Global ETD Search

21	A Comparative Analysis of SecurityServices Using Identity and AccessManagement (IAM) Muddychetty, Nithya Sree January 2024 (has links) Background: Identity and Access Management (IAM) is a critical IT securityframework for managing digital identities and resource access. With roots datingback to ancient civilizations, IAM has evolved from basic authentication to sophisticated methods. Okta, a leading cloud-based IAM platform founded in 2009, excelsin identity management, authentication, and access control. It is recognized for itscommitment to security and adaptability to cybersecurity challenges. As of October2023, Okta maintains its prominent position in the IAM market, acknowledged byGartner’s Magic Quadrant for Access Management, worldwide. Objectives: The objective of this thesis is to conduct a comprehensive comparative analysis of security services, specifically focusing on their integration with IAMsolutions. This investigation seeks to provide an examination of security serviceslike Multi-factor authentication (MFA) and Single Sign On (SSO) and evaluate theireffectiveness in conjunction with IAM. By doing so, we aim to determine which security approach offers the most robust protection in our digitally interconnected world. Methods: The primary goal of this methodology is to create a robust, secure,and user-friendly authentication and access management system using Okta withinan IAM framework. This involves the integration of both MFA and SSO features.To kickstart the process, we establish a controlled environment that mirrors thereal-world scenarios. Okta is chosen as the IAM tool, and its deployment involvesmanaging user identities, controlling access, and handling authentication. Results: The result of the study on the comparative analysis of security servicesusing IAM reveals distinct differences in the effectiveness and features among securityservices. Key findings highlight variations in authentication methods, authorizationmechanisms, and overall security robustness. This comprehensive examination provides valuable insights into the strengths and weaknesses of different IAM-basedsecurity services, offering a foundation for informed decision-making in selecting themost suitable solution for specific organizational needs. Conclusions: This thesis conclusively demonstrates the efficacy of integrating SSOand MFA into IAM. The incorporation of Biometric Authentication and Time basedOne Time-Password (TOTP) in MFA garnered strong user preference. SSO implementation streamlined authentication, reducing steps and enhancing ease of use.The overwhelmingly positive user feedback and robust security measures validateSSO+MFA as a valuable contribution to IAM, ensuring data security and user confidence. Access Control Lists Identity Access Management Multi-Factor Authentication One time password Single sign on System Usability Scale Virtual private network Computer Sciences Datavetenskap (datalogi)
22	Cybersecurity awareness among Swedish young adults in usage of public Wi-Fi networks Al Shakosh, Suhel January 2024 (has links) The widespread availability of public Wi-Fi has significantly impacted how young adults in Sweden access the Internet for various purposes, including social interactions, academic activities, and entertainment. However, this convenience comes with substantial cybersecurity risks. This study aims to explore and understand the awareness level among young adults regarding cybersecurity threats when utilizing public Wi-Fi and to delve into the measures and strategies employed by young adults to safeguard themselves from these identified threats. The root problem addressed in this study is the potential gap in cybersecurity awareness and protective behaviors among young adults who frequently use public Wi-Fi. Understanding this gap is crucial for developing effective educational initiatives and security practices that can mitigate the risks involved. To investigate this issue, a qualitative research method was employed, involving semi-structured interviews with ten participants, balanced in gender. The interviews aimed to gather in-depth insights into the participants' motivations for using public Wi-Fi, their awareness of cybersecurity risks, and the measures they take to protect themselves. Utilizing semi-structured interviews with ten participants, the study reveals a diverse range of awareness and behaviors. While some participants demonstrate a strong understanding of cyber threats and employ proactive measures such as using VPNs and antivirus software, others show only a cursory awareness and engage in risky behaviors due to a lack of knowledge or disregard for potential threats. This variation highlights a disparity in how young adults approach cybersecurity when using public Wi-Fi. The study underscores a need for targeted educational initiatives to enhance protective practices among this demographic, which could inform future cybersecurity policies and educational programs. By focusing on increasing cybersecurity awareness and promoting better security habits, the risks associated with public Wi-Fi usage can be better managed, thereby helping to protect the digital lives of young individuals in Sweden. Public Wi-Fi cybersecurity young adults Internet safety risk awareness protective measures VPN (virtual private network) privacy security Information Systems, Social aspects
