Global ETD Search

71	Creating a Secure Server Architecture and Policy for Linux-based Systems Kourtesis, Marios January 2015 (has links) Creating and maintaining servers for hosting services in a secure and reliable way is an important but complex and time-consuming task. Misconfiguration and lack of server maintenance can potentially make the system vulnerable. Hackers can exploit these vulnerabilities in order to penetrate into the system internals and cause damage. Having a standard architecture/configuration supporting the needed services saves time and resources while it reduces security risks. A server architecture protected by a security policy can secure the integrity and quality of the overall services. This research demonstrates building a secure server architecture protected by a security policy. To achieve this a security policy and a checklist was designed and combined with a host based IDPS, a NMS and a WAF. IDS secure environments Linux network management systems server security web application firewall server security
72	Lightweight Security Solutions for the Internet of Things Raza, Shahid January 2013 (has links) The future Internet will be an IPv6 network interconnecting traditional computers and a large number of smart object or networks such as Wireless Sensor Networks (WSNs). This Internet of Things (IoT) will be the foundation of many services and our daily life will depend on its availability and reliable operations. Therefore, among many other issues, the challenge of implementing secure communication in the IoT must be addressed. The traditional Internet has established and tested ways of securing networks. The IoT is a hybrid network of the Internet and resource-constrained networks, and it is therefore reasonable to explore the options of using security mechanisms standardized for the Internet in the IoT. The IoT requires multi-facet security solutions where the communication is secured with confidentiality, integrity, and authentication services; the network is protected against intrusions and disruptions; and the data inside a sensor node is stored in an encrypted form. Using standardized mechanisms, communication in the IoT can be secured at different layers: at the link layer with IEEE 802.15.4 security, at the network layer with IP security (IPsec), and at the transport layer with Datagram Transport Layer Security (DTLS). Even when the IoT is secured with encryption and authentication, sensor nodes are exposed to wireless attacks both from inside the WSN and from the Internet. Hence an Intrusion Detection System (IDS) and firewalls are needed. Since the nodes inside WSNs can be captured and cloned, protection of stored data is also important. This thesis has three main contributions. (i) It enables secure communication in the IoT using lightweight compressed yet standard compliant IPsec, DTLS, and IEEE 802.15.4 link layer security; and it discusses the pros and cons of each of these solutions. The proposed security solutions are implemented and evaluated in an IoT setup on real hardware. (ii) This thesis also presents the design, implementation, and evaluation of a novel IDS for the IoT. (iii) Last but not least, it also provides mechanisms to protect data inside constrained nodes. The experimental evaluation of the different solutions shows that the resource-constrained devices in the IoT can be secured with IPsec, DTLS, and 802.15.4 security; can be efficiently protected against intrusions; and the proposed combined secure storage and communication mechanisms can significantly reduce the security-related operations and energy consumption. Security Internet of Things 6LoWPAN CoAP RPL Secure Storage IDS DTLS IPsec
73	Bezpečnostní analýza síťového provozu / Security inspection of network traffic Kult, Viktor January 2017 (has links) Thesis topic concerns the issue of information security in corporate environments. Literature search includes information obtained by studying articles and literature in the field of information security. Resources were selected with a focus on the security risks, security technologies and legislative regulation. Attention is focused on technology that supports monitoring of communication flows in the data network. Overview of traffic operating a data network provides important information for the prevention or investigation of security incidents. Monitoring also serves as a source of information for the planning of the network infrastructure. It can detect faults or insufficient transmission capacity. The practical part is dedicated to implementation of the monitoring system in the real corporate networks. Part of the experience is the analysis of the network structure and choice of appropriate tools for actual implementation. When selecting tools, you can use the scoring method of multicriterial analysis options. The integration of the monitoring system is also the configuration of active network elements. Subsequent analysis of network traffic provides information about the most active users, most used applications or on the sources and targets of data transmitted. It provides a source of valuable information that can be used in case of failure on the network or security incident. The conclusion is a summary of the results and workflow.
