Global ETD Search

41	Mobile IPv4 Secure Access to Home Networks Tang, Jin 29 June 2006 (has links) With the fast development of wireless networks and devices, Mobile IP is expected to be used widely so that mobile users can access the Internet anywhere, anytime without interruption. However, some problems, such as firewall traversal and use of private IP addresses, restrict use of Mobile IP. The objective of this thesis is to design original schemes that can enable a mobile node at abroad to access its home network as well as the Internet securely and that can help Mobile IP to be used widely and commercially. Our solutions are secure, efficient, and scalable. They can be implemented and maintained easily. In this thesis, we mainly consider Mobile IPv4, instead of Mobile IPv6. Three research topics are discussed. In each topic, the challenges are investigated and the new solutions are presented. The first research topic solves the firewall traversal problems in Mobile IP. A mobile node cannot access its firewall-protected home network if it fails the authentication by the firewall. We propose that an IPsec tunnel be established between the firewall and the foreign agent for firewall traversal and that an IPsec transport security association be shared by the mobile node and a correspondent node for end-to-end security. The second topic researches further on firewall traversal problems and investigates the way of establishing security associations among network entities. A new security model and a new key distribution method are developed. With the help of the security model and keys, the firewall and the relevant network entities set up IPsec security associations to achieve firewall traversal. A mobile node from a private home network cannot communicate with other hosts with its private home address when it is visiting a public foreign network. A novel and useful solution is presented in the third research topic. We suggest that the mobile node use its Network Access Identifier (NAI) as its identification and obtain a public home address from its home agent. In addition, a new tunnel between the mobile node and its home agent is proposed. Private addresses AAA IPsec Firewall Network security Mobile IP Wireless Internet Computer networks Security measures Firewalls (Computer security) Mobile agents (Computer software)
42	Information security issues facing internet café users. Kgopa, Alfred Thaga. January 2013 (has links) M. Tech. Business Information Systems / Although owners of Internet cafés extend the freedom to have Internet access to the community, they fail to tighten their computer security to safeguard the private information of their customers. This dissertation provides a conceptual framework for improving information security in the Internet Café, to help and ensure data privacy, data integrity, risk management and information security (IS) behaviour. The study investigated the information security issues that are faced by users of Internet cafés and explored the effects of these issues. The framework shows how users can improve their physical security to reach higher standards of information privacy over the Internet. Data protection -- South Africa. Computer security -- South Africa.
43	Test case generation using symbolic grammars and quasirandom sequences Felix Reyes, Alejandro Unknown Date No description available. symbolic grammars model-based testing testing firewall testing firewall policies quasi-random sequences adaptive testing firewalls grammar-based testing grammars data generation test data
44	Large scale platform : Instantiable models and algorithmic design of communication schemes Uznanski, Przemyslaw 11 October 2013 (has links) (PDF) The increasing popularity of Internet bandwidth-intensive applications prompts us to consider followingproblem: How to compute efficient collective communication schemes on large-scale platform?The issue of designing a collective communication in the context of a large scale distributed networkis a difficult and a multi-level problem. A lot of solutions have been extensively studied andproposed. But a new, comprehensive and systematic approach is required, that combines networkmodels and algorithmic design of solutions.In this work we advocate the use of models that are able to capture real-life network behavior,but also are simple enough that a mathematical analysis of their properties and the design of optimalalgorithms is achievable.First, we consider the problem of the measuring available bandwidth for a given point-topointconnection. We discuss how to obtain reliable datasets of bandwidth measurements usingPlanetLab platform, and we provide our own datasets together with the distributed software usedto obtain it. While those datasets are not a part of our model per se, they are necessary whenevaluating the performance of various network algorithms. Such datasets are common for latencyrelatedproblems, but very rare when dealing with bandwidth-related ones.Then, we advocate for a model that tries to accurately capture the capabilities of a network,named LastMile model. This model assumes that essentially the congestion happens at the edgesconnecting machines to the wide Internet. It has a natural consequence in a bandwidth predictionalgorithm