23	Securing Network Connected Applications with Proposed Security Models Konstantaras, Dimitrios, Tahir, Mustafa January 2008 (has links) <p>In today’s society, serious organizations need protection against both internal and external attacks. There are many different technologies available that organizations can incorporate into their organization in order to enhance security for their networking applications. Unfortunately, security is way to often considered as an afterthought and therefore implemented as an external part of the applications. This is usually performed by introducing general security models and technologies.</p><p>However, an already developed, well structured and considered security approach – with proper implementation of security services and mechanisms – different security models can be used to apply security</p><p>within the security perimeter of an organization. It can range from built into the application to the edge of a private network, e.g. an appliance. No matter the choice, the involved people must possess security expertise to deploy the proposed security models in this paper, that have the soul purpose to secure applications.</p><p>By using the Recommendation X.800 as a comparison framework, the proposed models will be analyzed in detail and evaluated of how they provide the security services concerned in X.800. By reasoning about what security services that ought to be implemented in order to prevent or detect diverse security attacks, the organization needs to carry out a security plan and have a common understanding of the deﬁned security policies.</p><p>An interesting ﬁnding during our work was that, using a methodology that leads to low KLOC-values results in high security, though low KLOC-values and high security go hand-in-hand.</p> Security service security mechanism security protocol security policy X.800 standard attacks application proxy firewall Virtual Private Network (VPN) plugin filter Team Software Process (TSP) IPsec Common Criteria (CC) DMZ Computer science Datavetenskap
24	Study of mechanisms ensuring service continuity for IKEv2 and IPsec protocols Palomares Velasquez, Daniel 14 November 2013 (has links) (PDF) During 2012, the global mobile traffic represented 70\% more than 2011. The arrival of the 4G technology introduced 19 times more traffic than non-4G sessions, and in 2013 the number of mobile-connected to the Internet exceeded the number of human beings on earth. This scenario introduces great pressure towards the Internet service providers (ISPs), which are called to ensure access to the network and maintain its QoS. At short/middle term, operators will relay on alternative access networks in order to maintain the same performance characteristics. Thus, the traffic of the clients might be offloaded from RANs to some other available access networks. However, the same security level is not ensured by those wireless access networks. Femtocells, WiFi or WiMAX (among other wireless technologies), must rely on some mechanism to secure the communications and avoid untrusted environments. Operators are mainly using IPsec to extend a security domain over untrusted networks. This introduces new challenges in terms of performance and connectivity for IPsec. This thesis concentrates on the study of the mechanism considering improving the IPsec protocol in terms of continuity of service. The continuity of service, also known as resilience, becomes crucial when offloading the traffic from RANs to other access networks. This is why we first concentrate our effort in defining the protocols ensuring an IP communication: IKEv2 and IPsec. Then, we present a detailed study of the parameters needed to keep a VPN session alive, and we demonstrate that it is possible to dynamically manage a VPN session between different gateways. Some of the reasons that justify the management of VPN sessions is to provide high availability, load sharing or load balancing features for IPsec connections. These mechanisms increase the continuity of service of IPsec-based communication. For example, if for some reason a failure occurs to a security gateway, the ISP should be able to overcome this situation and to provide mechanisms to ensure continuity of service to its clients. Some new mechanisms have recently been implemented to provide High Availability over IPsec. The open source VPN project, StrongSwan, implemented a mechanism called ClusterIP in order to create a cluster of IPsec gateways. We merged ClusterIP with our own developments in order to define two architectures: High Availability and Context Management over Mono-LAN and Multi-LAN environments. We called Mono-LAN those architectures where the cluster of security gateways is configured under a single IP address, whereas Multi-LAN concerns those architectures where different security gateways are configured with different IP addresses. Performance measurements throughout the thesis show that transferring a VPN session between different gateways avoids re-authentication delays and reduce the amount of CPU consumption and calculation of cryptographic material. From an ISP point of view, this could be used to avoid overloaded gateways, redistribution of the load, better network performances, improvements of the QoS, etc. The idea is to allow a peer to enjoy the continuity of a service while maintaining the same security level that it was initially proposed [INFO:INFO_OH] Computer Science/Other [INFO:INFO_OH] Informatique/Autre IPsec IKEv2 Resilience Context transfer High availability VPN management Virtual private network
