Página 1 dos resultados de 4337 itens digitais encontrados em 0.013 segundos

Bridging the gap between organizations policies and the network security and systems administration in SMEs

Cunha, Carlos R.; Morais, Elisabete Paulo; Gomes, João Pedro
Fonte: International Business Information Management Association Publicador: International Business Information Management Association
Tipo: Conferência ou Objeto de Conferência
Português
Relevância na Pesquisa
67.48333%
The administration of systems and networks is a technical specialized complex task. If large organizations can have in their Information Technology (IT) departments systems and network security specialists, Small and Medium Enterprises (SMEs) typically can’t; they have only some computers science broadband IT collaborators that respond by the maintenance of the IT resources, and, in some cases, accumulate with some software development. We make of this view the start point of our research, allying the growing need of securing the IT resources and the information sources which are becoming more and more valuable for every single organization. For SMEs the solution for implement security is, many times, an outsourcing task. The problem is that implementing security is an exercise that overflows the common IT domain, but it starts by fully understanding the organization culture, policies and procedures. This knowledge is something that collaborators learn day by day and not something that we can put on paper easily and tell some outsourced specialists to secure. Even if that could be done, the daily maintenance of the security would be a very hard task. This paper makes considerations about security on SMEs reality and presents a framework that permit a high level approach for implement security...

Formal validation of automated policy refinement in the management of network security systems

ALBUQUERQUE, Joao Porto de; KRUMM, Heiko; GEUS, Paulo Licio de
Fonte: SPRINGER Publicador: SPRINGER
Tipo: Artigo de Revista Científica
Português
Relevância na Pesquisa
57.241206%
Policy hierarchies and automated policy refinement are powerful approaches to simplify administration of security services in complex network environments. A crucial issue for the practical use of these approaches is to ensure the validity of the policy hierarchy, i.e. since the policy sets for the lower levels are automatically derived from the abstract policies (defined by the modeller), we must be sure that the derived policies uphold the high-level ones. This paper builds upon previous work on Model-based Management, particularly on the Diagram of Abstract Subsystems approach, and goes further to propose a formal validation approach for the policy hierarchies yielded by the automated policy refinement process. We establish general validation conditions for a multi-layered policy model, i.e. necessary and sufficient conditions that a policy hierarchy must satisfy so that the lower-level policy sets are valid refinements of the higher-level policies according to the criteria of consistency and completeness. Relying upon the validation conditions and upon axioms about the model representativeness, two theorems are proved to ensure compliance between the resulting system behaviour and the abstract policies that are modelled.

Formal validation of automated policy refinement in the management of network security systems

ALBUQUERQUE, Joao Porto de; KRUMM, Heiko; GEUS, Paulo Licio de
Fonte: SPRINGER Publicador: SPRINGER
Tipo: Artigo de Revista Científica
Português
Relevância na Pesquisa
57.241206%
Policy hierarchies and automated policy refinement are powerful approaches to simplify administration of security services in complex network environments. A crucial issue for the practical use of these approaches is to ensure the validity of the policy hierarchy, i.e. since the policy sets for the lower levels are automatically derived from the abstract policies (defined by the modeller), we must be sure that the derived policies uphold the high-level ones. This paper builds upon previous work on Model-based Management, particularly on the Diagram of Abstract Subsystems approach, and goes further to propose a formal validation approach for the policy hierarchies yielded by the automated policy refinement process. We establish general validation conditions for a multi-layered policy model, i.e. necessary and sufficient conditions that a policy hierarchy must satisfy so that the lower-level policy sets are valid refinements of the higher-level policies according to the criteria of consistency and completeness. Relying upon the validation conditions and upon axioms about the model representativeness, two theorems are proved to ensure compliance between the resulting system behaviour and the abstract policies that are modelled.

Negotiation of network security policy by means of agents

Martín, Pablo; Orfila, Agustín; Carbó, Javier
Fonte: Springer Publicador: Springer
Tipo: Conferência ou Objeto de Conferência Formato: application/octet-stream; application/octet-stream; application/pdf
Publicado em /03/2009 Português
Relevância na Pesquisa
57.425317%
Nowadays many intranets are deployed without enforcing any network security policy and just relying on security technologies such as firewalls or antivirus. In addition, the number and type of network entities are no longer fixed. Typically, laptops, PDAs or mobile phones need to have access to network resources occasionally. Therefore, it is important to design flexible systems that allow an easy administration of connectivity without compromising security. This article shows how software agents may provide secure configurations to a computer network in a distributed, autonomous and dynamic manner. Thus, here we describe the system architecture of a prototype, the negotiation protocol it uses and how it works in a sample scenario.; Proceeding of: 7th International Conference on Practical Applications of Agents and Multi-Agent Systems, 2009 (PAAMS 2009, 25-27 March 2009, Salamanca, Spain

