Global ETD Search

171	Detecting known host security flaws over a network connection Andersson, Martin January 2007 (has links) To test if a host contains any known security flaws over a network connection a Vulnerability Assessment (VA) could be made. This thesis describes different techniques used by VA tools over a network connection to detect known security flaws. To decrease the risk of flaws not being detected, several VA tools could be used. There is no common way of merging information from different VA tools. Therefore the Vulnerability Assessment Information Handler (VAIH) has been developed. The VAIH system consists of three parts. First, a intermediate language format defined in XML. Second, modules that converts the output of VA tools to the intermediate language format. Third, a program for reading and displaying the intermediate language format. The VAIH system makes it possible to merge the results from vulnerability assessment tools into one file that can be displayed and edited through a GUI. Vulnerability assessment computer security host security network security detecting security flaws Computer Sciences Datavetenskap (datalogi)
172	Estudo sobre a extração de políticas de firewall e uma proposta de metodologia / A Study about firewall policy extraction and a proposal for a methodology Horowitz, Eduardo January 2007 (has links) Com o aumento das ameaças na Internet, firewalls tornaram-se mecanismos de defesa cada vez mais utilizados. No entanto, sua configuração é notadamente complexa, podendo resultar em erros. Vários estudos foram realizados com o intuito de resolver tais problemas, mas a grande maioria deles se concentrou em trabalhar diretamente no nível de configuração, o que possui limitações. O presente trabalho investiga maneiras de extrair políticas em mais alto nível a partir de regras de firewall em baixo nível, o que é mais intuitivo. A fim de extrair as políticas reais a partir de regras de firewall, o problema do descorrelacionamento é estudado e algoritmos anteriormente propostos para resolvê-lo são apresentados e discutidos. É apresentado, também, um tipo de grafo para a melhor visualização e análise de correlacionamento entre regras. Além disso, é pesquisado o agrupamento de regras descorrelacionadas, que tem o objetivo de elevar o nível das mesmas. São apresentados dois algoritmos para realizar o agrupamento, sendo um deles novo. A seguir, é proposta uma nova metodologia de extração de políticas de firewall. A primeira parte desta consiste na utilização de um novo tipo de descorrelacionamento, o descorrelacionamento hierárquico. Este é acompanhado por uma nova maneira de agrupar regras descorrelacionadas hierarquicamente, o agrupamento hierárquico. A segunda parte é uma nova modelagem de regras de firewall que fazem parte de blacklist ou whitelist, separando-as das demais regras na extração de políticas. Algumas maneiras de realizar esta separação também são discutidas. Por fim, são relatadas as conclusões e possibilidades de trabalhos futuros. / As the number of threats in the Internet grows, firewalls have become a very important defense mechanism. However, configuring a firewall is not an easy task and is prone to errors. Several investigations have been made towards solving these issue. However, most of them have focused on working directly at the configuration level and have a number of limitations. This work investigates methods to extract higher level policies from low level firewall rules. Aiming at extracting real policies from firewall rules, we analyse the firewall decorrelation problem and previously proposed algoritmhs to solve it. In addition, a new type of graph is presented aiming at better visualising and analysing rules’ correlation. We also investigate the merging of decorrelated rules, with the goal of defining more abstract rules. Two algorithms are then presented and a new methodology for the extraction of firewall policies is proposed. This methodology is twofold. The first part consists of the use a new type of decorrelation: the hierachical decorrelation, which is introduced along with a new way of hierarchically merging decorrelated rules. The second part is a new model for blacklist or whitelist firewall rules, separating them from the other rules in the policy extraction. We also present alternatives for accomplishing this separation. Finally, we conclpude and point out directions for future work. Seguranca : Computadores Criptografia Firewall Network security Firewalls Firewall policies Decorrelation Policy extraction
