Pokročilá evaluace úrovně privátnosti v sociálních sítích / Advanced Evaluation of Privacy Level in Social Networks

Januš, Filip

January 2020

Nowadays persists a trend of moving interpersonal communication into the online environment. By the reason of the social networks and social network's services. Many users doesn't perceive threats connected with presence in internet environment. This thesis is focused on the analysis of the user's account privacy settings followed by the evaluation of these settings. The goal is to develop and create a tool providing ability to evaluate privacy settings of the user's account, eventually recommend more suitable settings given to user privacy. To achieve these goals is necessary to use a suitable model performing privacy evaluation. The output of the thesis will consist of a proposal and implementation of tool performing analysis, evaluation and recommendation of how to improve the social network's privacy settings. Which should help users reduce the amount of privacy information leakage.

The Role of Firewalls in Network Security : A Prestudy for Firewall Threat Modeling / Brandväggars roll i nätverkssäkerhet : En förstudie för hotmodel- lering av brandväggar

Bonnevier, Jani, Heimlén, Sebastian

January 2018

Firewalls help protect computer networks from intrusions and malware by enforcing restrictions on what network traffic is allowed to pass through the firewall into the network. This thesis explores the role of firewalls in network security, with the ultimate goal of advancing attempts to create a threat model for firewalls. Five areas are explored, namely: Definitions of Concepts Firewalls vs. Services as Targets for Direct Attack The Past and Future of Firewalls Approach to Estimating Firewall Security Firewall Configuration and Security Policies These areas are explored using a questionnaire survey. Each question in the questionnaire is either tied to a particular area, or is used to evaluate the respondents’ credibility. The questionnaire has 15 questions, many of which ask for free text answers. The group of potential respondents consists of 209 individuals, of whom about 75 % are authors of scientific articles that discuss firewalls, penetration testing, and other relevant topics. The rest are information security professionals, journalists or bloggers of varying merit that were found online. 20 responses to the questionnaire were received. Responses to qualitative questions were codified to produce some quantitative data. The conclusions drawn based on the results include, among other things: Attackers tend to directly target network services rather than firewalls. Respondents disagreed on whether the role of firewalls is currently changing. A possible approach to estimating firewall security takes into account the network services that the firewall protects. Firewall configurations frequently do not match the security policies of the organizations in which the firewalls are deployed. / Brandväggar hjälper att skydda datornätverk från intrång och skadeprogram genom att begränsa den trafik som tillåts passera genom brandväggen in i nätverket. Denna uppsats utforskar brandväggars roll i nätverkssäkerhet med målet att göra framsteg i försök att skapa en hotmodell för brandväggar. Fem områden utforskas, nämligen: Definitioner av begrepp Brandväggar kontra tjänster som mål för direkta angrepp Brandväggens historia och framtid Tillvägagångssätt för att estimera brandväggssäkerhet Brandväggskonfiguration och säkerhetspolicyer Dessa områden utforskas via en enkätstudie. Varje fråga i enkäten tillhör antingen ett specifikt område, eller används för att evaluera respondenternas trovärdighet. Enkäten har 15 frågor, varav många efterfrågar fritextsvar. Gruppen potentiella respondenter består av 209 individer, varav cirka 75 % är författare av vetenskapliga artiklar som behandlar brandväggar, penetrationstestning och andra relevanta ämnen. Resten är professionella säkerhetskonsulter, journalister eller bloggare med olika meriter inom informationssäkerhet eller nätverk. 20 svar på enkäten togs emot. Svar på kvalitativa frågor klassificerades för att producera kvantitativ data. Slutsatserna som drogs baserat på resultaten inkluderar bl.a.: Angripare tenderar att ha nätverkstjänster som sina direkta mål, snarare än brandväggar. Respondenterna var oense om huruvida brandväggars roll just nu förändras. Ett möjligt tillvägagångssätt för att uppskatta brandväggssäkerhet tar hänsyn till de nätverkstjänster brandväggen skyddar. Brandväggskonfigurationer överrenstämmer ofta inte med säkerhetsriktlinjerna i de organisationer där brandväggarna är i bruk.

