Evaluation of Embedded Firewall System

Rumelioglu, Sertac.

03 1900

The performance aspect and security capabilities of the Embedded Firewall (EFW) system are studied in this thesis. EFW is a host-based, centrally controlled firewall system consisting of network interface cards and the "Policy Server" software. A network consisting of EFW clients and a Policy Server is set up in the Advanced Network Laboratory at the Naval Postgraduate School. The Smartbits packet generator is used to simulate realistic data transfer environment. The evaluation is performed centered on two main categories: performance analysis and security capability tests. TTCP program and a script written in TCL are used to perform throughput and packet loss tests respectively. The penetration and vulnerability tests are conducted in order to analyze the security capabilities of EFW. Symantec Personal Firewall is used as a representative application firewall for comparing test results. Our study shows that EFW has better performance especially in connections with high amounts of encrypted packets and more effective in preventing insider attacks. However, current implementation of EFW has some weaknesses such as not allowing sophisticated rules that application firewalls usually do. We recommend that EFW be used as one of the protection mechanisms in a system based on the defense-in-depth concept that consists of application firewalls, intrusion detection systems and gateway protocols.

Firewalls (Computer security)

Computer networks

Security measures

Cyberterrorism

Security and efficiency concerns with distributed collaborative networking environments

Felker, Keith A.

03 1900

Approved for public release, distribution unlimited / The progression of technology is continuous and the technology that drives interpersonal communication is not an exception. Recent technology advancements in the areas of multicast, firewalls, encryption techniques, and bandwidth availability have made the next level of interpersonal communication possible. This thesis answers why collaborative environments are important in today's online productivity. In doing so, it gives the reader a comprehensive background in distributed collaborative environments, answers how collaborative environments are employed in the Department of Defense and industry, details the effects network security has on multicast protocols, and compares collaborative solutions with a focus on security. The thesis ends by providing a recommendation for collaborative solutions to be utilized by NPS/DoD type networks. Efficient multicast collaboration, in the framework of security is a secondary focus of this research. As such, it takes security and firewall concerns into consideration while comparing and contrasting both multicast-based and non-multicast-based collaborative solutions.

Computer networks

Security measures

Multicasting (Computer networks)

Firewalls (Computer security)

Security and efficiency concerns with distributed collaborative networking environments /

Felker, Keith A.

January 2003

Thesis (M.S. in Computer Science)--Naval Postgraduate School, September 2003. / Thesis advisor(s): Geoffrey Xie, John Gibson. Includes bibliographical references (p. 93-99). Also available online.

An automatic verification tool for firewall configurations /

Zheng, Feng,

January 1900

Thesis (M.Sc.) - Carleton University, 2006. / Includes bibliographical references (p. 87-88). Also available in electronic format on the Internet.

Evaluating the effectiveness of packet filter firewall applications in a "dual stack" Internet Protocol environment /

Snyder, Walter C.

January 2010

Typescript. Includes bibliographical references (leaves 73-76).

Empirical Measurement of Defense in Depth

Boggs, Nathaniel

January 2015

Measurement is a vital tool for organizations attempting to increase, evaluate, or simply maintain their overall security posture over time. Organizations rely on defense in depth, which is a layering of multiple defenses, in order to strengthen overall security. Measuring organizations' total security requires evaluating individual security controls such as firewalls, antivirus, or intrusion detection systems alone as well as their joint effectiveness when deployed together in defense in depth. Currently, organizations must rely on best practices rooted in ad hoc expert opinion, reports on individual product performance, and marketing hype to make their choices. When attempting to measure the total security provided by a defense in depth architecture, dependencies between security controls compound the already difficult task of measuring a single security control accurately. We take two complementary approaches to address this challenge of measuring the total security provided by defense in depth deployments. In our first approach, we use direct measurement where for some set of attacks, we compute a total detection rate for a set of security controls deployed in defense in depth. In order to compare security controls operating on different types of data, we link together all data generated from each particular attack and track the specific attacks detected by each security control. We implement our approach for both the drive-by download and web application attack vectors across four separate layers each. We created an extensible automated framework for web application data generation using public sources of English text. For our second approach, we measure the total adversary cost that is the total effort, resources, and time required to evade security controls deployed in defense in depth. Dependencies between security controls prevent us from simply summing the adversary cost to evade individual security controls in order to compute a total adversary cost. We create a methodology that accounts for these dependencies especially focusing on multiplicative relationships where the adversary cost of evading two security controls together is more than the sum of the adversary costs to evade each individually. Using the insight gained into the multiplicative dependency, we design a method for creating sets of multiplicative security controls. Additionally, we create a prototype to demonstrate our methodology for empirically measuring total adversary cost using attack tree visualizations and a database design capable of representing dependent relationships between security controls.

