1 |
Connect street light control devices in a secure networkLykouropoulos, Efstathios, Kostoulas, Andreas, Jumaa, Zainab January 2015 (has links)
Wireless communications is a constantly progressing technology in network engineering society, creating an environment full of opportunities that are targeting in financial growth, quality of life and humans prosperity. Wireless security is the science that has as a goal to provide safe data communication between authorized users and prevent unauthorized users from gaining access, deny access, damage or counterfeit data in a wireless environment. In order to success it uses layers of protection that consist of software and hardware mechanisms that are able to monitor network’s behavior and in coordination provide a safe and secure environment for the user. In this thesis, a scientific research will be conducted in a given wireless network topology designed for an original application. This is about an intelligent street lightning system and it has already been implemented by Greinon Engineering which is the company that we are cooperating with. It is a matter of great importance that this thesis was conducted under real life criteria and in cooperation with an engineering company. This means that our programming, our ideas, our study research were all rotated and concentrated in certain type of hardware – software and network topology. In this thesis there is a detailed overview of basic wireless security mechanisms – vulnerabilities – types of attacks and countermeasures focused on 802.11b protocol. Moreover there will be security weak point’s analysis on the given industrial network; our proposals to protect and secure this network based on our threat analysis of the current system. There is an analysis on the most up to date VPN security implementations and reasoning that guided our team to conclude in a specific procedure - protocol and implementation, including limitation factors – obstacles faces during this procedure. During this research iterative approach in procedures – ideas and implementation attempts is followed. Basic goal is to provide security solutions that are easy applicable, low cost, easy to maintain and monitor.
|
2 |
On LTE Security: Closing the Gap Between Standards and ImplementationDeMarinis, Nicholas AF 08 May 2015 (has links)
Modern cellular networks including LTE (Long Term Evolution) and the evolving LTE- Advanced provide high-speed and high-capacity data services for mobile users. As we become more reliant on wireless connectivity, the security of voice and data transmissions on the network becomes increasingly important. While the LTE network standards provide strict security guidelines, these requirements may not be completely followed when LTE networks are deployed in practice. This project provides a method for improving the security of LTE networks by 1) characterizing a gap between security requirements defined in the standards and practical implementations, 2) designing a language to express the encoding formats of one of LTE’s network-layer protocols, 3) developing a compiler to translate a protocol description in our language into an implementation, and 4) providing recommendations on lessons learned during development of the language and compiler to support development of future protocols that employ formal representations. In this way, our work demonstrates how a formal language can be utilized to represent a cellular network protocol and serves as an example for further research on how adding formalism to network standards can help ensure that the security goals defined in the standards can be upheld in an implementation.
|
3 |
Network Security AnalysisHassan, Aamir, Mohammad, Fida January 2010 (has links)
<p>Security is the second step after that a successful network has been deployed. There are many types of attacks that could potentially harm the network and an administrator should carefully document and plan the weak areas, where the network could be compromised. Attackers use special tools and techniques to find out all the possible ways of defeating the network security. This thesis addresses all the possible tools and techniques that attackers use to compromise the network. The purpose for exploring these tools will help an administrator to find the security holes before an attacker can. All of these tools in this thesis are only for the forensic purpose. Securing routers and switches in the best possible way is another goal. We in this part try to identify important ways of securing these devices, along with their limitations, and then determine the best possible way. The solution will be checked with network vulnerable tools to get the results. It is important to note that most of the attention in network security is given to the router, but far less attention is given to securing a switch. This thesis will also address some more ways of securing a switch, if there is no router in the network. </p> / The opponent for the thesis was Yan Wang and the presentation time was 60 minutes.