based on this model. Using datasets described earlier, we prove that this algorithm is ableto predict with an accuracy comparable to best known network prediction algorithm (DistributedMatrix Factorization) available bandwidth between two given nodes. While we were unable toimprove upon DMF algorithm in the field of point-to-point prediction, we show that our algorithmhas a clear advantage coming from its simplicity, i.e. it naturally extends to the network predictionsunder congestion scenario (multiple connections sharing a bandwidth over a single link). We areactually able to show, using PlanetLab datasets, that LastMile prediction is better in such scenarios.In the third chapter, we propose new algorithms for solving the large scale broadcast problem.We assume that the network is modeled by the LastMile model. We show that under thisassumption, we are able to provide algorithms with provable, strong approximation ratios. Takingadvantage of the simplicity and elasticity of the model, we can even extend it, so that it captures theidea of connectivity artifacts, in our case firewalls preventing some nodes to communicate directlybetween each other. In the extended case we are also able to provide approximation algorithmswith provable performance.The chapters 1 to 3 form three successful steps of our program to develop from scratch amathematical network communication model, prove it experimentally, and show that it can beapplied to develop algorithms solving hard problems related to design of communication schemesin networks.In the chapter 4 we show how under different network cost models, using some simplifyingassumptions on the structure of network and queries, one can design very efficient communicationschemes using simple combinatorial techniques. This work is complementary to the previous chapter in the sense that previously when designing communication schemes, we assumed atomicityof connections, i.e. that we have no control over routing of simple connections. In chapter 4 weshow how to solve the problem of an efficient routing of network request, given that we know thetopology of the network. It shows the importance of instantiating the parameters and the structureof the network in the context of designing efficient communication schemes. [INFO:INFO_OH] Computer Science/Other [INFO:INFO_OH] Informatique/Autre PlanetLab LastMile Broadcast Bandwidth sharing Network prediction Streaming Firewalls Power aware routing Splittable requests
45	An agent-based Bayesian method for network intrusion detection Pikoulas, John January 2003 (has links) Security is one of the major issues in any network and on the Internet. It encapsulates many different areas, such as protecting individual users against intruders, protecting corporate systems against damage, and protecting data from intrusion. It is obviously impossible to make a network totally secure, as there are so many areas that must be protected. This thesis includes an evaluation of current techniques for internal misuse of computer systems, and tries to propose a new way of dealing with this problem. This thesis proposes that it is impossible to fully protect a computer network from intrusion, and shows how different methods are applied at differing levels of the OSI model. Most systems are now protected at the network and transport layer, with systems such as firewalls and secure sockets. A weakness, though, exists in the session layer that is responsible for user logon and their associated password. It is thus important for any highly secure system to be able to continually monitor a user, even after they have successfully logged into the system. This is because once an intruder has successfully logged into a system, they can use it as a stepping-stone to gain full access (often right up to the system administrator level). This type of login identifies another weakness of current intrusion detection systems, in that they are mainly focused on detecting external intrusion, whereas a great deal of research identifies that one of the main problems is from internal intruders, and from staff within an organisation. Fraudulent activities can often he identified by changes in user behaviour. While this type of behaviour monitoring might not be suited to most networks, it could be applied to high secure installations, such as in government, and military organisations. Computer networks are now one of the most rapidly changing and vulnerable systems, where security is now a major issue. A dynamic approach, with the capacity to deal with and adapt to abrupt changes, and be simple, will provide an effective modelling toolkit. Analysts must be able to understand how it works and be able to apply it without the aid of an expert. Such models do exist in the statistical world, and it is the purpose of this thesis to introduce them and to explain their basic notions and structure. One weakness identified is the centralisation and complex implementation of intrusion detection. The thesis proposes an agent-based approach to monitor the user behaviour of each user. It also proposes that many intrusion detection systems cannot cope with new types of intrusion. It thus applies Bayesian statistics to evaluate user behaviour, and predict the future behaviour of the user. The model