foram realizados com o intuito de resolver tais problemas, mas a grande maioria deles se concentrou em trabalhar diretamente no nível de configuração, o que possui limitações. O presente trabalho investiga maneiras de extrair políticas em mais alto nível a partir de regras de firewall em baixo nível, o que é mais intuitivo. A fim de extrair as políticas reais a partir de regras de firewall, o problema do descorrelacionamento é estudado e algoritmos anteriormente propostos para resolvê-lo são apresentados e discutidos. É apresentado, também, um tipo de grafo para a melhor visualização e análise de correlacionamento entre regras. Além disso, é pesquisado o agrupamento de regras descorrelacionadas, que tem o objetivo de elevar o nível das mesmas. São apresentados dois algoritmos para realizar o agrupamento, sendo um deles novo. A seguir, é proposta uma nova metodologia de extração de políticas de firewall. A primeira parte desta consiste na utilização de um novo tipo de descorrelacionamento, o descorrelacionamento hierárquico. Este é acompanhado por uma nova maneira de agrupar regras descorrelacionadas hierarquicamente, o agrupamento hierárquico. A segunda parte é uma nova modelagem de regras de firewall que fazem parte de blacklist ou whitelist, separando-as das demais regras na extração de políticas. Algumas maneiras de realizar esta separação também são discutidas. Por fim, são relatadas as conclusões e possibilidades de trabalhos futuros. / As the number of threats in the Internet grows, firewalls have become a very important defense mechanism. However, configuring a firewall is not an easy task and is prone to errors. Several investigations have been made towards solving these issue. However, most of them have focused on working directly at the configuration level and have a number of limitations. This work investigates methods to extract higher level policies from low level firewall rules. Aiming at extracting real policies from firewall rules, we analyse the firewall decorrelation problem and previously proposed algoritmhs to solve it. In addition, a new type of graph is presented aiming at better visualising and analysing rules’ correlation. We also investigate the merging of decorrelated rules, with the goal of defining more abstract rules. Two algorithms are then presented and a new methodology for the extraction of firewall policies is proposed. This methodology is twofold. The first part consists of the use a new type of decorrelation: the hierachical decorrelation, which is introduced along with a new way of hierarchically merging decorrelated rules. The second part is a new model for blacklist or whitelist firewall rules, separating them from the other rules in the policy extraction. We also present alternatives for accomplishing this separation. Finally, we conclpude and point out directions for future work. Seguranca : Computadores Criptografia Firewall Network security Firewalls Firewall policies Decorrelation Policy extraction

Search results