41 |
Network Security Analysis and Summary in TaiwanFang, Jia-Ching 30 July 2003 (has links)
With the increasing reliance on the Internet and computers, threats also increase. More and more foundations, companies and tools of computer network security emerge to defense the Internet. To prevent the attacks form crackers, plenty of resources about network security were developed on the Internet and people can get the resource they want as long as they know where the professional network security information is. But from another point of view, too much information would become a great burden to general users on the Internet, because they have no idea what information is the most important. This make them confuse, and the only thing they can do is do nothing. They need summarized security information and the advise for his own system and services, instead of all system security information.
In this research, we integrate the systems in TWCERT/CC and discover the most helpful information to those who access the Internet in Taiwan, such as, the most threatened vulnerabilities in Taiwan. The information is like the SANS TOP 20. The unity of the entire system in TWCERT/CC could give administrators more specific and summarized information and their prior job is to fix the most vulnerable holes according to the information offered.
Key words: network security, critical Internet security vulnerabilities, incident report, SAS, Security Auditing System, TWCERT/CC
|
42 |
Investigation of a router-based approach to defense against Distributed Denial-of-Service (DDoS) attackChan, Yik-Kwan, Eric., 陳奕鈞. January 2004 (has links)
published_or_final_version / abstract / toc / Computer Science and Information Systems / Master / Master of Philosophy
|
43 |
Secure object spaces for global information retrieval (SOSGIR)Cheung, Yee-him., 張貽謙. January 2000 (has links)
published_or_final_version / abstract / toc / Electrical and Electronic Engineering / Master / Master of Philosophy
|
44 |
Security and protection architectures for large-scale content distributionJudge, Paul Q. 12 1900 (has links)
No description available.
|
45 |
Homogeneous cognitive based biometrics for static authenticationMohamed, Omar Hamdy 01 February 2011 (has links)
In today's globally expanding business world, protecting the identity and transactions of online consumers is crucial for any company to reach out for new markets. This directs digital information technologies towards the adoption of stronger and more secure authentication schemes. Increasingly, such biometric-based user authentication systems have proven superiority over the traditional ones (such as username/password).
Unfortunately, despite the significant advances accomplished in developing biometric technologies, there are several barriers to their wide-scale deployment and application for Internet security. Additionally, introducing new biometrics faces similar barriers and challenges such as expensive equipment, or low-precision sensor technologies.
In this research, we propose a novel biometric system for static user authentication, that homogeneously combines mouse dynamics, visual search capability and short-term memory effect. The proposed system introduces the visual search capability, and short-term memory effect to the biometric-based security world for the first time. The use of mouse for its dynamics, and as an input sensor for the other two biometrics, means no additional hardware is required. Experimental evaluation demonstrated the system's effectiveness using variable or one-time passwords. All of these attributes qualify the proposed system to be effectively deployed as a static Web-authentication mechanism.
Extensive experimentation was done using 2740 sessions collected from 274 users. Two classification mechanisms were used to measure the performance. Using the first of these, a specially devised neural network model called Divide & Select, an EER of 5.7% was achieved. A computational statistics model showed a higher classification performance; a statistical classifier design called Weighted-Sum produced an EER of 2.1%.
The performance enhancement produced as a result of changing the analysis model suggests that with further analysis, performance could be enhanced to an industry standard level. Additionally, we presented a Proof of Concept (POC) system to show the system packaging practicality.
|
46 |
L3-arpsec - módulo seguro para controle e proteção do protocolo de resolução de endereços em redes definidas por software /Oliveira, Rogério Leão Santos de. January 2015 (has links)
Orientador: Ailton Akira Shinoda / Co-orientador: Christiane Marie Schweitzer / Banca: Antonio Marco Cossi / Banca: Ed'Wilson Tavares Ferreira / Resumo: O protocolo de resolução de endereços (ARP) é usado para mapear endereços IP a endereços MAC em redes locais. Este protocolo possui algumas vulnerabilidades de segurança e uma delas é ataque Man-in-the-Middle (MITM), em que o cache ARP permite a um host interceptar pacotes trocados entre dois outros hosts. O conceito de Redes Definidas por Software (SDNs) representam uma abordagem inovadora na área de redes de computadores, uma vez que propõe um novo modelo para o controle de repasse e roteamento dos pacotes de dados que navegam na Internet. Uma das principais características deste novo paradigma é a capacidade de programar funcionalidades nos controladores de rede para gerenciar o tráfego. Este trabalho apresenta o modulo L3-ARPSec, um conjunto de instruções escritas em linguagem de programação Python que propõe uma maneira de controlar a troca de mensagens ARP e também mitigar o ataque MITM em redes locais. O módulo gerencia as requisições e respostas ARP entre todos dispositivos da rede e não permite o envenenamento do cache ARP. Depois de apresentados alguns conceitos do paradigma SDN, a estrutura do protocolo ARP e como o ataque MITM ocorre, o modulo L3-ARPSec é explicado em detalhes e os resultados de diversos testes executados são mostrados / Abstract: The Address Resolution Protocol (ARP) is used to map IP addresses to MAC addresses in local area networks. This protocol has some security vulnerabilities and one of them is the Man-in-the-Middle (MITM) attack, a way to poisoning the ARP cache that allows a host to intercept packets switched between two other hosts. Software-Defined Networks (SDNs) represent an innovative approach in the area of computer networks, since they propose a new model to control forwarding and routing data packets that navigate the World Wide Web. One of the main features of this new paradigm is the ability to program functionalities in network controllers to manage the traffic. This study presents the module L3-ARPSec, a set of instructions written in the Python programming language that proposes a way to control the switching of ARP messages and also mitigates the MITM attack in local area networks. The module manages the ARP request, reply messages between all network devices and does not permit the ARP cache poisoning. After presenting some concepts of the SDN paradigm, the ARP protocol structure and how MITM attacks occurs, the L3-ARPSec module is explained in detail and the results of several tests performed are displayed / Mestre