Computer and Information Sciences

Data- och informationsvetenskap

Segurança cibernética com hardware reconfigurável em subestações de energia elétrica utilizando o padrão IEC 61850 / Cyber security with reconfigurable hardware in power substations using the IEC 61850 standard

Miranda, Juliano Coêlho

20 September 2016

Com a tecnologia digital, as redes de comunicação têm sido de fundamental importância para o bom funcionamento das subestações de energia elétrica. Criado em 2002, o padrão IEC 61850 busca harmonizar a diversidade de equipamentos e fabricantes, e possibilitar a integração de dados para que o máximo de benefícios possa ser extraído. Nesse contexto, o protocolo GOOSE (Generic Object Oriented Substation Event), pertinente ao padrão IEC 61850, é um datagrama multicast concebido para funcionar na rede local ou de longa distância que interliga as subestações de energia elétrica. Nos ambientes de longa distância, o tráfego de dentro para fora, e vice-versa, deveria passar por um firewall. Porém, a tecnologia de firewall atual não é capaz de inspecionar as mensagens GOOSE reais ou originadas a partir de um ataque, e afeta o tempo de transferência das mesmas, que, no enlace de comunicação, não deve exceder 5ms. Dessa forma, o objetivo deste trabalho é desenvolver um firewall em hardware reconfigurável, por meio da plataforma NetFPGA, de modo que o incremento no tempo de propagação de uma mensagem GOOSE, Tipo 1A (Trip), ao transpor o dispositivo de segurança, não ultrapasse 20% do tempo total destinado ao enlace de comunicação. Por ter a capacidade de ser um acelerador, construído por meio de hardware reconfigurável FPGA (Field Programmable Gate Array), a NetFPGA conduz enlaces Gigabit, e torna possível examinar e estabelecer regras iniciais de autorização ou negação para o tráfego de mensagens GOOSE, manipulando os campos do quadro ISO/IEC 8802-3. O incremento no tempo máximo de propagação de uma mensagem com 1518 bytes foi de 77,39 μs, com 77,38 μs de tempo médio. Um algoritmo de criptografia e outro de autenticação também foram testados e mensagens falsas não conseguiram transpor o firewall. No momento atual da pesquisa, concluiu-se que o firewall em NetFPGA, pertinente ao conjunto de recursos de hardware e software destinados a garantir a segurança de uma rede, é capaz de rejeitar mensagens GOOSE falsas e fornecer segurança aos dispositivos ativos de uma subestação, sem atrasos adicionais superiores a 1ms. / With the digital technology, the communication networks have been of fundamental importance for the good performance of power substations. Created in 2002, the IEC 61850 standard seeks for harmonization of the different equipment and manufacturers, enabling the integration of data for maximum performance. In this context, the GOOSE (Generic Object Oriented Substation Event) message, concerning the IEC 61850 standard, is a multicast datagram, designed to operate in LAN or WAN that connects power substations. In the long-distance environment, the propagation time in the communication link must not exceed 5ms. The current firewall technology is not able to differ true GOOSE messages from the ones originated from an attack, and it affects the transfer time of messages. The objective of this research is to develop a reconfigurable firewall hardware, using the NetFPGA platform, so that the increase in propagation time of a GOOSE message, Type 1A (Trip), does not exceed 20% of the total time allocated to the link communication. Due to the ability of NetFPGA of being an accelerator, and having been built by using reconfigurable FPGA (Field Programmable Gate Array) leading to Gigabit links, it was possible to examine and establish initial rules of authorization or denial of GOOSE messages by manipulating some of the fields from the table ISO/IEC 8802-3. The increase in the maximum propagation time of a message of 1518 bytes was 77.39 μs, with the average of 77.38 μs. Fake messages failed to cross the firewall. Results from a process of authentication and encryption were also presented. At the present study, it has been concluded that the firewall using NetFPGA, concerning the hardware and software in order to ensure the security of a network, is able to reject false GOOSE messages and provide security to devices of a power substation without time increments greater than 1ms.

Firewall

Hardware Reconfigurável

Cyber security

Firewall

GOOSE

GOOSE

IEC 61850

IEC 61850

IEC 62351

IEC 62351

NetFPGA

NetFPGA

Network communications

Reconfigurable hardware

Redes de comunicação

Segurança cibernética

Segurança cibernética com hardware reconfigurável em subestações de energia elétrica utilizando o padrão IEC 61850 / Cyber security with reconfigurable hardware in power substations using the IEC 61850 standard

