Digital forensic model for computer networks

Sanyamahwe, Tendai

January 2011

The Internet has become important since information is now stored in digital form and is transported both within and between organisations in large amounts through computer networks. Nevertheless, there are those individuals or groups of people who utilise the Internet to harm other businesses because they can remain relatively anonymous. To prosecute such criminals, forensic practitioners have to follow a well-defined procedure to convict responsible cyber-criminals in a court of law. Log files provide significant digital evidence in computer networks when tracing cyber-criminals. Network log mining is an evolution of typical digital forensics utilising evidence from network devices such as firewalls, switches and routers. Network log mining is a process supported by presiding South African laws such as the Computer Evidence Act, 57 of 1983; the Electronic Communications and Transactions (ECT) Act, 25 of 2002; and the Electronic Communications Act, 36 of 2005. Nevertheless, international laws and regulations supporting network log mining include the Sarbanes-Oxley Act; the Foreign Corrupt Practices Act (FCPA) and the Bribery Act of the USA. A digital forensic model for computer networks focusing on network log mining has been developed based on the literature reviewed and critical thought. The development of the model followed the Design Science methodology. However, this research project argues that there are some important aspects which are not fully addressed by South African presiding legislation supporting digital forensic investigations. With that in mind, this research project proposes some Forensic Investigation Precautions. These precautions were developed as part of the proposed model. The Diffusion of Innovations (DOI) Theory is the framework underpinning the development of the model and how it can be assimilated into the community. The model was sent to IT experts for validation and this provided the qualitative element and the primary data of this research project. From these experts, this study found out that the proposed model is very unique, very comprehensive and has added new knowledge into the field of Information Technology. Also, a paper was written out of this research project.

Computer crimes -- Investigation

Computer crimes -- Investigation

Evidence, Criminal

Computer networks -- Security measures

Electronic evidence

Forensic sciences

Internet -- Security measures

An adaptive multi-agent architecture for critical information infrastructure protection

Heydenrych, Mark

10 October 2014

M.Sc. (Information Technology) / The purpose of the research presented in this dissertation is to explore the uses of an adaptive multi-agent system for critical information infrastructure protection (CIIP). As the name suggests, CIIP is the process of protecting the information system which are connected to the infrastructure essential to the continued running of a country or organisation. CIIP is challenging due largely to the diversity of these infrastructures. The dissertation examines a number of artificial intelligence techniques that can be applied to CIIP; these techniques range from multi-agent systems to swarm optimisation. The task of protection is broken into three distinct areas: preventing unauthorised communication from outside the system; identifying anomalous actions on computers within the system; and ensuring that communication within the system is not modified externally. A multi-agent learning model, MALAMANTEAU, is proposed as a way to address the problem of CIIP. Due to various problems facing CIIP, multi-agent systems present good opportunities for solving these many problems in a single model. Agents within the MALAMANTEAU model will use diverse artificial and computational intelligence techniques in order to provide an adaptable approach to protecting critical networks. The research presented in the dissertation shows how computational intelligence can be employed alongside multi-agent systems in order to provide powerful protection for critical networks without exposing further security risks.

Multiagent systems

Distributed artificial intelligence

WebSAT: Web-based systems administration tool

Jeong, Juyong

01 January 2005

Discusses the development of WebSAT (Web-based systems administration tool), a computer network tool that allows systems administrators to create and delete accounts, disable and enable existing accounts, manage disk space conveniently, monitor the status of all network printers, and monitor network security. The WebSAT application was implemented using PHP, a server-side embedded scripting language, with a MySQL database.

Digital Communications and Networking

Facilitation versus security

Cioranu, Adrian Gabriel.

January 2005

No description available.

Airline passenger security screening.