|
4 |
Dynamic silicon firewallLaturnas, Darrell Keith 20 September 2006
Computers are networked together in order to share the information they store and process. The internet connects many of these networks together, offering a multitude of options for communication, productivity and entertainment. It also offers the opportunity for unscrupulous individuals to contact these networked computers and attempt to appropriate or destroy the data on them, the computing resources they provide, and the identity or reputation of the computer user. Measures to secure networks need to be implemented by network administrators and users to protect their computing assets. <p>Firewalls filter information as it flows through a network. This filter can be implemented in hardware or software and can be used to protect computers from unwanted access. While software firewalls are considered easier to set up and use, hardware firewalls are often considered faster and more secure. Absent from the marketplace is an embedded hardware solution applicable to desktop systems. <p>Traditional software firewalls use the processor of the computer to filter packets; this is disadvantageous because the computer can become unusable during a network attack when the processor is swamped by the firewall process. Traditional hardware firewalls are usually implemented in a single location, between a private network and the internet. Depending on the size of the private network, a hardware firewall may be responsible for filtering the network traffic of hundreds of clients. This not only makes the required hardware firewall quite expensive, but dedicates those financial resources to a single point that may fail. <p>The dynamic silicon firewall project implements a hardware firewall using a soft-core processor with a custom peripheral designed using a hardware description language. Embedding this hardware firewall on each network interface card in a network would offer many benefits. It would avoid the aforementioned denial of service problem that software firewalls are susceptible to since the custom peripheral handles the filtering of packets. It could also reduce the complexity required to secure a large private network, and eliminate the problem of a single point of failure. Also, the dynamic silicon firewall requires little to no administration since the filtering rules change with the users network activity. The design of the dynamic silicon firewall incorporates the best features from traditional hardware and software firewalls, while minimizing or avoiding the negative aspects of each.
|
5 |
Dynamic silicon firewallLaturnas, Darrell Keith 20 September 2006 (has links)
Computers are networked together in order to share the information they store and process. The internet connects many of these networks together, offering a multitude of options for communication, productivity and entertainment. It also offers the opportunity for unscrupulous individuals to contact these networked computers and attempt to appropriate or destroy the data on them, the computing resources they provide, and the identity or reputation of the computer user. Measures to secure networks need to be implemented by network administrators and users to protect their computing assets. <p>Firewalls filter information as it flows through a network. This filter can be implemented in hardware or software and can be used to protect computers from unwanted access. While software firewalls are considered easier to set up and use, hardware firewalls are often considered faster and more secure. Absent from the marketplace is an embedded hardware solution applicable to desktop systems. <p>Traditional software firewalls use the processor of the computer to filter packets; this is disadvantageous because the computer can become unusable during a network attack when the processor is swamped by the firewall process. Traditional hardware firewalls are usually implemented in a single location, between a private network and the internet. Depending on the size of the private network, a hardware firewall may be responsible for filtering the network traffic of hundreds of clients. This not only makes the required hardware firewall quite expensive, but dedicates those financial resources to a single point that may fail. <p>The dynamic silicon firewall project implements a hardware firewall using a soft-core processor with a custom peripheral designed using a hardware description language. Embedding this hardware firewall on each network interface card in a network would offer many benefits. It would avoid the aforementioned denial of service problem that software firewalls are susceptible to since the custom peripheral handles the filtering of packets. It could also reduce the complexity required to secure a large private network, and eliminate the problem of a single point of failure. Also, the dynamic silicon firewall requires little to no administration since the filtering rules change with the users network activity. The design of the dynamic silicon firewall incorporates the best features from traditional hardware and software firewalls, while minimizing or avoiding the negative aspects of each.
|
6 |
Security of the mobile devices in VäxjöKommun and corporationKrkusic, Enis January 2009 (has links)
No description available.