developed is a unique application of Bayesian statistics, and the results show that it can improve future behaviour prediction than existing ARIMA models. The thesis argues that the accuracy of long-term forecasting questionable, especially in systems that have a rapid and often unexpected evolution and behaviour. Many of the existing models for prediction use long-term forecasting, which may not be the optimal type for intrusion detection systems. The experiments conducted have varied the number of users and the time interval used for monitoring user behaviour. These results have been compared with ARIMA, and an increased accuracy has been observed. The thesis also shows that the new model can better predict changes in user behaviour, which is a key factor in identifying intrusion detection. The thesis concludes with recommendations for future work, including how the statistical model could be improved. This includes research into changing the specification of the design vector for Bayesian. Another interesting area is the integration of standard agent communication agents, which will make the security agents more social in their approach and be able to gather information from other agents 005.8
46	Apoio à tradução da política de segurança para regras de firewall utilizando uma linguagem de modelagem visual : SPML2 / Sapia, Helton Molina. January 2016 (has links) Orientador: Rogério Eduardo Garcia / Banca: Paulo Lício de Geus / Banca: Milton Hirokazu Shimabukuro / Resumo: As telecomunicações e as redes de computadores permitiram a integração mundial, mas junto com os benefícios também surgiram problemas, como as ameaças a dados que trafegam pela rede, o que justifica o controle das comunicações, mais especificamente o controle sobre o tráfego de pacotes. O tráfego de pacotes entre redes deve ser protegido, de modo a evitar acessos não autorizados. A proteção deve ocorrer no perímetro de rede, fronteira entre uma rede interna e a Internet. O perímetro de uma rede é protegido por firewall para que não ocorra acesso não autorizado. O firewall realiza a filtragem dos pacotes de dados que trafegam entre redes, aplicando regras para selecionar o pacote de dados que pode alcançar uma rede. Escrever as regras de funcionamento de um firewall parece ser uma tarefa simples, entretanto, a necessidade de implementar várias regras para uma ou várias redes, torna o conjunto de regras complexo e de difícil entendimento. Nesse contexto, a utilização de uma representação gráfica para a visualização das regras que expressam a política de segurança apresenta-se como recurso para facilitar o entendimento do que deve ser implementado. E, consequentemente, pode minimizar os defeitos nas regras que configuram o firewall. Para tal, foi proposto o uso da SPML - Security Policy Modeling Language, que visa à criação de uma representação visual da política de segurança de acesso a redes utilizando notação gráfica. Neste trabalho foi definida uma extensão da SPML, a SPML2,... / Abstract: Telecommunications and computer networks enabled global integration, but with the benefits also appeared problems such as threats to data traveling over the network, which justifies the control of communications, specifically control over data traffic. The data traffic between networks must be protected to prevent unauthorized access. The protection should occur in the network perimeter, the boundary between the internal network and the Internet. The firewall is responsible for protecting the network perimeter to prevent any unauthorized access. A firewall performs the filtering of data packets that travel between networks by applying rules that selected the ones that can access the network. To write fi- rewall rules seems to be a simple task. However, the need to implement several rules for one or more networks makes complex the set rules and increase the diffi- cult to understand it. Thus, the use of a graphical representation for visualization of rules that express the security policy is presented as a way to make easy to understand what should be implemented. Consequently, this can minimize the defects in the rules that configure the firewall. To this end, it proposed the use of SPML - Security Policy Modeling Language, which aims to create a visual notation that represent the network access security policy. This work defined an extension of SPML, the SPML2, and formalized the syntax and semantics of the two languages. Although, the efficiency and effectiveness for use of ... / Mestre Ciência da computação - Matemática. Programação visual (Computação) Computer science