Juliano Coêlho Miranda

20 September 2016

Com a tecnologia digital, as redes de comunicação têm sido de fundamental importância para o bom funcionamento das subestações de energia elétrica. Criado em 2002, o padrão IEC 61850 busca harmonizar a diversidade de equipamentos e fabricantes, e possibilitar a integração de dados para que o máximo de benefícios possa ser extraído. Nesse contexto, o protocolo GOOSE (Generic Object Oriented Substation Event), pertinente ao padrão IEC 61850, é um datagrama multicast concebido para funcionar na rede local ou de longa distância que interliga as subestações de energia elétrica. Nos ambientes de longa distância, o tráfego de dentro para fora, e vice-versa, deveria passar por um firewall. Porém, a tecnologia de firewall atual não é capaz de inspecionar as mensagens GOOSE reais ou originadas a partir de um ataque, e afeta o tempo de transferência das mesmas, que, no enlace de comunicação, não deve exceder 5ms. Dessa forma, o objetivo deste trabalho é desenvolver um firewall em hardware reconfigurável, por meio da plataforma NetFPGA, de modo que o incremento no tempo de propagação de uma mensagem GOOSE, Tipo 1A (Trip), ao transpor o dispositivo de segurança, não ultrapasse 20% do tempo total destinado ao enlace de comunicação. Por ter a capacidade de ser um acelerador, construído por meio de hardware reconfigurável FPGA (Field Programmable Gate Array), a NetFPGA conduz enlaces Gigabit, e torna possível examinar e estabelecer regras iniciais de autorização ou negação para o tráfego de mensagens GOOSE, manipulando os campos do quadro ISO/IEC 8802-3. O incremento no tempo máximo de propagação de uma mensagem com 1518 bytes foi de 77,39 μs, com 77,38 μs de tempo médio. Um algoritmo de criptografia e outro de autenticação também foram testados e mensagens falsas não conseguiram transpor o firewall. No momento atual da pesquisa, concluiu-se que o firewall em NetFPGA, pertinente ao conjunto de recursos de hardware e software destinados a garantir a segurança de uma rede, é capaz de rejeitar mensagens GOOSE falsas e fornecer segurança aos dispositivos ativos de uma subestação, sem atrasos adicionais superiores a 1ms. / With the digital technology, the communication networks have been of fundamental importance for the good performance of power substations. Created in 2002, the IEC 61850 standard seeks for harmonization of the different equipment and manufacturers, enabling the integration of data for maximum performance. In this context, the GOOSE (Generic Object Oriented Substation Event) message, concerning the IEC 61850 standard, is a multicast datagram, designed to operate in LAN or WAN that connects power substations. In the long-distance environment, the propagation time in the communication link must not exceed 5ms. The current firewall technology is not able to differ true GOOSE messages from the ones originated from an attack, and it affects the transfer time of messages. The objective of this research is to develop a reconfigurable firewall hardware, using the NetFPGA platform, so that the increase in propagation time of a GOOSE message, Type 1A (Trip), does not exceed 20% of the total time allocated to the link communication. Due to the ability of NetFPGA of being an accelerator, and having been built by using reconfigurable FPGA (Field Programmable Gate Array) leading to Gigabit links, it was possible to examine and establish initial rules of authorization or denial of GOOSE messages by manipulating some of the fields from the table ISO/IEC 8802-3. The increase in the maximum propagation time of a message of 1518 bytes was 77.39 μs, with the average of 77.38 μs. Fake messages failed to cross the firewall. Results from a process of authentication and encryption were also presented. At the present study, it has been concluded that the firewall using NetFPGA, concerning the hardware and software in order to ensure the security of a network, is able to reject false GOOSE messages and provide security to devices of a power substation without time increments greater than 1ms.

Firewall

Hardware Reconfigurável

GOOSE

IEC 61850

IEC 62351

NetFPGA

Redes de comunicação

Segurança cibernética

Cyber security

Firewall

GOOSE

IEC 61850

IEC 62351

NetFPGA

Network communications

Reconfigurable hardware

Test case generation using symbolic grammars and quasirandom sequences

Felix Reyes, Alejandro

06 1900

This work presents a new test case generation methodology, which has a high degree of automation (cost reduction); while providing increased power in terms of defect detection (benefits increase). Our solution is a variation of model-based testing, which takes advantage of symbolic grammars (a context-free grammar where terminals are replaced by regular expressions that represent their solution space) and quasi-random sequences to generate test cases. Previous test case generation techniques are enhanced with adaptive random testing to maximize input space coverage; and selective and directed sentence generation techniques to optimize sentence generation. Our solution was tested by generating 200 firewall policies containing up to 20 000 rules from a generic firewall grammar. Our results show how our system generates test cases with superior coverage of the input space, increasing the probability of defect detection while reducing considerably the needed number the test cases compared with other previously used approaches. / Software Engineering and Intelligent Systems

symbolic grammars

model-based testing

testing

firewall testing

firewall policies

quasi-random sequences

adaptive testing

firewalls

grammar-based testing

grammars

data generation

test data

Test case generation using symbolic grammars and quasirandom sequences

Felix Reyes, Alejandro

Unknown Date

No description available.