25	Securing Network Connected Applications with Proposed Security Models Konstantaras, Dimitrios, Tahir, Mustafa January 2008 (has links) In today’s society, serious organizations need protection against both internal and external attacks. There are many different technologies available that organizations can incorporate into their organization in order to enhance security for their networking applications. Unfortunately, security is way to often considered as an afterthought and therefore implemented as an external part of the applications. This is usually performed by introducing general security models and technologies. However, an already developed, well structured and considered security approach – with proper implementation of security services and mechanisms – different security models can be used to apply security within the security perimeter of an organization. It can range from built into the application to the edge of a private network, e.g. an appliance. No matter the choice, the involved people must possess security expertise to deploy the proposed security models in this paper, that have the soul purpose to secure applications. By using the Recommendation X.800 as a comparison framework, the proposed models will be analyzed in detail and evaluated of how they provide the security services concerned in X.800. By reasoning about what security services that ought to be implemented in order to prevent or detect diverse security attacks, the organization needs to carry out a security plan and have a common understanding of the deﬁned security policies. An interesting ﬁnding during our work was that, using a methodology that leads to low KLOC-values results in high security, though low KLOC-values and high security go hand-in-hand. Security service security mechanism security protocol security policy X.800 standard attacks application proxy firewall Virtual Private Network (VPN) plugin filter Team Software Process (TSP) IPsec Common Criteria (CC) DMZ Computer Sciences Datavetenskap (datalogi)
26	Modul rozšiřující funkcionalitu GDPR řešení / Module Extending Functionality of GDPR Solution Janeček, Vít January 2018 (has links) The goal of this thesis is to introduced the principles of access control technologies, the General Data Protection Regulation and the software for data leakage protection. An essential part of the work is a draft and implementation of the expansion module for user device authentication including shared storage access authorization. Therefore, this module allows to verify whether a user can access shared corporate resources. It also allows to enable or disable access based on specified attributes, such as the type of the protected service or user permission. The basic verification of the module's functionality is realized through different sets of tests and a virtual environment that simulates the corporate environment. The result of the draft is a module that allows to verify access based on the device, and this module is moreover integrated into the Safetica security platform.
27	Mitteilungen des URZ 1/2004 Richter,, Riedel,, Grunewald,, Schier, 04 March 2004 (has links) (PDF) Informationen des Universitätsrechenzentrums Administrationsdienste Aus- und Weiterbildungsangebot URZ Jahresrückblick 2003 Netzinfrastruktur Software-Service Spamschutz Speicherdienste URZ-Dienste für UB und PIZ CD/DVD-Service öffentliche Computerpools Dienste des URZ Druckdienst HBFG-Projekte Identitätsmanagement Spam VPN (Virtual Private Network) Hardware-Service High Performance Computing ddc:050 ddc:004 PHP Passwort Sicherheit
28	Anonymní pohyb v síti internet / Anonymous communication on the internet Hořejš, Jan January 2014 (has links) The objective of this master’s thesis was to describe current capabilities of anonymous browsing over the Internet. The theoretical part focuses on three main methods of anonymization with main focus on Tor network. The master‘s thesis describes advantages and disadvantages of different solutions and possible attacks on them. In the next part is demonstrated Tor network, implementation of Hidden service and secured access to the server for clients and possible attacks against this proposal. The work also includes the results of measurements of all three anonymizers and the effects on their speed.
29	Mitteilungen des URZ 1/2004 Richter, Riedel, Grunewald, Schier 04 March 2004 (has links) Informationen des Universitätsrechenzentrums:Jahresrückblick 2003 Aktuelle HBFG-Projekte Sicheres Programmieren mit PHP Passwort vergessen - was nun? VPN-Dienst des URZ Spam-Schutz 'Textanalyse' erweitert info:eu-repo/classification/ddc/050 ddc:050 info:eu-repo/classification/ddc/004 ddc:004 PHP; Passwort; Sicherheit

Search results