74	An Evaluation of current IDS Fernandez, Maria del Mar, Porres, Ignacio January 2008 (has links) With the possibility of connecting several computers and networks the necessity of protecting the whole data and machines from attackers (hackers) that try to get some confident information to use for their own benefit or just destroy or modify valuable information was born. At this point IDS appears to help users, companies or institutions to detect when they are getting compromised. This thesis will cover two main parts: the first one consists of an intense research study about the world of IDS and its environment. Subsequently, we will conclude this part with some points where IDS still needs to be questioned and show up desirable requirements for “the perfect” intrusion detection system. This “perfect” adjective can of course be discussed variously. The second part of the thesis approaches the implementation of the most used open source IDS: Snort. Some basic attacks on the machine where Snort is installed will be performed in order to make the future user see what kind of protection it ensures and the usability of this. There is a brief discussion about two of the main challenges in IDS will follow: analyzing big amounts of packets and encrypted traffic. Finally there are conclusions for a safe computer environment as well as the suggestion that some skilled programmer should give Snort a more friendly interface for every kind of users and a built in programme package which includes webserver, database and other libraries that are needed to run it properly with all its features. IDS NIDS HIDS Snort False Positive Firewall Computer and Information Sciences Data- och informationsvetenskap
75	Intrusion Management Olsson, Fredrik January 2006 (has links) Information security is tasked with protecting the confidentiality, integrity, and availability of an organizations information resource. A key aspect in protecting these resources is developing an understanding of the threats, vulnerabilities, and exposures that they face by using Risk Management. The objective of Risk Management is to identify, quantify and manage information security risks to achieve organizations objectives through a number of tasks utilizing key Risk Management techniques. Risk Management is a process that ensures that the impact of threats exploiting vulnerabilities is within acceptable limits and at an acceptable cost. With the increased complexity of modern dynamic networks, traditional defence mechanisms are failing and as a result cyber crime is on the rise [FBI03]. This puts organizations and corporations at risk as the defences are ill-fitted and weak [KBM04]. No information system can be absolutely secure, especially large and complex systems. Embedded security works for isolated, dedicated systems with few users but does not offer cost effective security, and even worse does not always handle security based on a real threat (this is manly due to it inherent inflexibility). A military strategy within the field of information operations suggests a method of information superiority bases on the OODA-loop. This theses propose a method of information security protection based on a combination of risk management techniques and information operation (foremost the OODA-loop). This is in order to ensure a cost effective and a viable future for information security in large and complex systems, where the war at least at present time is lost to the “black hats”, a term often used to describe a menaced hacker. Information Security IT-Security Military strategy IDS Risk Management OODA-loop Computer Sciences Datavetenskap (datalogi)
76	Intrusion Detection Systems : Technologies, Weaknesses and Trends / Intrångsdetekteringssystem : Teknologier, Svagheter och Trender Arvidson, Martin, Carlbark, Markus January 2003 (has links) Traditionally, firewalls and access control have been the most important components used in order to secure servers, hosts and computer networks. Today, intrusion detection systems (IDSs) are gaining attention and the usage of these systems is increasing. This thesis covers commercial IDSs and the future direction of these systems. A model and taxonomy for IDSs and the technologies behind intrusion detection is presented. Today, many problems exist that cripple the usage of intrusion detection systems. The decreasing confidence in the alerts generated by IDSs is directly related to serious problems like false positives. By studying IDS technologies and analyzing interviews conducted with security departments at Swedish banks, this thesis identifies the major problems within IDSs today. The identified problems, together with recent IDS research reports published at the RAID 2002 symposium, are used to recommend the future direction of commercial intrusion detection systems. Informationsteknik computer security IDS intrusion detection taxonomy weaknesses Informationsteknik Computer and Information Sciences Data- och informationsvetenskap
77	An implementation of a DNS-based malware detection system Fors, Markus, Grahn, Christian January 2010 (has links) Today’s wide usage of the Internet makes malicious software (malware) and botnets a big problem. While anti-virus software is commonplace today, malware is constantly evolving to remain undetected. Passively monitoring DNS traffic on a network can present a platform for detecting malware on multiple computers at a low cost and low complexity. To explore this avenue for detecting malware we decided it was necessary to design an extensible system where the framework was separate from the actual detection methods. We wanted to divide the system into three parts, one for logging, one for handling modules for detection and one for taking action against suspect traffic. The system we implemented in C collects DNS traffic and processes it with modules that are compiled separately and can be plugged in or out during runtime. Two proof of concept modules have been implemented. One based on a blacklist and one based on geolocation of requested servers. The system is complete to the point of being ready for field testing and implementation of more advanced detection modules. DNS malware implementation IDS Botnet DMDS detection system spyware. Computer Sciences Datavetenskap (datalogi)
