Information System Security

Yucel, Okan

01 January 2003

This thesis analyzes the physical, communicational, and organizational dimensions of information system security process by taking the four-layer approach, which is composed of the policy, model, architecture, and mechanisms into account. Within this scope, according to the results of the security analysis of information systems in METU Informatics Institute, the policy, model, architecture, and mechanisms necessary to prepare a new security process were proposed. As a subcomponent of this proposed security process, the network security of the IS100 course was partially established, and the generated results were evaluated.

A quantitative measure of the security risk level of enterprise networks

Munir, Rashid, Pagna Disso, Jules F., Awan, Irfan U., Mufti, Muhammad R.

January 2013

No / Along with the tremendous expansion of information technology and networking, the number of malicious attacks which cause disruption to business processes has concurrently increased. Despite such attacks, the aim for network administrators is to enable these systems to continue delivering the services they are intended for. Currently, many research efforts are directed towards securing network further whereas, little attention has been given to the quantification of network security which involves assessing the vulnerability of these systems to attacks. In this paper, a method is devised to quantify the security level of IT networks. This is achieved by electronically scanning the network using the vulnerability scanning tool (Nexpose) to identify the vulnerability level at each node classified according to the common vulnerability scoring system standards (critical, severe and moderate). Probabilistic approach is then applied to calculate an overall security risk level of sub networks and entire network. It is hoped that these metrics will be valuable for any network administrator to acquire an absolute risk assessment value of the network. The suggested methodology has been applied to a computer network of an existing UK organization with 16 nodes and a switch.

Long-run network pricing for security of supply in distribution networks

Gu, Chenghong

January 2010

No description available.

333

A risk assessment and optimisation model for minimising network security risk and cost

Viduto, Valentina

January 2012

Network security risk analysis has received great attention within the scientific community, due to the current proliferation of network attacks and threats. Although, considerable effort has been placed on improving security best practices, insufficient effort has been expanded on seeking to understand the relationship between risk-related variables and objectives related to cost-effective network security decisions. This thesis seeks to improve the body of knowledge focusing on the trade-offs between financial costs and risk while analysing the impact an identified vulnerability may have on confidentiality, integrity and availability (CIA). Both security best practices and risk assessment methodologies have been extensively investigated to give a clear picture of the main limitations in the area of risk analysis. The work begins by analysing information visualisation techniques, which are used to build attack scenarios and identify additional threats and vulnerabilities. Special attention is paid to attack graphs, which have been used as a base to design a novel visualisation technique, referred to as an Onion Skin Layered Technique (OSLT), used to improve system knowledge as well as for threat identification. By analysing a list of threats and vulnerabilities during the first risk assessment stages, the work focuses on the development of a novel Risk Assessment and Optimisation Model (RAOM), which expands the knowledge of risk analysis by formulating a multi-objective optimisation problem, where objectives such as cost and risk are to be minimised. The optimisation routine is developed so as to accommodate conflicting objectives and to provide the human decision maker with an optimum solution set. The aim is to minimise the cost of security countermeasures without increasing the risk of a vulnerability being exploited by a threat and resulting in some impact on CIA. Due to the multi-objective nature of the problem a performance comparison between multi-objective Tabu Search (MOTS) Methods, Exhaustive Search and a multi-objective Genetic Algorithm (MOGA) has been also carried out. Finally, extensive experimentation has been carried out with both artificial and real world problem data (taken from the case study) to show that the method is capable of delivering solutions for real world problem data sets.

005.8

Employing a secure Virtual Private Network (VPN) infrastructure as a global command and control gateway to dynamically connect and disconnect diverse forces on a task-force-by-task-force basis

Kilcrease, Patrick N.

January 2009

Thesis (M.S. in Information Technology Management)--Naval Postgraduate School, September 2009. / Thesis Advisor(s): Barreto, Albert. "September 2009." Description based on title screen as viewed on 6 November 2009. Author(s) subject terms: Virtual Private Network, GHOSTNet, maritime interdiction operations, internet protocol security, encapsulating security protocol, data encryption standard. Includes bibliographical references (p. 83-84). Also available in print.