Modeling and Analysis of Intentional And Unintentional Security Vulnerabilities in a Mobile Platform

Mohamed Issadeen, Mohamed Fazeen

12 1900

Mobile phones are one of the essential parts of modern life. Making a phone call is not the main purpose of a smart phone anymore, but merely one of many other features. Online social networking, chatting, short messaging, web browsing, navigating, and photography are some of the other features users enjoy in modern smartphones, most of which are provided by mobile apps. However, with this advancement, many security vulnerabilities have opened up in these devices. Malicious apps are a major threat for modern smartphones. According to Symantec Corp., by the middle of 2013, about 273,000 Android malware apps were identified. It is a complex issue to protect everyday users of mobile devices from the attacks of technologically competent hackers, illegitimate users, trolls, and eavesdroppers. This dissertation emphasizes the concept of intention identification. Then it looks into ways to utilize this intention identification concept to enforce security in a mobile phone platform. For instance, a battery monitoring app requiring SMS permissions indicates suspicious intention as battery monitoring usually does not need SMS permissions. Intention could be either the user's intention or the intention of an app. These intentions can be identified using their behavior or by using their source code. Regardless of the intention type, identifying it, evaluating it, and taking actions by using it to prevent any malicious intentions are the main goals of this research. The following four different security vulnerabilities are identified in this research: Malicious apps, spammers and lurkers in social networks, eavesdroppers in phone conversations, and compromised authentication. These four vulnerabilities are solved by detecting malware applications, identifying malicious users in a social network, enhancing the encryption system of a phone communication, and identifying user activities using electroencephalogram (EEG) for authentication. Each of these solutions are constructed using the idea of intention identification. Furthermore, many of these approaches have utilized different machine learning models. The malware detection approach performed with an 89% accuracy in detecting the given malware dataset. In addition, the social network user identification model's accuracy was above 90%. The encryption enhancement reduced the mobile CPU usage time by 40%. Finally, the EEG based user activities were identified with an 85% accuracy. Identifying intention and using it to improve mobile phone security are the main contributions of this dissertation.

Intention

mobile security

malware

spammers

encryption

electroencephalogram

An investigation into the illegal movement of goods from seaports-of-entry : a case study at Durban harbour

Moodley, Devandran Mogambery

02 1900

Seaports, or harbours, play a vital role in the logistical supply chain, since they handle the largest volumes of containerised cargo and bulk goods that enter any country. Over the decades, globalisation and free trade have resulted in increased movement of cargo and people through the sea ports. The security functions in all categories of the ports are of paramount importance, seeing that border posts or ports are the main entry and exit points of any country. The marine transport system is responsible for 95-98 per cent of South Africa’s imports and exports. South Africa’s maritime sector, and in particular its eight commercial ports-of-entry, play a major role in the South African economy, as well as those of South Africa’s neighbouring landlocked countries. As a result of the volume of cargo containers passing through these ports, it is often challenging to detect or even examine all of the cargo that enters or leaves the port. A 2007 report titled ‘The collective approach to Border Control’ states that the movement of illegal goods crossing South African borders is in the amount of 20 billion Rand per year. The illegal movement of goods represents an enormous loss to South Africa in terms of revenue, as well as customs and excise duties, and negatively impacts on the confidence of our international investors. One of South Africa’s busiest seaports-of-entry is the Durban harbour. This study sought to investigate the challenges presented by the illegal movement of goods through Durban harbour. The research sought to establish how the goods were being moved illegally through the Durban harbour area. The focus is on the security risk control measures that should control the illegal movement of goods from the Durban Harbour. The objectives of this study were: to examine the existing security risk control measures at the Durban harbour; to assess the risks associated with the illegal movement of goods at the Durban harbour; and to identify the security risk control measures required to prevent the illegal movement of goods at the Durban harbour. The study made use of the qualitative research approach to research the unlawful transfer of goods entering through seaports. Three methods of data collection were used. These were a documentary study of police case dockets, an onsite security audit of the Durban harbour, and face-to-face interviews between the researcher and the interviewees in accordance with an interview schedule. Semi-structured interviews were conducted with the SAPS Border Police, customs officials and security officials who were stationed at the Durban harbour. Thirty (30) sample respondents were individually interviewed by the interviewer. An analysis of fifty (50) police dockets which were registered on the SAPS crime administration system for ‘Theft and Contraband Smuggling’ were also analysed, where the scene-of-crime was the Durban harbour. In addition, an onsite evaluation of the current security measures at the Durban harbour was conducted. All of the data collected was analysed using a data-spiral method, which generated themes and categories. The findings established that there are shortcomings or gaps within the existing security measures for the prevention of, and safeguarding the harbour as a port against, criminal risks or security weaknesses. Accordingly, the researcher has recommended certain measures that should assist in eliminating or reducing the associated criminal risks affecting the harbour. / Criminology and Security Science / M. Tech. (Security Management)

