NDLTD Global ETD Search
  • Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 29
  • 12
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • Tagged with
  • 53
  • 40
  • 29
  • 17
  • 15
  • 11
  • 10
  • 7
  • 7
  • 7
  • 6
  • 6
  • 6
  • 6
  • 5
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.

Search results

Showing 21 to 30 of 53 (0.031 seconds)

Spelling suggestions: "subject:"firewall.""

21

Security and efficiency concerns with distributed collaborative networking environments /

Felker, Keith A. January 2003 (has links) (PDF)
Thesis (M.S. in Computer Science)--Naval Postgraduate School, September 2003. / Thesis advisor(s): Geoffrey Xie, John Gibson. Includes bibliographical references (p. 93-99). Also available online.
22

An automatic verification tool for firewall configurations /

Zheng, Feng, January 1900 (has links)
Thesis (M.Sc.) - Carleton University, 2006. / Includes bibliographical references (p. 87-88). Also available in electronic format on the Internet.
23

Evaluating the effectiveness of packet filter firewall applications in a "dual stack" Internet Protocol environment /

Snyder, Walter C. January 2010 (has links)
Typescript. Includes bibliographical references (leaves 73-76).
24

An audit and risk handling prototype for firewall technology.

Van der Walt, Estee 04 June 2008 (has links)
Throughout the years, computer networks have grown in size and complexity. This growth attributed to the need for network security. As more and more people use computers and the Internet, more confidential documentation are being kept on computers and sent to other locations over a network. To implement network security, the security administrator should firstly identify all the needs, resources, threats and risks of the organisation to ensure that all areas of the network is included within the network security policy. The network security policy contains, amongst others, the information security services needed within the organisation’s network for security. These information security services can be implemented via many different security mechanisms. Firewalls are but one of these security mechanisms. Today, firewalls are implemented in most organisations for network security purposes. The author, however, feels that the implementation of only a firewall is not enough. Tools such as log file analysers and risk analysers can be added to firewall technology to investigate and analyse the current network security status further for an indication of network failure or attacks not easily detectable by firewalls. Firewalls and these tools do, however, also have their own problems. Firewalls rarely use the information stored within its log files and the risk handling services provided are not very effective. Most analysis tools use only one form of log file as input and therefore report on only one aspect of the network’s security. The output of the firewalls is rarely user-friendly and is often not real-time. The detection of security problems is consequently a very difficult task for any security administrator. To address the problems, the researcher has developed a prototype that improves on these problems. The firewall analyser (FA) is a prototype of an An audit and risk handling prototype for firewall technology Page iii analysis tool that performs log file- and risk analysis of the underlying networks of the organisation. Although the prototype represents only an example of the functionality added to a firewall, it illustrates the concept of the necessity and value of implementing such a tool for network security purposes. The FA solves the problems found in firewalls, log file- and risk analysis tools by reporting on the latest security status of the network through the use of a variety of log files. The FA uses not only the firewall log files as input to cover a greater area of the network in its analysis process, but also Windows NT log files. The real-time reports of the FA are user-friendly and aid the security administrator immensely in the process of implementing and enforcing network security. / Eloff, J.H.P., Prof.
computer networks
firewalls ( computer science )
computer network security
25