47	SurRFE -Sub-rede de filtragens espec?ficas Galv?o, Ricardo Kl?ber Martins 11 July 2006 (has links) Made available in DSpace on 2014-12-17T14:55:05Z (GMT). No. of bitstreams: 1 RicardoKMG.pdf: 620624 bytes, checksum: 2265857dd8185aa481f6e9891ee2c38f (MD5) Previous issue date: 2006-07-11 / The increasing of the number of attacks in the computer networks has been treated with the increment of the resources that are applied directly in the active routers equip-ments of these networks. In this context, the firewalls had been consolidated as essential elements in the input and output control process of packets in a network. With the advent of intrusion detectors systems (IDS), efforts have been done in the direction to incorporate packets filtering based in standards of traditional firewalls. This integration incorporates the IDS functions (as filtering based on signatures, until then a passive element) with the already existing functions in firewall. In opposite of the efficiency due this incorporation in the blockage of signature known attacks, the filtering in the application level provokes a natural retard in the analyzed packets, and it can reduce the machine performance to filter the others packets because of machine resources demand by this level of filtering. This work presents models of treatment for this problem based in the packets re-routing for analysis by a sub-network with specific filterings. The suggestion of implementa- tion of this model aims reducing the performance problem and opening a space for the consolidation of scenes where others not conventional filtering solutions (spam blockage, P2P traffic control/blockage, etc.) can be inserted in the filtering sub-network, without inplying in overload of the main firewall in a corporative network / O aumento do n?mero de ataques a redes de computadores tem sido combatido com o incremento dos recursos aplicados diretamente nos equipamentos ativos de roteamento destas redes. Nesse contexto, os firewalls consolidaram-se como elementos essenciais no processo de controle de entrada e sa?da de pacotes em uma rede. O surgimento dos sistemas detectores de intrus?o (IDS) levou a esfor?os no sentido de incorporar a filtragem de pacotes baseada em padr?es ao firewall tradicional, integrando as fun??es do IDS (como a filtragem baseada em assinaturas, at? ent?o um elemento passivo) ?s fun??es j? existentes no firewall. Em contrapartida ? efici?ncia obtida atrav?s desta incorpora??o no bloqueio de ataques com assinaturas conhecidas, a filtragem no n?vel de aplica??o, al?m de provocar um retardo natural nos pacotes analisados, pode comprometer o desempenho da m?quina na filtragem dos demais pacotes, pela natural demanda por recursos da m?quina para este n?vel de filtragem. Essa tese apresenta modelos de tratamento deste problema, baseados no re-roteamento dos pacotes para an?lise por uma sub-rede de filtragens espec?ficas. A sugest?o de implementa??o deste modelo visa, al?m de amenizar o problema de desempenho supra-citado, abrir espa?o para a consolida??o de cen?rios em que outras solu??es de filtragem n?o convencionais (como ferramentas de bloqueio de SPAM, controle/bloqueio de tr?fego P2P, e outras) possam ser inseridas na sub-rede de filtragem, sem implicar em sobrecarga do firewall principal da rede corporativa Seguran?a Sistemas de Detec??o de Intrus?es Filtro de Pacotes Re-roteamento &#65279 Security Firewalls Intrusion Detection Systems Packet Filter Re-routing CNPQ::ENGENHARIAS::ENGENHARIA ELETRICA
48	A framework for secure human computer interaction. Johnston, James 02 June 2008 (has links) This research is concerned with the development of a framework for the analysis and design of interfaces found in a security environment. An example of such an interface is a firewall. The purpose of this research is to use the framework as a method to improve the usability of an interface, thus aiding the user to implement the correct security features. The purpose is also to use the framework to assist in the development of trust between a user and a computer system. In this research the framework comprises six criteria which are used to analyse interfaces found in the traditional software environment, Internet banking environment and e-commerce environment. In order to develop the framework an overview of the fields of information security and human computer interfaces (HCI) is given. The overview provides background information and also establishes the existing research which has been done in these fields. Due to its popularity, the Windows Internet Connection Firewall is analysed in this research. Based on the criteria a level of trust fostered between the user and interface is calculated for the firewall. It is then shown how this level of trust can be improved by modifying the interface. A proposed interface for the firewall is presented according to the criteria. Interfaces found in the online Internet environment are discussed. This is important in order to identify the similarities and differences between traditional software interfaces and web interfaces. Due to these differences the criteria are modified to be relevant in the analysis and design of security interfaces found on the Internet. Three South African online banking websites are analysed according to the modified framework. Each interface is broken down into a number of components which are then analysed individually. The results of the analysis are compared between the three banking sites to identify the elements which make up a successful interface in an online banking environment. Lastly, three interfaces of e-commerce websites are analysed. Recommendations are made on how the interfaces can be improved, thus leading to a higher level of trust. / Labuschagne, L., Prof. electronic commerce security measures web sites security measures internet banking security measures firewalls (computer security) Microsoft Windows (computer file) computer security human- computer interaction