|
7 |
Network Security AnalysisHassan, Aamir, Mohammad, Fida January 2010 (has links)
Security is the second step after that a successful network has been deployed. There are many types of attacks that could potentially harm the network and an administrator should carefully document and plan the weak areas, where the network could be compromised. Attackers use special tools and techniques to find out all the possible ways of defeating the network security. This thesis addresses all the possible tools and techniques that attackers use to compromise the network. The purpose for exploring these tools will help an administrator to find the security holes before an attacker can. All of these tools in this thesis are only for the forensic purpose. Securing routers and switches in the best possible way is another goal. We in this part try to identify important ways of securing these devices, along with their limitations, and then determine the best possible way. The solution will be checked with network vulnerable tools to get the results. It is important to note that most of the attention in network security is given to the router, but far less attention is given to securing a switch. This thesis will also address some more ways of securing a switch, if there is no router in the network. / The opponent for the thesis was Yan Wang and the presentation time was 60 minutes.
|
8 |
Security of the mobile devices in VäxjöKommun and corporationKrkusic, Enis January 2009 (has links)
No description available.
|
9 |
A defense framework for flooding-based DDoS attacksYou, Yonghua 29 August 2007 (has links)
Distributed denial of service (DDoS) attacks are widely regarded as a major threat to the Internet. A flooding-based DDoS attack is a very common way to attack a victim machine by sending a large number of malicious traffic. In this thesis, we propose a distance-based distributed DDoS defense framework which defends against attacks by coordinating between the distance-based DDoS defense systems of the source ends and the victim end. The proposed defense system has three major components: detection, traceback, and response. In the detection component, two distance-based detection techniques are employed. First, a distance-based technique is used to detect attacks based on a distance statistical model. Second, a statistical traffic rate forecasting technique is applied to identify attack traffic within the traffic, that are separated based on distance to the victim-end network. For the traceback component, the existing Fast Internet Traceback (FIT) technique is employed to find remote edge routers which forward attack traffic to the victim. In the response component, the distance-based rate limit mechanism quickly lowers attack traffic by setting up rate limits on these routers. We evaluate the distance-based DDoS defense system on a network simulation platform called NS2. The results demonstrate that both detection techniques are capable of detecting flooding-based DDoS attacks, and the defense system can effectively control attack traffic to sustain quality of service for legitimate users. Moreover, the system shows better performance in defeating flooding-based DDoS attacks compared to the pushback technique which uses a local aggregate congestion control mechanism. / Thesis (Master, Computing) -- Queen's University, 2007-08-22 23:01:20.581
|
10 |
The extension and hardware implementation of the comprehensive integrated security system conceptMorrissey, Joseph Patrick January 1995 (has links)
The current strategy to computer networking is to increase the accessibility that legitimate users have to their respective systems and to distribute functionality. This creates a more efficient working environment, users may work from home, organisations can make better use of their computing power. Unfortunately, a side effect of opening up computer systems and placing them on potentially global networks is that they face increased threats from uncontrolled access points, and from eavesdroppers listening to the data communicated between systems. Along with these increased threats the traditional ones such as disgruntled employees, malicious software, and accidental damage must still be countered. A comprehensive integrated security system ( CISS ) has been developed to provide security within the Open Systems Interconnection (OSI) and Open Distributed Processing (ODP) environments. The research described in this thesis investigates alternative methods for its implementation and its optimisation through partial implementation within hardware and software and the investigation of mechanismsto improve its security. A new deployment strategy for CISS is described where functionality is divided amongst computing platforms of increasing capability within a security domain. Definitions are given of a: local security unit, that provides terminal security; local security servers that serve the local security units and domain management centres that provide security service coordination within a domain. New hardware that provides RSA and DES functionality capable of being connected to Sun microsystems is detailed. The board can be used as a basic building block of CISS, providing fast cryptographic facilities, or in isolation for discrete cryptographic services. Software written for UNIX in C/C++ is described, which provides optimised security mechanisms on computer systems that do not have SBus connectivity. A new identification/authentication mechanism is investigated that can be added to existing systems with the potential for extension into a real time supervision scenario. The mechanism uses keystroke analysis through the application of neural networks and genetic algorithms and has produced very encouraging results. Finally, a new conceptual model for intrusion detection capable of dealing with real time and historical evaluation is discussed, which further enhances the CISS concept.
|
Page generated in 0.0669 seconds