Empirical Measurement of Defense in Depth

Boggs, Nathaniel January 2015 (has links)
Measurement is a vital tool for organizations attempting to increase, evaluate, or simply maintain their overall security posture over time. Organizations rely on defense in depth, which is a layering of multiple defenses, in order to strengthen overall security. Measuring organizations' total security requires evaluating individual security controls such as firewalls, antivirus, or intrusion detection systems alone as well as their joint effectiveness when deployed together in defense in depth. Currently, organizations must rely on best practices rooted in ad hoc expert opinion, reports on individual product performance, and marketing hype to make their choices. When attempting to measure the total security provided by a defense in depth architecture, dependencies between security controls compound the already difficult task of measuring a single security control accurately. We take two complementary approaches to address this challenge of measuring the total security provided by defense in depth deployments. In our first approach, we use direct measurement where for some set of attacks, we compute a total detection rate for a set of security controls deployed in defense in depth. In order to compare security controls operating on different types of data, we link together all data generated from each particular attack and track the specific attacks detected by each security control. We implement our approach for both the drive-by download and web application attack vectors across four separate layers each. We created an extensible automated framework for web application data generation using public sources of English text. For our second approach, we measure the total adversary cost that is the total effort, resources, and time required to evade security controls deployed in defense in depth. Dependencies between security controls prevent us from simply summing the adversary cost to evade individual security controls in order to compute a total adversary cost. We create a methodology that accounts for these dependencies especially focusing on multiplicative relationships where the adversary cost of evading two security controls together is more than the sum of the adversary costs to evade each individually. Using the insight gained into the multiplicative dependency, we design a method for creating sets of multiplicative security controls. Additionally, we create a prototype to demonstrate our methodology for empirically measuring total adversary cost using attack tree visualizations and a database design capable of representing dependent relationships between security controls.
Firewalls (Computer security)
Virus inhibitors
Computer security
Computer science
26

Exploration of a method for constructing an industrial ethernet with ethernet enabled devices in an industrial environment using a Cisco adaptive security appliance /

Marjanovic, Uros, January 2009 (has links) (PDF)
Thesis (M.S.)--Eastern Illinois University, 2009. / Includes bibliographical references (leaves 58-60).
27

[en] FIREWALL/NAT TRAVERSAL SOLUTIONS USING CORBA / [pt] SOLUÇÕES PARA A TRAVESSIA DE FIREWALLS/NAT USANDO CORBA

ANTONIO CARLOS THEOPHILO COSTA JUNIOR 10 March 2006 (has links)
[pt] Aplicações que usam CORBA como plataforma de comunicação geralmente possuem restrições ao serem executadas em ambientes compostos por mais de um domínio administrativo. Este fato é particularmente verdade quando as aplicações precisam atravessar firewalls/NAT. Além do mais, não existe atualmente uma solução padronizada e adotada por todos os ORBs, obrigando as aplicações que utilizam este enfatizar{middleware} a adotarem soluções proprietárias que muitas vezes não são adequadas ao ambiente em que as aplicações funcionam (e.g. impossibilidade de abertura de portas no firewall). Este trabalho apresenta e avalia três soluções para a travessia de firewall/NAT por aplicações distribuídas que utilizam CORBA como camada de comunicação, cada uma explorando as vantagens de uma situação específica. Exemplos de tais situações são a possibilidade de configuração do firewall ou a possibilidade de abertura de conexões TCP para fora da rede. / [en] Applications that use CORBA as the communication layer often face some restrictions for multi-domain deployment. This is particularly true when they have to face firewall/NAT traversal. Furthermore, nowadays there is no well-accepted unique or standardized solution adopted by all ORBs, compelling applications using this type of middleware to use proprietary solutions that sometimes do not address the environment restrictions in which they are deployed (e.g. impossibility to open firewall ports). This work presents and compares three solutions for firewall/NAT traversal by CORBA-based distributed applications, each one suitable for a specific situation and exploring its advantages. Examples of such situations are the possibility of open firewall ports or the possibility of start a TCP connection to the outside network.
[pt] CORBA
[en] CORBA
[pt] TRAVESSIA DE FIREWALLS
[en] FIREWALL TRAVERSAL
[pt] MIDDLEWARE
[en] MIDDLEWARE
[pt] FIREWALL
[en] FIREWALL
28

Estudo sobre a extração de políticas de firewall e uma proposta de metodologia / A Study about firewall policy extraction and a proposal for a methodology