49	Visualisation of PF firewall logs using open source Coetzee, Dirk January 2015 (has links) If you cannot measure, you cannot manage. This is an age old saying, but still very true, especially within the current South African cybercrime scene and the ever-growing Internet footprint. Due to the significant increase in cybercrime across the globe, information security specialists are starting to see the intrinsic value of logs that can ‘tell a story’. Logs do not only tell a story, but also provide a tool to measure a normally dark force within an organisation. The collection of current logs from installed systems, operating systems and devices is imperative in the event of a hacking attempt, data leak or even data theft, whether the attempt is successful or unsuccessful. No logs mean no evidence, and in many cases not even the opportunity to find the mistake or fault in the organisation’s defence systems. Historically, it remains difficult to choose what logs are required by your organization. A number of questions should be considered: should a centralised or decentralised approach for collecting these logs be followed or a combination of both? How many events will be collected, how much additional bandwidth will be required and will the log collection be near real time? How long must the logs be saved and what if any hashing and encryption (integrity of data) should be used? Lastly, what system must be used to correlate, analyse, and make alerts and reports available? This thesis will address these myriad questions, examining the current lack of log analysis, practical implementations in modern organisation, and also how a need for the latter can be fulfilled by means of a basic approach. South African organizations must use technology that is at hand in order to know what electronic data are sent in and out of their organizations network. Concentrating only on FreeBSD PF firewall logs, it is demonstrated within this thesis the excellent results are possible when logs are collected to obtain a visual display of what data is traversing the corporate network and which parts of this data are posing a threat to the corporate network. This threat is easily determined via a visual interpretation of statistical outliers. This thesis aims to show that in the field of corporate data protection, if you can measure, you can manage. Open source software -- South Africa Data logging -- South Africa Data integrity -- South Africa Data protection -- South Africa Computer crimes -- South Africa Hacktivism
50	Large scale platform : Instantiable models and algorithmic design of communication schemes / Modélisation des communications sur plates-formes à grande echelles Uznanski, Przemyslaw 11 October 2013 (has links) La popularité croissante des applications Internet très gourmandes en bande passante (P2P, streaming,...) nous pousse à considérer le problème suivant :Comment construire des systèmes de communications collectives efficaces sur une plateforme à grande échelle ? Le développement de schéma de communications collectives dans le cadre d'un réseau distribué à grande échelle est une tâche difficile, qui a été largement étudiée et dont de multiples solutions ont été proposées. Toutefois, une nouvelle approche globale et systématique est nécessaire, une approche qui combine des modèles de réseaux et la conception algorithmique.Dans ce mémoire nous proposons l'utilisation de modèles capables de capturer le comportement d'un réseau réel et suffisamment simples pour que leurs propriétés mathématiques puissentêtre étudiées et pour qu'il soit possible de créer des algorithmesoptimaux. Premièrement, nous considérons le problème d'évaluation de la bande passante disponible pour une connexion point-à-point donnée. Nousétudions la façon d'obtenir des jeux de données de bande passante, utilisant plateforme PlanetLab. Nous présentons aussi nos propres jeux de données, jeux obtenus avec bedibe, un logiciel que nous avons développé. Ces données sont nécessaires pour évaluer les performances des différents algorithmesde réseau. Bien qu'on trouve de nombreux jeux de données de latence,les jeux de données de bande passante sont très rares. Nous présentons ensuite un modèle, appelé LastMile, qui estime la bande passante. En profitant des jeux de données décrits précédemment, nous montrons que cet algorithme est capable de prédire la bande passante entre deux noeuds donnés avec une précision comparable au meilleur algorithme connu de prédiction (DMF). De plus le modèle LastMile s'étend naturellement aux prédictions dans le scénario de congestion (plusieurs connexions partageant un même lien). Nous sommes effectivement en mesure de démontrer, à l'aide des ensembles de données PlanetLab, que la prédiction LastMile est préférable dans des tels scénarios.Dans le troisième chapitre, nous proposons des nouveaux algorithmes pour résoudre le problème de diffusion. Nous supposons que le réseau est modélisé par le modèle LastMile. Nous montrons que, sous cette hypothèse, nous sommes en mesure de fournir des algorithmes avec des ratios d'approximation élevés. De plus nous étendons le modèle LastMile, de manière à y intégrer des artéfacts de connectivité, dans notre cas ce sont des firewalls qui empêchent certains nœuds de communiquer