|
47 |
L3-arpsec - módulo seguro para controle e proteção do protocolo de resolução de endereços em redes definidas por softwareOliveira, Rogério Leão Santos de [UNESP] 24 July 2015 (has links) (PDF)
Made available in DSpace on 2015-10-06T13:03:18Z (GMT). No. of bitstreams: 0
Previous issue date: 2015-07-24. Added 1 bitstream(s) on 2015-10-06T13:18:39Z : No. of bitstreams: 1
000849444.pdf: 1836624 bytes, checksum: d3b670920a0ae185565104f5315bef2a (MD5) / O protocolo de resolução de endereços (ARP) é usado para mapear endereços IP a endereços MAC em redes locais. Este protocolo possui algumas vulnerabilidades de segurança e uma delas é ataque Man-in-the-Middle (MITM), em que o cache ARP permite a um host interceptar pacotes trocados entre dois outros hosts. O conceito de Redes Definidas por Software (SDNs) representam uma abordagem inovadora na área de redes de computadores, uma vez que propõe um novo modelo para o controle de repasse e roteamento dos pacotes de dados que navegam na Internet. Uma das principais características deste novo paradigma é a capacidade de programar funcionalidades nos controladores de rede para gerenciar o tráfego. Este trabalho apresenta o modulo L3-ARPSec, um conjunto de instruções escritas em linguagem de programação Python que propõe uma maneira de controlar a troca de mensagens ARP e também mitigar o ataque MITM em redes locais. O módulo gerencia as requisições e respostas ARP entre todos dispositivos da rede e não permite o envenenamento do cache ARP. Depois de apresentados alguns conceitos do paradigma SDN, a estrutura do protocolo ARP e como o ataque MITM ocorre, o modulo L3-ARPSec é explicado em detalhes e os resultados de diversos testes executados são mostrados / The Address Resolution Protocol (ARP) is used to map IP addresses to MAC addresses in local area networks. This protocol has some security vulnerabilities and one of them is the Man-in-the-Middle (MITM) attack, a way to poisoning the ARP cache that allows a host to intercept packets switched between two other hosts. Software-Defined Networks (SDNs) represent an innovative approach in the area of computer networks, since they propose a new model to control forwarding and routing data packets that navigate the World Wide Web. One of the main features of this new paradigm is the ability to program functionalities in network controllers to manage the traffic. This study presents the module L3-ARPSec, a set of instructions written in the Python programming language that proposes a way to control the switching of ARP messages and also mitigates the MITM attack in local area networks. The module manages the ARP request, reply messages between all network devices and does not permit the ARP cache poisoning. After presenting some concepts of the SDN paradigm, the ARP protocol structure and how MITM attacks occurs, the L3-ARPSec module is explained in detail and the results of several tests performed are displayed
|
48 |
Information security using intelligent software agentsVan der Merwe, Jacobus 20 August 2012 (has links)
Ph.D. / Many organisations are starting to make large parts of their information resources publicly accessible. For example, many organisations publish information using the Internet. Some organisations allow non-employees to connect to their systems and retrieve information - many banks allow customers to retrieve account statements via the Internet. There is a trend towards more open information systems and more distributed processing such as client/server processing. The above are just some of the trends in computer information processing that creates new and complex problems in providing information systems that are both secure and manageable. To add to the complexity of the information security problem, organisations use the Internet to conduct some of their business and use many different applications, each with its own unique access control mechanisms. Central management of information security in a heterogeneous and distributed environments, such as the Internet has become a nightmare. There is a need for an information security model that will allow organisations to make use of the new trends in information processing, but still have confidence that they have adequate security and that the management of their information security systems is fairly easy. In this thesis we propose a model that satisfies the above requirements. We call this model the Intelligent Security Agent Model (ISAM). The ISAM model is based on two technologies: intelligent software agents and distributed objects. The main component of the model is Intelligent Security Agents that act as security brokers for its users in a distributed environment. In chapter 2 of the thesis, we design an Intelligent Security Agent which provides various information security services in open client/server environments. The Intelligent Security Agent Model addresses certain problems/requirements, such as single sign-on, in information security. These problems and possible solutions are described in chapter 4 to chapter 10 of this thesis. An Intelligent Security Agent must be protected from unauthorised modification, theft, etc. Chapter 3 shows how an Intelligent Security Agent is secured by implementing it as a distributed object. We show that the combination of intelligent software agents and distributed objects creates an agent that was not possible before, and solves many information security problems.In short, this thesis documents the results of a study in computer information security. The result of the study is a new information security model in which intelligent software agents and distributed objects are combined to create a security agent which acts on behalf of a user in open environments such as client/server systems and the Internet. The agent provides a set of services to its user and handles all information security related requests on behalf of its user.