Horowitz, Eduardo January 2007 (has links)
Com o aumento das ameaças na Internet, firewalls tornaram-se mecanismos de defesa cada vez mais utilizados. No entanto, sua configuração é notadamente complexa, podendo resultar em erros. Vários estudos foram realizados com o intuito de resolver tais problemas, mas a grande maioria deles se concentrou em trabalhar diretamente no nível de configuração, o que possui limitações. O presente trabalho investiga maneiras de extrair políticas em mais alto nível a partir de regras de firewall em baixo nível, o que é mais intuitivo. A fim de extrair as políticas reais a partir de regras de firewall, o problema do descorrelacionamento é estudado e algoritmos anteriormente propostos para resolvê-lo são apresentados e discutidos. É apresentado, também, um tipo de grafo para a melhor visualização e análise de correlacionamento entre regras. Além disso, é pesquisado o agrupamento de regras descorrelacionadas, que tem o objetivo de elevar o nível das mesmas. São apresentados dois algoritmos para realizar o agrupamento, sendo um deles novo. A seguir, é proposta uma nova metodologia de extração de políticas de firewall. A primeira parte desta consiste na utilização de um novo tipo de descorrelacionamento, o descorrelacionamento hierárquico. Este é acompanhado por uma nova maneira de agrupar regras descorrelacionadas hierarquicamente, o agrupamento hierárquico. A segunda parte é uma nova modelagem de regras de firewall que fazem parte de blacklist ou whitelist, separando-as das demais regras na extração de políticas. Algumas maneiras de realizar esta separação também são discutidas. Por fim, são relatadas as conclusões e possibilidades de trabalhos futuros. / As the number of threats in the Internet grows, firewalls have become a very important defense mechanism. However, configuring a firewall is not an easy task and is prone to errors. Several investigations have been made towards solving these issue. However, most of them have focused on working directly at the configuration level and have a number of limitations. This work investigates methods to extract higher level policies from low level firewall rules. Aiming at extracting real policies from firewall rules, we analyse the firewall decorrelation problem and previously proposed algoritmhs to solve it. In addition, a new type of graph is presented aiming at better visualising and analysing rules’ correlation. We also investigate the merging of decorrelated rules, with the goal of defining more abstract rules. Two algorithms are then presented and a new methodology for the extraction of firewall policies is proposed. This methodology is twofold. The first part consists of the use a new type of decorrelation: the hierachical decorrelation, which is introduced along with a new way of hierarchically merging decorrelated rules. The second part is a new model for blacklist or whitelist firewall rules, separating them from the other rules in the policy extraction. We also present alternatives for accomplishing this separation. Finally, we conclpude and point out directions for future work.
Seguranca : Computadores
Criptografia
Firewall
Network security
Firewalls
Firewall policies
Decorrelation
Policy extraction
29

Estudo sobre a extração de políticas de firewall e uma proposta de metodologia / A Study about firewall policy extraction and a proposal for a methodology

Horowitz, Eduardo January 2007 (has links)
Com o aumento das ameaças na Internet, firewalls tornaram-se mecanismos de defesa cada vez mais utilizados. No entanto, sua configuração é notadamente complexa, podendo resultar em erros. Vários estudos foram realizados com o intuito de resolver tais problemas, mas a grande maioria deles se concentrou em trabalhar diretamente no nível de configuração, o que possui limitações. O presente trabalho investiga maneiras de extrair políticas em mais alto nível a partir de regras de firewall em baixo nível, o que é mais intuitivo. A fim de extrair as políticas reais a partir de regras de firewall, o problema do descorrelacionamento é estudado e algoritmos anteriormente propostos para resolvê-lo são apresentados e discutidos. É apresentado, também, um tipo de grafo para a melhor visualização e análise de correlacionamento entre regras. Além disso, é pesquisado o agrupamento de regras descorrelacionadas, que tem o objetivo de elevar o nível das mesmas. São apresentados dois algoritmos para realizar o agrupamento, sendo um deles novo. A seguir, é proposta uma nova metodologia de extração de políticas de firewall. A primeira parte desta consiste na utilização de um novo tipo de descorrelacionamento, o descorrelacionamento hierárquico. Este é acompanhado por uma nova maneira de agrupar regras descorrelacionadas hierarquicamente, o agrupamento hierárquico. A segunda parte é uma nova modelagem de regras de firewall que fazem parte de blacklist ou whitelist, separando-as das demais regras na extração de políticas. Algumas maneiras de realizar esta separação também são discutidas. Por fim, são relatadas as conclusões e possibilidades de trabalhos futuros. / As the number of threats in the Internet grows, firewalls have become a very important defense mechanism. However, configuring a firewall is not an easy task and is prone to errors. Several investigations have been made towards solving these issue. However, most of them have focused on working directly at the configuration level and have a number of limitations. This work investigates methods to extract higher level policies from low level firewall rules. Aiming at extracting real policies from firewall rules, we analyse the firewall decorrelation problem and previously proposed algoritmhs to solve it. In addition, a new type of graph is presented aiming at better visualising and analysing rules’ correlation. We also investigate the merging of decorrelated rules, with the goal of defining more abstract rules. Two algorithms are then presented and a new methodology for the extraction of firewall policies is proposed. This methodology is twofold. The first part consists of the use a new type of decorrelation: the hierachical decorrelation, which is introduced along with a new way of hierarchically merging decorrelated rules. The second part is a new model for blacklist or whitelist firewall rules, separating them from the other rules in the policy extraction. We also present alternatives for accomplishing this separation. Finally, we conclpude and point out directions for future work.
Seguranca : Computadores
Criptografia
Firewall
Network security
Firewalls
Firewall policies
Decorrelation
Policy extraction
30