Firewalls (Computer security)

Virus inhibitors

Computer security

Computer science

Exploration of a method for constructing an industrial ethernet with ethernet enabled devices in an industrial environment using a Cisco adaptive security appliance /

Marjanovic, Uros,

January 2009

Thesis (M.S.)--Eastern Illinois University, 2009. / Includes bibliographical references (leaves 58-60).

Mobile IPv4 Secure Access to Home Networks

Tang, Jin

29 June 2006

With the fast development of wireless networks and devices, Mobile IP is expected to be used widely so that mobile users can access the Internet anywhere, anytime without interruption. However, some problems, such as firewall traversal and use of private IP addresses, restrict use of Mobile IP. The objective of this thesis is to design original schemes that can enable a mobile node at abroad to access its home network as well as the Internet securely and that can help Mobile IP to be used widely and commercially. Our solutions are secure, efficient, and scalable. They can be implemented and maintained easily. In this thesis, we mainly consider Mobile IPv4, instead of Mobile IPv6. Three research topics are discussed. In each topic, the challenges are investigated and the new solutions are presented. The first research topic solves the firewall traversal problems in Mobile IP. A mobile node cannot access its firewall-protected home network if it fails the authentication by the firewall. We propose that an IPsec tunnel be established between the firewall and the foreign agent for firewall traversal and that an IPsec transport security association be shared by the mobile node and a correspondent node for end-to-end security. The second topic researches further on firewall traversal problems and investigates the way of establishing security associations among network entities. A new security model and a new key distribution method are developed. With the help of the security model and keys, the firewall and the relevant network entities set up IPsec security associations to achieve firewall traversal. A mobile node from a private home network cannot communicate with other hosts with its private home address when it is visiting a public foreign network. A novel and useful solution is presented in the third research topic. We suggest that the mobile node use its Network Access Identifier (NAI) as its identification and obtain a public home address from its home agent. In addition, a new tunnel between the mobile node and its home agent is proposed.

Private addresses

AAA

IPsec

Firewall

Network security

Mobile IP

Wireless Internet

Computer networks Security measures

Firewalls (Computer security)

Mobile agents (Computer software)

Information security issues facing internet café users.

Kgopa, Alfred Thaga.

January 2013

M. Tech. Business Information Systems / Although owners of Internet cafés extend the freedom to have Internet access to the community, they fail to tighten their computer security to safeguard the private information of their customers. This dissertation provides a conceptual framework for improving information security in the Internet Café, to help and ensure data privacy, data integrity, risk management and information security (IS) behaviour. The study investigated the information security issues that are faced by users of Internet cafés and explored the effects of these issues. The framework shows how users can improve their physical security to reach higher standards of information privacy over the Internet.

Data protection -- South Africa.

Computer security -- South Africa.

A framework for secure human computer interaction.

Johnston, James

02 June 2008

This research is concerned with the development of a framework for the analysis and design of interfaces found in a security environment. An example of such an interface is a firewall. The purpose of this research is to use the framework as a method to improve the usability of an interface, thus aiding the user to implement the correct security features. The purpose is also to use the framework to assist in the development of trust between a user and a computer system. In this research the framework comprises six criteria which are used to analyse interfaces found in the traditional software environment, Internet banking environment and e-commerce environment. In order to develop the framework an overview of the fields of information security and human computer interfaces (HCI) is given. The overview provides background information and also establishes the existing research which has been done in these fields. Due to its popularity, the Windows Internet Connection Firewall is analysed in this research. Based on the criteria a level of trust fostered between the user and interface is calculated for the firewall. It is then shown how this level of trust can be improved by modifying the interface. A proposed interface for the firewall is presented according to the criteria. Interfaces found in the online Internet environment are discussed. This is important in order to identify the similarities and differences between traditional software interfaces and web interfaces. Due to these differences the criteria are modified to be relevant in the analysis and design of security interfaces found on the Internet. Three South African online banking websites are analysed according to the modified framework. Each interface is broken down into a number of components which are then analysed individually. The results of the analysis are compared between the three banking sites to identify the elements which make up a successful interface in an online banking environment. Lastly, three interfaces of e-commerce websites are analysed. Recommendations are made on how the interfaces can be improved, thus leading to a higher level of trust. / Labuschagne, L., Prof.

electronic commerce security measures

web sites security measures

internet banking security measures

firewalls (computer security)

Microsoft Windows (computer file)

computer security

human- computer interaction