symbolic grammars

model-based testing

testing

firewall testing

firewall policies

quasi-random sequences

adaptive testing

firewalls

grammar-based testing

grammars

data generation

test data

A comparative study of Palo Alto Networks and Juniper Networks next-generation firewalls for a small enterprise network

Malmgren, Andreas, Persson, Simon

January 2016

This thesis is a comparative study of two Next-Generation Firewalls (NGFWs) with the aim to conclude which one is the most suitable for a small enterprise network. The network in question is Company A’s Office A1. Office A is in the process of upgrading their internal network and with the upgrade a new NGFW will be implemented. The two NGFW platforms that have been researched per Company A’s request are Juniper Networks’ SRX-series firewalls and Palo Alto Networks’ (PAN) PA-series, with focus on the SRX1500 and PA-3020 for a fair comparison. To be able to evaluate different platforms and appliances, the concept of NGFW and what it constitutes has been researched and presented. Both of the NGFW platforms have been tested and compared in terms of ease-of-use and cost analysis. The testing focused on the respective web-interfaces and shows no significant differences between the two NGFWs at a first glance in terms of functionality. However, PAN’s web-interface does objectively feel more up-to-date and provides application visibility natively, which Juniper offers as a separate service as part of the centralised management platform, which is excessive for Office A’s network. The research and collection of data has been conducted based on Office A’s needs and requirements. Third-party research has been collected from NSS Labs and Gartner and serves as a basis for the evaluation. The future network of Office A introduces new services and the general usage will mainly consist of office oriented application based traffic. The evaluation of the research of the two NGFWs and the collection of data, in the context of Office A’s network, shows that the PA-3020 would be favoured. The key points are as follows: PAN’s NGFWs are built specifically for application awareness whereas Juniper are new in the NGFW market and has recently started to add the more advanced application awareness features. PAN offers a one-box solution suited for smaller networks such as Office A whereas a Juniper implementation would require additional hardware (VM’s) to obtain similar features. PAN offers more features in terms of user identification which is a key factor in enabling a true context aware security environment seamlessly integrated and invisible to the users. No major difference in cost if a similar set of features are to be implemented, based on non-rebated list prices (additional hardware not included). 1 Note: Due to confidentiality, the name and details of the company has been anonymised throughout the report.

Next-Generation Firewall

NGFW

Palo Alto Networks

Juniper

SRX1500

PA-3020

Service-Level Monitoring of HTTPS Traffic / Identification des Services dans le Trafic HTTPS

Shbair, Wazen M.

03 May 2017

Dans cette thèse, nous dressons tout d'abord un bilan des différentes techniques d'identification de trafic et constatons l'absence de solution permettant une identification du trafic HTTPS à la fois précise et respectueuse de la vie privée des utilisateurs. Nous nous intéressons dans un premier temps à une technique récente, néanmoins déjà déployée, permettant la supervision du trafic HTTPS grâce à l'inspection du champ SNI, extension du protocole TLS. Nous montrons que deux stratégies permettent de contourner cette méthode. Comme remédiation, nous proposons une procédure de vérification supplémentaire basée sur un serveur DNS de confiance. Les résultats expérimentaux montrent que cette solution pragmatique est efficace. Ensuite, nous proposons une architecture qui permet l'identification des services dans le trafic HTTPS, en se basant sur l'apprentissage automatique. Nous avons ainsi défini un nouvel ensemble de caractéristiques statistiques combinées avec une identification à deux niveaux, identifiant d'abord le fournisseur de services, puis le service, selon notre évaluation à partir de trafic réel. Enfin, nous améliorons cette architecture afin de permettre l'identification du trafic en temps réel en ne considérant que les premiers paquets des flux plutôt que leur totalité. Pour évaluer notre approche, nous avons constitué un dataset comportant les flux complets de chargement des principaux sites web et l'avons rendu public pour comparaison. Nous présentons également un prototype de logiciel reconstituant les flux HTTPS en temps réel puis les identifiant / In this thesis, we provide a privacy preserving for monitoring HTTPS services. First, we first investigate a recent technique for HTTPS services monitoring that is based on the Server Name Indication (SNI) field of the TLS handshake. We show that this method has many weakness, which can be used to cheat monitoring solutions.To mitigate this issue, we propose a novel DNS-based approach to validate the claimed value of SNI. The evaluation show the ability to overcome the shortage. Second, we propose a robust framework to identify the accessed HTTPS services from a traffic dump, without relying neither on a header field nor on the payload content. Our evaluation based on real traffic shows that we can identify encrypted HTTPS services with high accuracy. Third, we have improved our framework to monitor HTTPS services in real-time. By extracting statistical features over the TLS handshake packets and a few application data packets, we can identify HTTPS services very early in the session. The obtained results and a prototype implementation show that our method offers good identification accuracy, high HTTPS flow processing throughput, and a low overhead delay