Firewall Dinâmico: uma implementação cliente/servidor

Gonsales Panes, Guilherme [UNESP] 29 July 2011 (has links) (PDF)
Made available in DSpace on 2014-06-11T19:24:01Z (GMT). No. of bitstreams: 0 Previous issue date: 2011-07-29Bitstream added on 2014-06-13T20:11:43Z : No. of bitstreams: 1 gonsalespanes_g_me_sjrp.pdf: 460030 bytes, checksum: 52240d29e75235682133dfc019184aff (MD5) / A proteção dos perímetros de segurança realizada através de firewalls somente é eficiente quando o cliente se encontra dentro do perímetro protegido por este firewall. Como mobilidade é um item essencial para as empresas, há um grande desafio na proteção destes clientes computacionais (Laptops e PDAs), pois é necessário aplicar a Política de Segurança da empresa independentemente de onde estes equipamentos estejam se conectando já que a segurança dos dados é fator essencial para garantia e continuidade dos negócios. Este trabalho tem como objetivo apresentar uma solução para este problema, de forma a utilizar ferramentas de firewall existentes, independente da plataforma e do software utilizado. Para tanto, desenvolveu-se um software baseado na arquitetura cliente/servidor, que analisa o ambiente em que o equipamento está conectado, através de um Intrusion Detection System (IDS), e baseado nestas informações recebe do Servidor Firewall um conjunto de regras para ser aplicado no firewall nativo do equipamento independentemente do sistema operacional utilizado. Desta forma é possível garantir que, independentemente do ambiente em que o equipamento esteja conectado, não se deixe de aplicar as regras contidas na Política de Segurança da corporação. O software foi desenvolvido em Java utilizando contents web visando portabilidade de plataforma e usabilidade para os administradores. Os testes desenvolvidos demonstram que o software cumpre o papel proposto de gerenciar as regras de firewall de forma coerente com o ambiente de rede conectada à máquina cliente / The protection of the secure areas performed through firewalls is only effective when the client machine is inside the perimeter protected by the firewall. As mobility is an essential item for companies, there is a big challenge in protecting these mobile devices (Laptops and PDAs). It is necessary to apply the Security Policy company regardless of where these devices are to connecting as data security is an essential factor for securing and business continuity. This paper aims to propose a solution to this problem in order to use firewall tools existing, regardless of platform and application software. We have developed a software architecture based on a client / server approach, which analyzes the environment in which the equipment is connected using an Intrusion Detection System (IDS), and based Server receives this information a set of firewall rules for be applied on the native firewall system independent of the equipment operational use. This way it is possible to ensure that, regardless of the environment in which the equipment is connected, not be sure to apply the rules contained in the Security Policy corporation are always in effect. The software was developed in Java using web contents aiming platform portability, and usability for administrators. The performed tests show that the developed software meets the proposed role of managing the firewall rules consistent with the network environment connected to the client machine
Computação
Firewall
EndPoint Security

Page generated in 0.0399 seconds