Practical Encryption Gateways to Integrate Legacy Industrial Machinery

Lackorzynski, Tim

12 August 2022

Future industrial networks will consist of a mixture of old and new components, due to the very long life-cycles of industrial machines on the one hand and the need to change in the face of trends like Industry 4.0 or the industrial Internet of things on the other. These networks will be very heterogeneous and will serve legacy as well as new use cases in parallel. This will result in an increased demand for network security and precisely within this domain, this thesis tries to answer one specific question: how to make it possible for legacy industrial machines to run securely in those future heterogeneous industrial networks. The need for such a solution arises from the fact, that legacy machines are very outdated and hence vulnerable systems, when assessing them from an IT security standpoint. For various reasons, they cannot be easily replaced or upgraded and with the opening up of industrial networks to the Internet, they become prime attack targets. The only way to provide security for them, is by protecting their network traffic. The concept of encryption gateways forms the basis of our solution. These are special network devices, that are put between the legacy machine and the network. The gateways encrypt data traffic from the machine before it is put on the network and decrypt traffic coming from the network accordingly. This results in a separation of the machine from the network by virtue of only decrypting and passing through traffic from other authenticated gateways. In effect, they protect communication data in transit and shield the legacy machines from potential attackers within the rest of the network, while at the same time retaining their functionality. Additionally, through the specific placement of gateways inside the network, fine-grained security policies become possible. This approach can reduce the attack surface of the industrial network as a whole considerably. As a concept, this idea is straight forward and not new. Yet, the devil is in the details and no solution specifically tailored to the needs of the industrial environment and its legacy components existed prior to this work. Therefore, we present in this thesis concrete building blocks in the direction of a generally applicable encryption gateway solution that allows to securely integrate legacy industrial machinery and respects industrial requirements. This not only entails works in the direction of network security, but also includes works in the direction of guaranteeing the availability of the communication links that are protected by the gateways, works to simplify the usability of the gateways as well as the management of industrial data flows by the gateways.

Industrial security, network security

info:eu-repo/classification/ddc/004

ddc:004

Multi-channel security protocols in personal networks

Huang, Xin

January 2014

Personal computing devices are becoming more and more popular. These devices are able to collaborate with each other using wireless communication technologies, and then support many applications. Some interesting examples of these are healthcare, context-aware computing, and sports training. In any such applications, security is of vital importance. Firstly, sensitive personal data is always collected in these applications, thus confidentiality is usually required. Secondly, authenticity and integrity of data or instructions are always critical; incorrect data or instructions are not only useless, but also harmful in some cases. This thesis analyses the security requirements of personal networks, and develops a number of multi-channel security protocols. With the help of out-of-band channels, especially no-spoofing and no-blocking out-of-band channels, these protocols can bootstrap security in personal networks. In particular, three kinds of security protocols have been studied: protocols that use human-controlled channels, protocols that use visible light communications, and protocols that use intra-body communications. Interesting trade-offs have been discovered among communication, computation and security, resulting from different channel implementations and protocols.

005.8

Moderní služby honeypot/honeynet pro klasické informační sítě / Honeypot/Honeynet as modern services for classical information networks

Karger, David

January 2020

This work describes honeypots, their definition, clasification and logging possibilities. In the practical part honeypots are tested for the services that are most often attacked, their installation is performed and tests are made for basic familiarization with the functionality of the honeypot. Furthermore, the honeypot is exposed to the Internet and the obtained data are analyzed.