HTTPS

Supervision

Sécurité

Analyse de trafic

Pare-feu

HTTPS

Security monitoring

Traffic analysis

Firewall

005.8

Proposta de interface para ensino de funcionamento interno de um Firewall / Proposed interface for teaching inner workings of a Firewall

Machado Junior, Dorival Moreira

17 September 2011

Made available in DSpace on 2016-04-29T14:23:02Z (GMT). No. of bitstreams: 1 Dorival Moreira Machado Junior.pdf: 9124929 bytes, checksum: 40b09b6fba8b45a037aa4560ff985908 (MD5) Previous issue date: 2011-09-17 / Internet is an element of great importance to society today, with a trend of increasingly become indispensable for our people. One of the agents responsible for balance and organization of this network is the firewall. Encouraged over the past four years ministering such content in the disciplines of computer networks in the course of Information Systems, noted the difficulty on the part of students to abstract and visualize the events inside the firewall. This difficulty comes to understanding the inner workings of the firewall, how he carries himself on a list of control rules, what actions should be taken before each data packet passing through it. The objective of this study is to analyze the difficulties of teaching a firewall and propose the use of a software interface to improve the teaching of the subject. So I present a literature review concepts about raising signs, semiotics, interface design and human computer. This study led to the election of a list of qualities to be featured on the interface proposed in this paper. Then we present the basic operation of a firewall, describing the key skills of it's own, presenting a further analysis of management interfaces most commonly used firewall. Finally, I present a proposal for a rough interface through a learning environment conducive to teaching and learning of the subject taking into account the qualities then identified / A internet é um elemento de muita importância para a sociedade mundial nos dias de hoje, com tendência de cada vez mais se tornar algo indispensável para as pessoas. Um dos agentes responsáveis pelo equilíbrio e organização desta rede é o firewall. Embasando-me nos últimos quatro anos ministrando tal conteúdo em disciplinas de redes de computadores em curso de Sistemas de Informação, observei a dificuldade por parte de alunos em abstrair e visualizar os acontecimentos no interior do firewall. Esta dificuldade se refere ao entendimento do funcionamento interno do firewall, como ele se porta diante de uma lista de regras de controle, que ações devem ser tomadas perante cada pacote de dados que passa por ele. O objetivo deste trabalho é analisar as dificuldades de ensino de um firewall e propor a utilização de uma interface de software para melhoria no ensino do tema. Assim apresento uma revisão bibliográfica levantando conceitos sobre signos, semiótica, design e interface homem computador. Este estudo propiciou a eleição de uma lista de qualidades a serem caracterizadas na interface proposta neste trabalho. Em seguida, é apresentado o funcionamento básico de um firewall, descrevendo as principais habilidades que ele deve possuir, apresentando ainda uma análise de interfaces de gerenciamento de firewall mais utilizadas. Por fim, apresento a proposta de interface através de esboços de um ambiente didático pedagógico propício ao ensino do tema e levando em consideração as qualidades então identificadas

Firewall

Redes

Interface

Signos

Design da informação

Network

Interface

Signs

Information design

CNPQ::OUTROS

The State of Man-in-the-Middle TLS Proxies: Prevalence and User Attitudes

ONeill, Mark Thomas

01 October 2016

We measure the prevalence and uses of Man-in-the-Middle TLS proxies using a Flash tool deployed with a Google AdWords campaign. We generate 15.2 million certificate tests across two large-scale measurement studies and find that 1 in 250 TLS connections are intercepted by proxies. The majority of these proxies appear to be benevolent, however we identify over 3,600 cases where eight malware products are using this technology nefariously. We also find thousands of instances of negligent, duplicitous, and suspicious behavior, some of which degrade security for users without their knowledge. Distinguishing these types of practices is challenging in practice, indicating a need for transparency and user awareness. We also report the results of a survey of 1,976 individuals regarding their opinions of TLS proxies. Responses indicate that participants hold nuanced opinions on security and privacy trade-offs, with most recognizing legitimate uses for the practice, but also concerned about threats from hackers or government surveillance. There is strong support for notification and consent when a system is intercepting their encrypted traffic, although this support varies depending on the situation. A significant concern about malicious uses of TLS inspection is identity theft, and many would react negatively and some would change their behavior if they discovered inspection occurring without their knowledge. We also find that a small but significant number of participants are jaded by the current state of affairs and have lost any expectation of privacy.

SSL

TLS

Proxy

MITM

man in the middle

measurement

survey

AdWords

security

malware

firewall

censorship

Computer Sciences