173	Proposta de um sistema de gerência de redes PLC utilizando SNMPv3 / Proposal of a management system for PLC networks using SNMPv3 OLIVEIRA, Diogo Nunes de 20 August 2009 (has links) Made available in DSpace on 2014-07-29T15:08:22Z (GMT). No. of bitstreams: 1 dissertacao diogo oliveira.pdf: 704815 bytes, checksum: 785a905781cd04a8e166c428e941689b (MD5) Previous issue date: 2009-08-20 / ACCESS technologies for data transmission, such as xDSL, Wi-¯ and cable modem are widely used because they support high data transmission rates at low cost. Among these technologies, Power Line Communications, known as PLC, is a promising solution. PLC technology transmits data over power network, which presents high capilarity, due to the fact that it is present in 99% of residences. Since most of its structure already exists, power supply concessionaries started investing in this solution to stop being only a power supply concessionary and to be also a telecommunication company. In order to obtain control over a technology it is necessary to use management techniques that permits the maximum extraction of information from technology and involved devices. One of the goals of this work is to present the management solution developed to PLC networks. This solution di®ers from network management solutions used on other data transmission technologies due to the transmission media utilized. The management software used as base of the management system implemented is a free and no cost software. The concept of free code was adopted to the solutions implemented to the management system. The other goal of this work is to present the proposal and implementation of an embedded system based on PIC microcontroller that performs conversion of versions of SNMP protocol, which is the default management protcol in TCP/IP based networks. This converter device brings security to PLC networks management, since PLC devices only support version 2c of SNMP protocol, which is faulty regarding security. Since SNMPv3 supports authentication and privacy al gorithms, the designed converter device is capable of providing security, due to its capacity of coding a SNMPv2c packet into a SNMPv3 packet, and vice-versa. / TECNOLOGIAS de acesso para transmiss~ao de dados, como xDSL, Wi-¯ e cable modem s~ao amplamente utilizadas por permitirem altas taxas de transmissãao a baixo custo. Dentre essas tecnologias, a Power Line Communications, conhecida como PLC, ¶e uma solução promissora. A tecnologia PLC permite a transmiss~ao de dados atrav¶es da rede el¶etrica, rede essa que apresenta elevada capilaridade, pois est¶a presente em 99% das resid^en- cias. Por ser uma tecnologia que j¶a tem grande parte de sua estrutura pronta, as concession¶arias de energia el¶etrica come»cam a investir nessa solu»c~ao, com o intuito de deixar de ser apenas uma concession¶aria de energia, passando a ser tamb¶em uma operadora de telecomunicações. Para ter controle sobre uma tecnologia ¶e necess¶ario utilizar t¶ecnicas de gerenciamento que permitam extrair o m¶aximo de informa»c~oes a respeito do funcionamento e estado da tecnologia e dos equipamentos envolvidos, e como resultado, proporcionar con¯abilidade nessa tecnologia. Este trabalho tem como um de seus objetivos apresentar a solu»c~ao de gerenciamento desenvolvida para redes PLC. Esta solu»c~ao difere de sistemas de gerência de outras tecnologias de transmiss~ao de dados devido ao meio utilizado para a transmiss~ao e por ser uma tecnologia ainda pouco utilizada. O software de gerenciamento utilizado como base do sistema de ger^encia que fora implementado ¶e um software de c¶odigo livre e gratuito. Para o desenvolvimento da ferramenta de gerência de redes PLC foi adotado o conceito do software livre, sendo assim, todos os softwares utilizados s~ao livres e gratuitos. O outro objetivo deste trabalho ¶e apresentar a proposta e implementa»c~ao de um sistema embarcado baseado em microcontrolador para realizar a convers~ao de vers~oes do protocolo SNMP, utilizado no gerenciamento de redes TCP/IP. A ¯nalidade deste conversor ¶e implementar seguran»ca no gerenciamento de redes PLC, visto que os ativos PLC suportam apenas o protocolo SNMP em sua vers~ao 2c, vers~ao esta que ¶e bastante falha se tratando de seguran»ca dos dados. Como o SN-MPv3 suporta algoritmos de autentica»c~ao e criptogra¯a, o equipamento conversor desenvolvido ¶e capaz de prover seguran»ca, devido µa sua capacidade de codi¯car um pacote SNMPv2c em um pacote SNMPv3, e vice-versa gerenciamento de redes segurança de redes PLC CNPQ::ENGENHARIAS
