Spelling suggestions: "subject:"bnetwork 2security."" "subject:"bnetwork bsecurity.""
71 |
A Secure Gateway Localization and Communication System for Vehicular Ad Hoc NetworksWang, Yan 22 April 2013 (has links)
Intelligent Transport System (ITS) has become a hot research topic over the past decades. ITS is a system that applies the following technologies to the whole transportation management system efficiently, including information technique, wireless communication, sensor networks, control technique, and computer engineering. ITS provides an accurate, real time and synthetically efficient transportation management system. Obviously, Vehicular Ad Hoc NETworks (VANETs) attract growing attention from both the research community and industry all over the world. This is because a large amount of applications are enabled by VANETs, such as safety related applications, traffic management, commercial applications and general applications. When connecting to the internet or communicating with different networks in order to access a variety of services using VANETs, drivers and passengers in different cars need to be able to exchange messages with gateways from their vehicles. A secure gateway discovery process is therefore critical, because vehicles should not be subject to security attacks while they are communicating; however, currently there is no existing protocol focusing on secure gateway discovery.
In this thesis, we first analyze and compare current existing secure service discovery protocols and then we propose a Secure Gateway Localization and Communication System for Vehicular Ad Hoc Networks (SEGAL), which concentrates on the security issue in gateway discovery. We focus on the authentication aspect by proposing secure cluster based VANETs, that can ensure the gateway discovery messages exchanged through secure clusters. We present the principle and specific process of our SEGAL protocol and analyze its performance to guarantee its outstanding practical applicability.
|
72 |
Network Security Report : Penetration Tools for Network SecurityKlasson, Daniel, Klasson, Kim, Iourtchenko, Anatoly January 2014 (has links)
This report, will show by demonstration with Network Penetration, how to reveal security holes by using the same methods as an outside attack and carry out attacks against wired and wireless networks when it comes to sniffing user traffic, abuse VLAN, cracking password, WEP, WPA/WPA2, hacking WPS and analysing traffic. The tests was performed at the Halmstad University with lab equipment and at home with own equipment. Using Backtrack 5 R3 which is compatible with Linux, performance of the tests could be done by making use of various tools that comes with Backtrack.The goal of the project was to demonstrate how to reveal security holes by using the same methods as an outside attack. By testing, demonstrate and report the security of wired and wireless network, the achievement of these goals could be done and a greater insight into network security was gained, which gives more experience and knowledge that can be taken to a future professional life. The results show how simple it can be to abuse a network or sniff a password if there is no attention to the safety and the security configurations that can be implemented.In other words, during this project, both learning and demonstration has been done to show how vulnerable individuals, civilians and entrepreneurs are. It is easier than someone can imagine to obtaining unauthorized information that nobody wants to share out.
|
73 |
Information System SecurityYucel, Okan 01 January 2003 (has links) (PDF)
This thesis analyzes the physical, communicational, and organizational
dimensions of information system security process by taking the four-layer approach,
which is composed of the policy, model, architecture, and mechanisms into account.
Within this scope, according to the results of the security analysis of information
systems in METU Informatics Institute, the policy, model, architecture, and
mechanisms necessary to prepare a new security process were proposed. As a
subcomponent of this proposed security process, the network security of the IS100
course was partially established, and the generated results were evaluated.
|
74 |
Detecting Sybil Nodes in Static and Dynamic NetworksJanuary 2010 (has links)
abstract: Peer-to-peer systems are known to be vulnerable to the Sybil attack. The lack of a central authority allows a malicious user to create many fake identities (called Sybil nodes) pretending to be independent honest nodes. The goal of the malicious user is to influence the system on his/her behalf. In order to detect the Sybil nodes and prevent the attack, a reputation system is used for the nodes, built through observing its interactions with its peers. The construction makes every node a part of a distributed authority that keeps records on the reputation and behavior of the nodes. Records of interactions between nodes are broadcast by the interacting nodes and honest reporting proves to be a Nash Equilibrium for correct (non-Sybil) nodes. In this research is argued that in realistic communication schedule scenarios, simple graph-theoretic queries such as the computation of Strongly Connected Components and Densest Subgraphs, help in exposing those nodes most likely to be Sybil, which are then proved to be Sybil or not through a direct test executed by some peers. / Dissertation/Thesis / Ph.D. Computer Science 2010
|
75 |
Secure Mobile SDNJanuary 2015 (has links)
abstract: The increasing usage of smart-phones and mobile devices in work environment and IT
industry has brought about unique set of challenges and opportunities. ARM architecture
in particular has evolved to a point where it supports implementations across wide spectrum
of performance points and ARM based tablets and smart-phones are in demand. The
enhancements to basic ARM RISC architecture allow ARM to have high performance,
small code size, low power consumption and small silicon area. Users want their devices to
perform many tasks such as read email, play games, and run other online applications and
organizations no longer desire to provision and maintain individual’s IT equipment. The
term BYOD (Bring Your Own Device) has come into being from demand of such a work
setup and is one of the motivation of this research work. It brings many opportunities such
as increased productivity and reduced costs and challenges such as secured data access,
data leakage and amount of control by the organization.