directement entre eux. Dans ce dernier cas, nous sommes également en mesure de fournir des algorithmes d'approximation avec des garanties de performances prouvables. Les chapitres 1 à 3 forment les trois étapes accomplies de notre programme qui visent trois buts. Premièrement, développer à partir dezéro un modèle de réseau de communication. Deuxièmement, prouver expérimentalement sa performance. Troisièmement, montrer qu'il peut être utilisé pour développer des algorithmes qui résolvent les problèmes de communications collectives. Dans le 4e chapitre, nous montrons comment on peut concevoir dessystèmes de communication efficaces, selon différents modèles decoûts, en utilisant des techniques combinatoires,tout en utilisant des hypothèses simplificatrices sur la structure duréseau et les requêtes. Ce travail est complémentaire au chapitre précédent puisque auparavant, nous avons adopté l'hypothèse que les connectionsétaient autonomes (i.e. nous n'avons aucun contrôle sur le routage des connexions simples). Dans le chapitre 4, nous montrons comment résoudre le problème du routage économe en énergie, étant donnée une topologie fixée. / The increasing popularity of Internet bandwidth-intensive applications prompts us to consider followingproblem: How to compute efficient collective communication schemes on large-scale platform?The issue of designing a collective communication in the context of a large scale distributed networkis a difficult and a multi-level problem. A lot of solutions have been extensively studied andproposed. But a new, comprehensive and systematic approach is required, that combines networkmodels and algorithmic design of solutions.In this work we advocate the use of models that are able to capture real-life network behavior,but also are simple enough that a mathematical analysis of their properties and the design of optimalalgorithms is achievable.First, we consider the problem of the measuring available bandwidth for a given point-topointconnection. We discuss how to obtain reliable datasets of bandwidth measurements usingPlanetLab platform, and we provide our own datasets together with the distributed software usedto obtain it. While those datasets are not a part of our model per se, they are necessary whenevaluating the performance of various network algorithms. Such datasets are common for latencyrelatedproblems, but very rare when dealing with bandwidth-related ones.Then, we advocate for a model that tries to accurately capture the capabilities of a network,named LastMile model. This model assumes that essentially the congestion happens at the edgesconnecting machines to the wide Internet. It has a natural consequence in a bandwidth predictionalgorithm based on this model. Using datasets described earlier, we prove that this algorithm is ableto predict with an accuracy comparable to best known network prediction algorithm (DistributedMatrix Factorization) available bandwidth between two given nodes. While we were unable toimprove upon DMF algorithm in the field of point-to-point prediction, we show that our algorithmhas a clear advantage coming from its simplicity, i.e. it naturally extends to the network predictionsunder congestion scenario (multiple connections sharing a bandwidth over a single link). We areactually able to show, using PlanetLab datasets, that LastMile prediction is better in such scenarios.In the third chapter, we propose new algorithms for solving the large scale broadcast problem.We assume that the network is modeled by the LastMile model. We show that under thisassumption, we are able to provide algorithms with provable, strong approximation ratios. Takingadvantage of the simplicity and elasticity of the model, we can even extend it, so that it captures theidea of connectivity artifacts, in our case firewalls preventing some nodes to communicate directlybetween each other. In the extended case we are also able to provide approximation algorithmswith provable performance.The chapters 1 to 3 form three successful steps of our program to develop from scratch amathematical network communication model, prove it experimentally, and show that it can beapplied to develop algorithms solving hard problems related to design of communication schemesin networks.In the chapter 4 we show how under different network cost models, using some simplifyingassumptions on the structure of network and queries, one can design very efficient communicationschemes using simple combinatorial techniques. This work is complementary to the previous chapter in the sense that previously when designing communication schemes, we assumed atomicityof connections, i.e. that we have no control over routing of simple connections. In chapter 4 weshow how to solve the problem of an efficient routing of network request, given that we know thetopology of the network. It shows the importance of instantiating the parameters and the structureof the network in the context of designing efficient communication schemes. PlanetLab LastMile Diffusion Partage de bande passante Système de prédiction réseau Streaming Pare-feu Routage efficace en énergie Requêtes découpables PlanetLab LastMile Broadcast Bandwidth sharing Network prediction Streaming Firewalls Power aware routing Splittable requests

Search results