174	Mutual authentication in electronic commerce transactions. Kisimov, Martin Valentinov 02 June 2008 (has links) Electronic commerce is a large and ever growing industry. Online transactions are returning ever-growing revenues to electronic merchants. The e-commerce industry is still facing a range of problems concerning the process of completion of online transactions. Such problems are connected to consumer fears dealing with the identity of online merchants, their security pre- cautions and methods for accepting online payments. This thesis develops and presents a Mutual Authentication Model (MAM), which addresses the problem of mutual authentication between online shoppers and merchants. The model combines existing technologies in the eld of cryp- tography, as well as the use of digital signatures and certi cates. This is done in a speci c manner as for the model to achieve mutual authentication between communicating parties, in an online transactions. The Mutual Authentication Model provides a process through which an online shopper can be quickly and transparently equipped with a digital identi cation, in the form of a digital certi cate of high trust, in order for this shopper to participate in an authen- ticated transaction within the MAM. A few of the advantages of the developed model include the prospect of decreased online credit fraud, as well as an increased rate of completed online transactions. / Prof. S.H. von Solms Data Encryption (computer science) computer network security computer access control electronic commerce security
175	Peer-to-peer : time to lock the door Petersson, Linus January 2002 (has links) Is a regulating policy concerning peer-to-peer applications required so that companies and institutions can better manage the security issues of internal peer-to-peer applications? There is high security and privacy risks involved when using p2p applications like KaZaA, Bearshare, Audiogalaxy and ICQ. With the high speed networks of today it is very important to really know what is going on in your network and which applications is doing what and with whom. If not, there are high possibilities that your system will be used for more or less malicious purposes. Therefore it is interesting to find out if p2p applications have found their way behind company walls. A policy can prevent the issues discussed either by banning employees from using p2p applications or by regulate the use of these applications in a very detailed manner. The implementation of a policy makes the usage controlled and easily supervised by the company security staff. Implementing a policy that regulates the use of p2p applications can prevent possible attacks on the company/organisation network. peer-to-peer p2p network security security policy Computer Sciences Datavetenskap (datalogi)
176	Behaviour of Port-knocking authentication mechanism Gerdzhikov, Petko January 2017 (has links) Port-knocking is a security mechanism used in computer systems to hide available network services. Its operation relies on a drop policy firewall setting in order to make impossible for port-scanning attacks to occur. This project researches the impact of implementing such a software solution. Furthermore, it looks into the behavior of three chosen implementations and make conclusions on the benefits and disadvantages that they bring. In addition, the surrounding implications related to both user and administrator are explored. This thesis includes tests on the resource consumption of the implementations as well as records of the added delay of using the mechanism when initiating a SSH session. There has not been such research performed in this field and the results of it could be beneficial to those who are involved in computer science and network security in particular. Finally, the product of this study state that port-knocking is overlooked and has great benefits in preventing zero-day exploits and hacker tools relying on exposed network services. port knocking network security security through obscurity concealment single packet authorization Computer Sciences Datavetenskap (datalogi)
177	Key Management in Ad Hoc Networks / Nyckelhantering i Ad Hoc Nät Fokine, Klas January 2002 (has links) This thesis covers the issue of securing ad hoc networks. Such networks exhibit a number of characteristics that make such a task challenging. One of the major challenges is that ad hoc networks typically lack a fixed infrastructure both in form of physical infrastructure such as routers, servers and stable communication links and in the form of an organizational or administrative infrastructure. Another difficulty lies in the highly dynamic nature of ad hoc networks since new nodes can join and leave the network at any time. The major problem in providing security services in such infrastructure less networks is how to manage the cryptographic keys that are needed. In order to design practical and efficient key management systems it is necessary to understand the characteristics of ad hoc networks and why traditional key management systems cannot be used. These issues are covered and the thesis also provides a summary of those key management solutions that have been proposed in the research literature so far. Informationsteknik ad hoc networking key management network security Informationsteknik Computer and Information Sciences Data- och informationsvetenskap