363.286096845

Safety as a priority at shopping centres in Gauteng: an assessment of existing security measures

Lutchminarain, Natasha

02 1900

Text in English / Violent crime and more specifically armed robberies constitute a growing threat to shopping centres in terms of their vulnerability to such criminal acts. These violent crimes are becoming ever more organised and sophisticated. Shopping centres across South Africa have become the latest targets for these syndicates. Due to the increasing number of armed robberies and violent crimes at shopping centres and the nature of violence used in these attacks, it points to a need for improvements to be made to the security measures that are in place at shopping centres. This study explored the risks and vulnerabilities at shopping centres that have led to the phenomenon of armed robberies at shopping centres in Gauteng; evaluated the current physical protection systems that are in place at shopping centres in Gauteng in order to assist with the reduction of shopping centre armed robberies; and recommendations were made for the implementation of effective security risk control measures at shopping centre’s across South Africa and specifically the province of Gauteng. Self-administered questionnaire surveys were used to explore the phenomenon from the perspectives of both retail employees and customers. The data collected from the questionnaires, utilising the non-experimental research design, were quantitatively analysed. Based on the findings from the study recommendations for the improvement of shopping centre security were formulated along with recommendations for future research. / Security Risk Management / M.Tech. (Security Management)

Shopping centre

Shopping mall

Mall

Armed robbery

Violent crimes

Security measures

Security risk control measures

Retail employee

Customer

Retail

363.289096822

Addressing the incremental risks associated with adopting a Bring Your Own Device program by using the COBIT 5 framework to identify keycontrols

Weber, Lyle

04 1900

Thesis (MComm)--Stellenbosch University, 2014. / ENGLISH ABSTRACT: Bring Your Own Device (BYOD) is a technological trend which individuals of all ages are embracing. BYOD involves an employee of an organisation using their own mobile devices to access their organisations network. Several incremental risks will arise as a result of adoption of a BYOD program by an organisation. The research aims to assist organisations to identify what incremental risks they could potentially encounter if they adopt a BYOD program and how they can use a framework like COBIT 5 in order to reduce the incremental risks to an acceptable level. By means of an extensive literature review the study revealed 50 incremental risks which arise as a result of the adoption of a BYOD program. COBIT 5 was identified as the most appropriate framework which could be used to map the incremental risks against. Possible safeguards were identified from the mapping process which would reduce the incremental risks to an acceptable level. It was identified that 13 of the 37 COBIT 5 processes were applicable for the study.

Theses -- Accountancy

Dissertations -- Accountancy

Computer networks -- Security measures

Computer security -- Risk assessment

Dissertations -- Computer auditing

Theses -- Computer auditing

UCTD

An investigation into the illegal movement of goods from seaports-of-entry : a case study at Durban harbour