To provision such a framework we need to bridge the gap from both organizations side
and individuals point of view. Mobile device users face issue of application delivery on
multiple platforms. For instance having purchased many applications from one proprietary
application store, individuals may want to move them to a different platform/device but
currently this is not possible. Organizations face security issues in providing such a solution
as there are many potential threats from allowing BYOD work-style such as unauthorized
access to data, attacks from the devices within and outside the network.
ARM based Secure Mobile SDN framework will resolve these issues and enable employees
to consolidate both personal and business calls and mobile data access on a single device.
To address application delivery issue we are introducing KVM based virtualization that
will allow host OS to run multiple guest OS. To address the security problem we introduce
SDN environment where host would be running bridged network of guest OS using Open
vSwitch . This would allow a remote controller to monitor the state of guest OS for making
important control and traffic flow decisions based on the situation. / Dissertation/Thesis / Masters Thesis Computer Science 2015
|
76 |
Policy-driven Network Defense for Software Defined NetworksJanuary 2016 (has links)
abstract: Software-Defined Networking (SDN) is an emerging network paradigm that decouples the control plane from the data plane, which allows network administrators to consolidate common network services into a centralized module named SDN controller. Applications’ policies are transformed into standardized network rules in the data plane via SDN controller. Even though this centralization brings a great flexibility and programmability to the network, network rules generated by SDN applications cannot be trusted because there may exist malicious SDN applications, and insecure network flows can be made due to complex relations across network rules. In this dissertation, I investigate how to identify and resolve these security violations in SDN caused by the combination of network rules and applications’ policies. To this end, I propose a systematic policy management framework that better protects SDN itself and hardens existing network defense mechanisms using SDN.
More specifically, I discuss the following four security challenges in this dissertation: (1) In SDN, generating reliable network rules is challenging because SDN applications cannot be trusted and have complicated dependencies each other. To address this problem, I analyze applications’ policies and remove those dependencies by applying grid-based policy decomposition mechanism; (2) One network rule could accidentally affect others (or by malicious users), which lead to creating of indirect security violations. I build systematic and automated tools that analyze network rules in the data plane to detect a wide range of security violations and resolve them in an automated fashion; (3) A fundamental limitation of current SDN protocol (OpenFlow) is a lack of statefulness, which is extremely important to several security applications such as stateful firewall. To bring statelessness to SDN-based environment, I come up with an innovative stateful monitoring scheme by extending existing OpenFlow specifications; (4) Existing honeynet architecture is suffering from its limited functionalities of ’data control’ and ’data capture’. To address this challenge, I design and implement an innovative next generation SDN-based honeynet architecture. / Dissertation/Thesis / Doctoral Dissertation Computer Science 2016
|
77 |
Improving Desktop System Security Using CompartmentalizationJanuary 2018 (has links)
abstract: Compartmentalizing access to content, be it websites accessed in a browser or documents and applications accessed outside the browser, is an established method for protecting information integrity [12, 19, 21, 60]. Compartmentalization solutions change the user experience, introduce performance overhead and provide varying degrees of security. Striking a balance between usability and security is not an easy task. If the usability aspects are neglected or sacrificed in favor of more security, the resulting solution would have a hard time being adopted by end-users. The usability is affected by factors including (1) the generality of the solution in supporting various applications, (2) the type of changes required, (3) the performance overhead introduced by the solution, and (4) how much the user experience is preserved. The security is affected by factors including (1) the attack surface of the compartmentalization mechanism, and (2) the security decisions offloaded to the user. This dissertation evaluates existing solutions based on the above factors and presents two novel compartmentalization solutions that are arguably more practical than their existing counterparts.
