SDP And VPN For Remote Access : A Comparative Study And Performance Evaluation

Sintaro, Abel Tariku, Komolafe, Yemi Emmanuel

January 2021

Remote access is a way of providing access to networks from outside the premises of the network. Virtual Private Network (VPN) is one solution used to provide remote access. Software-Defined Perimeter (SDP) is another solution that is capable of providing access to resources from a remote location. These two technologies use different security models yet provide comparable remote access functionalities. This thesis project investigates the basic components, architecture, and security services of SDP and IPSec VPN. Additionally, a performance evaluation is conducted on SDPand VPN on their connection setup time and network throughput. Our result shows that both SDP and VPN provide secure access, however, SDP has additional features that make it a more secure solution. This thesis project is written in the hopes that it can help enterprises with or without a VPN solution already in place to consider SDP as an alternative solution and learn SDP in comparison with VPN.

Zero-Trust security model

Perimeter-based security model

Software- defined perimeter

IPSec VPN

performance evaluation

comparative study

Computer Systems

Datorsystem

Communication Systems

Kommunikationssystem

<strong>Countermeasures for Preventing Malicious Infiltration on the Information Technology Supply Chain</strong>

Leah Michelle Roberts (15952769)

31 May 2023

<p>  </p> <p>Supply chain security continues to be an overlooked field with consequences that can disrupt industrial complexes, cause irreparable harm to critical infrastructure services, and bring unparalleled devastation to human lives. These risks, once constrained to physical tactics, have advanced to undetectable cyber strategies as in the case of the infamous third-party attacks on Target and SolarWinds (Wright, 2021). Moreover, no one sector appears to be immune, as a study by the Government Accountability Office (GAO) found that federal agencies also lag in complying with their own standards as published by the National Institute of Standards and Technology (NIST) (Eyadema, 2021).  Throughout this research study, malicious infiltrations propagated by nefarious actors were explored to identify countermeasures and best practices that can be deployed to protect organizations. Often, the lack of defense strategies is not from an absence of information, but from overly complex procedures and a lack of concise requirements. In a recent survey of Department of Defense (DoD) suppliers, 46% of respondents claimed that the supply chain requirements were too difficult to understand, thus reaffirming the importance of creating tools and techniques that are pragmatic and easily implementable (Boyd, 2020).</p> <p><br></p> <p>The research study presented offered notable safeguards through a literature review of prior studies, standards, and a document analysis of three prominent Information Technology (IT) companies who have made considerable advances in the field of IT supply chain. The results of the research led to the creation of the <em>Roberts Categorization Pyramid </em>which follows a zero-trust framework of “never trust, always verify” (Pavana & Prasad, 2022, p. 2). The pyramid is then further broken down into a formidable six-layer support structure consisting of governance, physical security, sourcing security, manufacturing, hardware security, and software security best practices. Finally, the importance of persistent vigilance throughout the life cycle of IT is highlighted through a continuous monitoring defense strategy layer that engulfs the entirety of the pyramid.  Through this compilation of pragmatic countermeasures, supply chain practitioners can become more informed, leading to more mindful decisions and protective requirements in future solicitations and supplier flow-downs. </p>

Supply chains

supply chain security

cyber supply chain

IT supply chain countermeasures

IT infiltration

zero trust

embedded hardware devices

malicious code

cyber

A Comprehensive Analysis of the Environmental Impact on ROPUFs employed in Hardware Security, and Techniques for Trojan Detection

Alsulami, Faris Nafea

January 2022

No description available.

Electrical Engineering

Computer Engineering

Hardware Security

FPGA, PUF

ROPUF

Advanced Metering Infrastructure

Smart Grid

Zero Trust Architecture

Blockchain Technology

Hardware Trojans

Side-Channel Analysis.

Zero Trust Adoption : Qualitative research on factors affecting the adoption of Zero Trust

Hansen, Jennifer

January 2022

The following qualitative research explores the adoption of Zero Trust in organisations from an organisational and user acceptance perspective. From an organisational perspective, the research highlights essential aspects such as testing the Zero Trust architecture in a pre-adoption phase, involving top management in the planning phase, communicating in a non-technical language, and making end-users feel a personal connection to IS security. The research highlights the importance of balancing the ease of use with security, evaluating the end-user's technical maturity, and carrying out evaluations from a user acceptance perspective. To gather valuable empirical data, the researcher has conducted semi-structured interviews with highly competent respondents within the field of Zero Trust. Most of the literature available today within Zero Trust focuses on technical aspects, and this research is a unique and vital contribution to the limited available research.

Zero Trust

Traditional Network-based Security

Perimeter-based Security

End-users

Implementation

IS Adoption

IS Security

IS Security Innovation Adoption

Information Systems, Social aspects