Moodley, Devandran Mogambery

02 1900

Seaports, or harbours, play a vital role in the logistical supply chain, since they handle the largest volumes of containerised cargo and bulk goods that enter any country. Over the decades, globalisation and free trade have resulted in increased movement of cargo and people through the sea ports. The security functions in all categories of the ports are of paramount importance, seeing that border posts or ports are the main entry and exit points of any country. The marine transport system is responsible for 95-98 per cent of South Africa’s imports and exports. South Africa’s maritime sector, and in particular its eight commercial ports-of-entry, play a major role in the South African economy, as well as those of South Africa’s neighbouring landlocked countries. As a result of the volume of cargo containers passing through these ports, it is often challenging to detect or even examine all of the cargo that enters or leaves the port. A 2007 report titled ‘The collective approach to Border Control’ states that the movement of illegal goods crossing South African borders is in the amount of 20 billion Rand per year. The illegal movement of goods represents an enormous loss to South Africa in terms of revenue, as well as customs and excise duties, and negatively impacts on the confidence of our international investors. One of South Africa’s busiest seaports-of-entry is the Durban harbour. This study sought to investigate the challenges presented by the illegal movement of goods through Durban harbour. The research sought to establish how the goods were being moved illegally through the Durban harbour area. The focus is on the security risk control measures that should control the illegal movement of goods from the Durban Harbour. The objectives of this study were: to examine the existing security risk control measures at the Durban harbour; to assess the risks associated with the illegal movement of goods at the Durban harbour; and to identify the security risk control measures required to prevent the illegal movement of goods at the Durban harbour. The study made use of the qualitative research approach to research the unlawful transfer of goods entering through seaports. Three methods of data collection were used. These were a documentary study of police case dockets, an onsite security audit of the Durban harbour, and face-to-face interviews between the researcher and the interviewees in accordance with an interview schedule. Semi-structured interviews were conducted with the SAPS Border Police, customs officials and security officials who were stationed at the Durban harbour. Thirty (30) sample respondents were individually interviewed by the interviewer. An analysis of fifty (50) police dockets which were registered on the SAPS crime administration system for ‘Theft and Contraband Smuggling’ were also analysed, where the scene-of-crime was the Durban harbour. In addition, an onsite evaluation of the current security measures at the Durban harbour was conducted. All of the data collected was analysed using a data-spiral method, which generated themes and categories. The findings established that there are shortcomings or gaps within the existing security measures for the prevention of, and safeguarding the harbour as a port against, criminal risks or security weaknesses. Accordingly, the researcher has recommended certain measures that should assist in eliminating or reducing the associated criminal risks affecting the harbour. / Criminology and Security Science / M. Tech. (Security Management)

363.286096845

Towards a conceptual framework for information security digital divide

Chisanga, Emmanuel

10 1900

In the 21st century, information security has become the heartbeat of any organisation. One of the best-known methods of tightening and continuously improving security on an information system is to uniquely and efficiently combine the human aspect, policies, and technology. This acts as leverage for designing an access control management approach which not only avails parts of the system that end-users are permitted to but also regulates which data is relevant according to their scope of work. This research explores information security fundamentals at organisational and theoretical levels, to identify critical success factors which are vital in assessing the organisation’s security maturity through a model referred to as “information security digital divide maturity framework”. The foregoing is based on a developed conceptual framework for information security digital divide. The framework strives to divide end-users, business partners, and other stakeholders into “specific information haves and have-nots”. It intends to assist organisations to continually evaluate and improve on their security governance, standards, and policies which permit access on the basis of each end-user or stakeholder’s business function, role, and responsibility while at the same time preserving the traditional standpoint of confidentiality, integrity, and availability. After a thorough review of a range of frameworks that have influenced the information security landscape, COBITTM was relied upon as a baseline for the development of the framework of the study because of its rich insight and maturity on IT management and governance. To ascertain that the proposed framework meets the required expectation, a survey targeting end-users within three participating organisations was carried out. The outcome revealed the current maturity level of each participating organisation, highlighting strengths and limitations of current information security practices. As such, for new organisations relying on the proposed framework for the first time, the outcome of such an assessment will represent a benchmark to be relied on for further improvement before embarking on the next maturity assessment cycle. In addition, a second survey was conducted with subject matter experts in information security. Data generated and collected through a questionnaire was then analysed and interpreted qualitatively and quantitatively in order to identify aspects, not only to gauge the acceptance of the proposed conceptual framework but also to identify areas for improvements. The study found that there was a general consensus amongst experts on the importance of a framework for benchmarking information security digital divide in organisations. It also provided a range of valuable input relied upon to improve the framework to its final version. / School of Computing / M. Sc. (Computing)

Capability maturity

Digital divide

Information security

Information systems

Critical success factors

Information security digital divide

Information security maturity level

Frameworks

Benchmarking

005.8

Computer security

Computer networks -- Security measures