An Exploration of Wireless Networking and the Management of Associated Security Risk

Collins, Helen Loretta

01 January 2015

The rapid expansion of wireless information technology (IT) coupled with a dramatic increase in security breaches forces organizations to develop comprehensive strategies for managing security risks. The problem addressed was the identification of security risk management practices and human errors of IT administrators, putting the organization at risk for external security intrusion. The purpose of this non-experimental quantitative study was to investigate and determine the security risk assessment practices used by IT administrators to protect the confidentiality and integrity of the organization's information. The research questions focused on whether the security risk management practices of IT administrators met or exceeded the minimally accepted practices and standards for wireless networking. The security risk assessment and management model established the theoretical framework. The sample was 114 participants from small to medium IT organizations comprised of security engineers, managers, and end users. Data collection was via an online survey. Data analysis included both descriptive and inferential statistical methods. The results revealed that greater than 80% of participants conducted appropriate risk management and review assessments. This study underscored the need for a more comprehensive approach to managing IT security risks. IT managers can use the outcome of this study as a benchmark for evaluating their current risk assessment procedures. Experiencing security breaches in organizations may be inevitable. However, when organizations and industry leaders can greatly reduce the cost of a data breach by developing effective risk management plans that lead to better security outcomes, positive social change can be realized.

breaches to AIS security

IEEE 802.11

security network

vulnerability and risk analysis

wireless networking

wireless threats

Databases and Information Systems

Other Communication

An agent-based Bayesian method for network intrusion detection

Pikoulas, John

January 2003

Security is one of the major issues in any network and on the Internet. It encapsulates many different areas, such as protecting individual users against intruders, protecting corporate systems against damage, and protecting data from intrusion. It is obviously impossible to make a network totally secure, as there are so many areas that must be protected. This thesis includes an evaluation of current techniques for internal misuse of computer systems, and tries to propose a new way of dealing with this problem. This thesis proposes that it is impossible to fully protect a computer network from intrusion, and shows how different methods are applied at differing levels of the OSI model. Most systems are now protected at the network and transport layer, with systems such as firewalls and secure sockets. A weakness, though, exists in the session layer that is responsible for user logon and their associated password. It is thus important for any highly secure system to be able to continually monitor a user, even after they have successfully logged into the system. This is because once an intruder has successfully logged into a system, they can use it as a stepping-stone to gain full access (often right up to the system administrator level). This type of login identifies another weakness of current intrusion detection systems, in that they are mainly focused on detecting external intrusion, whereas a great deal of research identifies that one of the main problems is from internal intruders, and from staff within an organisation. Fraudulent activities can often he identified by changes in user behaviour. While this type of behaviour monitoring might not be suited to most networks, it could be applied to high secure installations, such as in government, and military organisations. Computer networks are now one of the most rapidly changing and vulnerable systems, where security is now a major issue. A dynamic approach, with the capacity to deal with and adapt to abrupt changes, and be simple, will provide an effective modelling toolkit. Analysts must be able to understand how it works and be able to apply it without the aid of an expert. Such models do exist in the statistical world, and it is the purpose of this thesis to introduce them and to explain their basic notions and structure. One weakness identified is the centralisation and complex implementation of intrusion detection. The thesis proposes an agent-based approach to monitor the user behaviour of each user. It also proposes that many intrusion detection systems cannot cope with new types of intrusion. It thus applies Bayesian statistics to evaluate user behaviour, and predict the future behaviour of the user. The model developed is a unique application of Bayesian statistics, and the results show that it can improve future behaviour prediction than existing ARIMA models. The thesis argues that the accuracy of long-term forecasting questionable, especially in systems that have a rapid and often unexpected evolution and behaviour. Many of the existing models for prediction use long-term forecasting, which may not be the optimal type for intrusion detection systems. The experiments conducted have varied the number of users and the time interval used for monitoring user behaviour. These results have been compared with ARIMA, and an increased accuracy has been observed. The thesis also shows that the new model can better predict changes in user behaviour, which is a key factor in identifying intrusion detection. The thesis concludes with recommendations for future work, including how the statistical model could be improved. This includes research into changing the specification of the design vector for Bayesian. Another interesting area is the integration of standard agent communication agents, which will make the security agents more social in their approach and be able to gather information from other agents

005.8