The first solution, called FlexICon, is an attractive alternative in the design space of compartmentalization solutions on the desktop. FlexICon allows for the creation of a large number of containers with small memory footprint and low disk overhead. This is achieved by using lightweight virtualization based on Linux namespaces. FlexICon uses two mechanisms to reduce user mistakes: 1) a trusted file dialog for selecting files for opening and launching it in the appropriate containers, and 2) a secure URL redirection mechanism that detects the user’s intent and opens the URL in the proper container. FlexICon also provides a language to specify the access constraints that should be enforced by various containers.
The second solution called Auto-FBI, deals with web-based attacks by creating multiple instances of the browser and providing mechanisms for switching between the browser instances. The prototype implementation for Firefox and Chrome uses system call interposition to control the browser’s network access. Auto-FBI can be ported to other platforms easily due to simple design and the ubiquity of system call interposition methods on all major desktop platforms. / Dissertation/Thesis / Doctoral Dissertation Computer Science 2018
|
78 |
Infosure: an information security management system.Venter, Diederik Petrus 04 June 2008 (has links)
Information constitutes one of an organisation’s most valuable assets. It provides the modern organisation with a competitive edge and in some cases, is a requirement merely to survive. An organisation has to protect its information but due to the distributed, networked environment of today, faces a difficult challenge; it has to implement a system of information security management. Software applications can provide significant assistance in managing information security. They can be used to provide for centralised feedback of information security related activities as well as for centralised configuration activities. Such an application can be used in enforcing compliance to the organisation’s information security policy document. Currently there are a number of software products that provide this function in varying measures. In this research the major players in this space were examined to identify the features commonly found in these systems, and where they were lacking in terms of affordability, flexibility and scalability. A framework for an information security management application was defined based on these features and requirements and incorporating the idea of being affordable, but still flexible and extendable. This shifted the focus from attempting to provide a comprehensive list of interfaces and measurements into general information security related activities, to focusing on providing a generic tool that could be customised to handle any information fed back to it. The measurements could then be custom-developed as per the needs of the organisation. This formed the basis on which the prototype information security management application (InfoSure) was developed. / Prof. S.H. Solms
|
79 |
Analysis of Network Security Threats and Vulnerabilities by Development & Implementation of a Security Network Monitoring Solution / Analys av hot Network Security och sårbarheter Utveckling & Genomförandet av en Security Network övervakningslösningAhmad, Nadeem, Habib, M. Kashif January 2010 (has links)
Communication of confidential data over the internet is becoming more frequent every day. Individuals and organizations are sending their confidential data electronically. It is also common that hackers target these networks. In current times, protecting the data, software and hardware from viruses is, now more than ever, a need and not just a concern. What you need to know about networks these days? How security is implemented to ensure a network? How is security managed? In this paper we will try to address the above questions and give an idea of where we are now standing with the security of the network. / Konfidentiella uppgifter via Internet blir vanligare varje dag. Personer och organisationer skickar sina konfidentiella uppgifter elektroniskt. Det är också vanligt att hackare mot dessa nät. I dagens tider, skydd av data, programvara och hårdvara från virus är, nu mer än någonsin ett behov och inte bara en oro. Vad du behöver veta om nätverk i dessa dagar? Hur säkerheten genomförs för att säkerställa ett nätverk? Hur säkerheten hanteras? I denna skrift kommer vi att försöka ta itu med dessa frågor och ge en uppfattning om var vi nu står med säkerheten för nätet.
|
80 |
Develop a Secure Network – A Case StudyRayapati, Habeeb January 2010 (has links)
In recent years, so many networks are being built and some of the organizations are able to provide security to their networks. The performance of a network depends on the amount of security implemented on the network without compromising the network capabilities. For building a secure network, administrators should know all the possible attacks and their mitigation techniques and should perform risk analysis to find the risks involved in designing the network. And they must also know how to design security policies for implement the network and to educate the employees, to protect the organization’s information. The goal behind this case-study is to build a campus network which can sustain from reconnaissance attacks. This thesis describes all the network attacks and explores their mitigation techniques. This will help an administrator to be prepared for the coming attacks. This thesis explains how to perform risk analysis and the two different ways to perform risk analysis. It also describes the importance of security policies and how security policies are designed in real world.
|
Page generated in 0.0643 seconds