178	Annulering av ogiltiga certifikat i Public-Key Infrastructures / Revocation of invalid certificates in Public-Key Infrastructures Nilsson, Christoffer January 2005 (has links) According to numerous sources, computer security can be explained as; how to address the three major aspects, namely Confidentiality, Integrity and Availability. Public-key infrastructure is a certificate based technology used to accomplish these aspects over a network. One major concern involving PKIs is the way they handle revocation of invalid certificates. The proposed solution will make revocation more secure; validation will be handled completely by the certificate authority, and revokes will be instant, without use of certificate revocation lists. / I enlighet med flertalet källor, kan datorsäkerhet beskrivas som; hur man adresserar de tre mest betydelsefulla aspekterna, nämligen Confidentiality (Tillit), Integrity (Integritet) och Availability (tillgänglighet). PKI är en certifikat baserad teknologi som används för att uppfylla dessa aspekter över ett nätverk. Ett huvudsakligt orosmoment rörande PKI är hur man skall hantera annullering av ogiltiga certifikat. Den föreslagna lösningen kommer att hantera annullering på ett mer säkert sätt; validering av certifikat hanteras uteslutandes av ”certifikat instansen” (the certificate authority), och annulleringar sker omedelbart, utan användning av ”annullerings listor” (certificate revocation lists). public-key private-key certificate revocation network-security Computer Sciences Datavetenskap (datalogi) Software Engineering Programvaruteknik
179	Investigation of different VPN Solutions Rehman, Sheikh Riaz Ur January 2009 (has links) Abstract The rapid growth of e-business in past few years has improved companies efficiency and revenue growth. E-business applications such as e-commerce, remote access has enabled companies to manage processes, lower operating costs and increased customer satisfaction. Also the need rises for the scalable networks that accommodate voice, video, and data traffic. With the increased dependability of networks the security issues are raised and networks become more and more vulnerable to different types of security threats. To overcome security issues different security technologies are in action by vendors and technologists. Also for the survival of many businesses to allow open access to network resources, today’s networks are designed with the requirement of availability to the Internet and public networks, therefore, information confidentiality is the major issue in these networks to ensure that the network resources and user data are as secure as possible. With the requirement of network security, concept of Virtual private network was established. A Virtual Private Network (VPN) can be defined as a network in which connectivity between multiple customers’ sites is deployed on a shared network with the same security as a private network. Different VPN technologies and protocols architectures are available in market among are MPLS VPN architecture, IPSec VPN architecture, and SSL VPN architecture. Like With the introduction of Multiprotocol Label Switching (MPLS), which combines the benefits of Layer 2 switching and Layer 3 routing, it became possible to construct a technology that combines the benefits of an overlay VPN with the benefits of peer-to-peer VPN implementation in which routing is simple. MPLS/VPN is a new and simple technology, which provides simpler to routing and also makes number of topologies easy to implement which are otherwise difficult to implement. All architectures have benefits and drawbacks, also each of them can be implemented separately or in combination of other according to customer security requirement and performance of the network. Network Security VPN MPLS VPN IPSec VPN Computer Sciences Datavetenskap (datalogi)
180	Servicing a Connected Car Service Svensson, Benjamin, Varnai, Kristian January 2015 (has links) Increased wireless connectivity to vehicles invites both existing and new digital methods of attack, requiring the high prioritisation of security throughout the development of not just the vehicle, but also the services provided for it. This report examines such a connected car service used by thousands of customers every day and evaluates it from a security standpoint. The methods used for this evaluation include both direct testing of vulnerabilities, as well as the examination of design choices made which more broadly affect the system as a whole. With the results are included suggestions for solutions where necessary, and in the conclusion, design pitfalls and general considerations for system development are discussed. Systems security Network security Distributed systems security Penetration testing Computer Sciences Datavetenskap (datalogi)

Search results