|
49 |
Authentication techniques for secure Internet commerceNdaba, Sipho Lawrence 23 August 2012 (has links)
M.Sc.(Computer Science) / The aim of this dissertation (referred to as thesis in the rest of the document) is to present authentication techniques that can be used to provide secure Internet commerce. The thesis presents techniques that can be used to authenticate human users at logon, as well as techniques that are used to authenticate user's PC and the host system during communication. In so doing, the thesis presents cryptography as the most popular approach to provide information security. Chapter 1 introduces the authentication problem, the purpose and the structure of the thesis. The inadequate security of the Internet prevents companies and users to conduct commerce over the Internet. Authentication is one of the means of providing secure Internet commerce. - Chapter 2 provides an overview of the Internet by presenting the Internet history, Internet infrastructure and the current services that are available on the Internet. The chapter defines Internet commerce and presents some of the barriers to the Internet commerce. Chapter 3 provides an overview of network and internetwork security model. The purpose of this chapter is to put authentication into perspective, in relation to the overall security model. Security attacks, security services and security mechanisms are defined in this chapter. The IBM Security Architecture is also presented. Chapter 4 presents cryptography as the popular approach to information security. The conventional encryption and public-key encryption techniques are used to provide some of the security services described in chapter 3. Chapter 5 presents various schemes that can be used to provide computer-to-computer authentication. These schemes are grouped into the following authentication functions: message encryption, cryptographic checksums, hash functions and digital signatures. Chapter 6 differentiates between one-way authentication schemes and mutual authentication schemes. The applicability of each approach depends on the communicating parties. Chapter 7 presents some of the popular and widely used open-systems technologies Internet protocols, which employ some of the schemes discussed in chapter 5 and chapter 6. These include the SSL, PCT, SHTTP, Kerberos, SESAME and SET. Chapter 8 discusses some of the enabling technologies that are used to provide human user authentication in a computer system. The password technology, the biometric technologies and the smart card technology are discussed. The considerations of selecting a specific technology are also discussed. Chapter 9 presents some of the techniques that can be used to authentication Internet users (human users) over the Internet. The techniques discussed are passwords, knowledge-based technique, voice recognition, smart cards, cellular based technique, and the technique that integrates Internet banking. Chapter 10 defines criteria on which the Internet user authentication techniques presented in chapter 9 can be measured against. The evaluation of each of the techniques is made against the specified criteria. In fact, this chapter concludes the thesis. Chapter 11 provides case studies on two of the techniques evaluated in chapter 10. Specifically, the insurance case study and the medical aid case studies are presented.
|
50 |
Mosaic : model for secure anonymous Internet communicationGeldenhuys, Jan Harm Steenkamp. 12 September 2012 (has links)
D.Litt. et Phil. / It is said that computer security is like getting into bed with an elephant. You know you have a problem, but you can't get your arms around it! Looking at security from a distributed point of view makes this elephant seem much bigger! The growth of the Internet (see chapter 2) is also not very comforting to computer security specialists. Companies want to start utilising the Internet for their business transactions, while the man on the street wants to use it for what they deem necessary or convenient. It is becoming more and more common placed to buy items from virtual storefronts by making use of the Internet. [17,20,23] Literature, as well as the World Wide Web has supplied us with information [34] regarding the "war" between the IT Security Professional and the hacker community. It is quite surprising to see the large number of hacker sites on the Internet [15,16,21] that publish information regarding hacked sites, as well as tools and techniques that can assist almost anyone in accomplishing some of these sometimes, daring feats. If this information is studied and if we keep in mind that some of the more serious hacking attempts are being kept secret for reasons like loss of business or credibility, it might be deduced that the hacker community is always a step or two ahead of Security Professionals. It is the purpose of this thesis to present a model that will ensure secure, anonymous communication across the Internet This model is not aimed at replacing current technologies. It merely attempts to provide an alternative method for safe communication across public networks, like the Internet. The model will make use of a number of existing technologies in conjunction with one another to achieve its goal of secure, anonymous communication. The technologies that will be used and how will be discussed briefly in this chapter.
|
Page generated in 0.1112 seconds