78	An empirical comparison of the market-leading IDS's Hedemalm, Daniel January 2018 (has links) In this day and age of the Internet, organizations need to address network threats, therefore more education material also needs to be established. An already established methodology for evaluating intrusion detection systems was chosen, and a selection of the market-leading intrusion detection systems are evaluated. The results show that all the systems were able to identify threats in 50% of the datasets, with different threat detection accuracies. intrusion detection systems IDS network security Computer and Information Sciences Data- och informationsvetenskap
79	The effect of crop quality and pre-treatment on germination in Scots pine and Norway spruce seeds Hilli, A. (Anu) 03 February 2009 (has links) Abstract Weather conditions during the growing season are determining the size and quality of the Scots pine (Pinus sylvestris L.) and Norway spruce (Picea abies (L.) Karst.) seed crop in northern areas. Pathogens, fungi, and insects also have an effect on seed crops. The varying quality of seeds from forest stands and seed orchards does not full fill the germination requirements of tree nurseries. Multi-phase pre-treatment are therefore used in forest tree seed centres to improve seed lots quality. The main objectives of this study were to analyse long-term variation in the size and quality of Scots pine seed crops in Northern Finland. Determine the impact of fungal injuries on the structures of Norway spruce seeds. To detect changes in the germination capacity and rate of Norway spruce seeds during pre-treatment phases and to determine the impacts of short-term and long-term storage on the germination of treated seeds. The study found that in most years, regeneration of Scots pine in Northern Finland is limited by quantity as well as quality the seed crop. The long-term average of the Scots pine seed crop was 77seeds/m2 and the long-term average expected germination percentage was 61%. Aeciospores of the inlad spruce cone rust Chrysomyxa pirolata (Körnicke) Wint. were found to form inside Norway spruce seeds, destroying the nucellar layers and reducing germination of seeds. In general, the germination capacity and rate of Norway spruce seeds increased during pre-treatment phases. The germination capacity of seeds increased about 30% and the rate by more than 40% during pre-treatment. During long-term storage the germination capacity and rate of pre-treated Scots pine seeds were preserved better in frozen storage than in cool storage. It was found that pre-treated Scots pine forest stand seeds can be stored for several years in frozen conditions. The germination capacity and rate of pre-treated orchard seeds were effected significantly more than those from forest stands. It is therefore recommended that Scots pine seeds from orchards be stored without pre-treatment. The germination capacity and rate of treated Norway spruce seeds from orchards was not significantly different after one year of storage. IDS treatment expected germination percentage fungal injuries germination capacity germination rate pre-treatment seed crop storage
80	Logiques IFO-QCL et gestion des informations partielles en théorie des possibilités : application à la corrélation d'alertes / An alert correlation approach based on IFO-QCL and on the handling of partial information in possibility theory Benlabiod, Lydia 28 June 2015 (has links) Nous proposons dans cette thèse une modélisation du processus de corrélation d'alertes avec une nouvelle logique de préférences, appelée IFO-QCL (pour Instanciated First Order Qualitative Choice Logic). Le processus de corrélation d'alertes modélisé prend en entrée un ensemble d'alertes, générées par les systèmes de détection d'intrusions (IDS), ainsi que les connaissances et les préférences d'un opérateur de sécurité sous forme de bases de connaissances/préférences, codées en logique IFO-QCL. En sortie, un sous-ensemble d'alertes jugées les plus pertinentes sont transmises à l'opérateur de sécurité.Dans la pratique, les alertes fournies par les IDS ne renseignent pas tous les attributs exprimés par l'opérateur de sécurité dans ses bases de connaissances/préférences. Afin de pouvoir classer ce type d'alertes et leur attribuer un degré de satisfaction, nous avons proposé deux méthodes duales pour traiter le manque d'information. La première consiste en la complétion des alertes dites partielles et la deuxième méthode consiste à modifier les formules des bases de connaissances/préférences, afin de se focaliser uniquement sur les attributs présents dans les alertes.Nous avons proposé un algorithme polynomial qui permet d'attribuer un degré de satisfaction, basé sur la logique IFO-QCL, aux alertes et de retourner un sous-ensemble d'alertes préférées.Des études expérimentales ont été effectuées sur une base d'alertes réelles qui montrent l'efficacité de notre modèle de corrélation d'alertes. / In this thesis, we propose a model for alert correlation process using a new preference logic, called IFO-QCL (for Instanciated First Order Qualitative Choice Logic). The proposed alert correlation process has as inputs a set of alerts, generated by intrusion detectin systems (IDS), and a set of knowledge and preferences of a security operator, encoded using IFO-QCL logic. As output, a set of preferred a relevant alerts are produced.In practise, IDS alerts may not provide information about attributes expressed by the security operator in his knowledge and preferences. In order to classify such kind of alerts, two dual methods have been proposed. The first one consists in the completion of the so-called partial alerts and the second one reduces knowledge/preferences formulas, in order to only focus on attributes that are present in the alerts.We proposed a polynomial algorithm that assigns a satisfaction degree, according to the IFO-QCL logic, to alerts and select a set of preferred ones.Experimental studies were carried out using real alerts show the merits of our model. Logiques de l'incertain Logique de préférences QCL Logique possibiliste IDS Corrélation d'alertes 006.3

Search results