Introduction of First Passage Time (FPT) Analysis for Software Reliability and Network Security

Ma, Zhanshan (Sam); Krings, Axel W.; Millar, Richard C.
Fonte: Escola de Pós-Graduação Naval Publicador: Escola de Pós-Graduação Naval
Tipo: Artigo de Revista Científica
Português
Relevância na Pesquisa
67.53286%
The Fifth CSIIRW '2009, April 13-15, Oak Ridge National Lab, Oak Ridge, Tennessee, USA. Includes a powerpoint presentation.; The study of the First Passage Time (FPT) problem (also known as first passage problem, FPP) started more than a century ago, but its diverse applications in science and engineering mostly emerged in the last two to three decades. Assuming that X(t) is a one-dimensional stochastic process, the First Passage Time is defined as the time (T) when X(t) first crosses a threshold. Engineering reliability is obviously a suitable application domain, and indeed applications such as optimal dam design in hydrology and analysis of structural failure in civil and mechanical engineering are typical examples. Although we envision that the FPT problem has great potential in network and software reliability, it should be more useful for network security and survivability because the approaches developed for the FPT problem are mostly analytical. The assumption for this inference is that in reliability analysis, experimental or historical data are often more readily available, which makes statistical approaches such as survival analysis more convenient and likely more realistic. In contrast, data is generally more difficult to obtain in security and survivability analyses...

SNEED: Enhancing Network Security Services Using Network Coding and Joint Capacity

Aly, Salah A.; Ansari, Nirwan; Poor, H. Vincent
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 23/12/2010 Português
Relevância na Pesquisa
57.53286%
Traditional network security protocols depend mainly on developing cryptographic schemes and on using biometric methods. These have led to several network security protocols that are unbreakable based on difficulty of solving untractable mathematical problems such as factoring large integers. In this paper, Security of Networks Employing Encoding and Decoding (SNEED) is developed to mitigate single and multiple link attacks. Network coding and shared capacity among the working paths are used to provide data protection and data integrity against network attackers and eavesdroppers. SNEED can be incorporated into various applications in on-demand TV, satellite communications and multimedia security. Finally, It is shown that SNEED can be implemented easily where there are k edge disjoint paths between two core nodes (routers or switches) in an enterprize network.

NEMESYS: Enhanced Network Security for Seamless Service Provisioning in the Smart Mobile Ecosystem

Gelenbe, Erol; Gorbil, Gokce; Tzovaras, Dimitrios; Liebergeld, Steffen; Garcia, David; Baltatu, Madalina; Lyberopoulos, George
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 23/05/2013 Português
Relevância na Pesquisa
57.241206%
As a consequence of the growing popularity of smart mobile devices, mobile malware is clearly on the rise, with attackers targeting valuable user information and exploiting vulnerabilities of the mobile ecosystems. With the emergence of large-scale mobile botnets, smartphones can also be used to launch attacks on mobile networks. The NEMESYS project will develop novel security technologies for seamless service provisioning in the smart mobile ecosystem, and improve mobile network security through better understanding of the threat landscape. NEMESYS will gather and analyze information about the nature of cyber-attacks targeting mobile users and the mobile network so that appropriate counter-measures can be taken. We will develop a data collection infrastructure that incorporates virtualized mobile honeypots and a honeyclient, to gather, detect and provide early warning of mobile attacks and better understand the modus operandi of cyber-criminals that target mobile devices. By correlating the extracted information with the known patterns of attacks from wireline networks, we will reveal and identify trends in the way that cyber-criminals launch attacks against mobile devices.; Comment: Accepted for publication in Proceedings of the 28th International Symposium on Computer and Information Sciences (ISCIS'13); 9 pages; 1 figure

A Weakest Chain Approach to Assessing the Overall Effectiveness of the 802.11 Wireless Network Security

Tasoluk, Berker; Tanrikulu, Zuhal
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 02/03/2011 Português
Relevância na Pesquisa
57.23251%
This study aims to assess wireless network security holistically and attempts to determine the weakest link among the parts that comprise the 'secure' aspect of the wireless networks: security protocols, wireless technologies and user habits. The assessment of security protocols is done by determining the time taken to break a specific protocol's encryption key, or to pass an access control by using brute force attack techniques. Passphrase strengths as well as encryption key strengths ranging from 40 to 256 bits are evaluated. Different scenarios are planned and created for passphrase generation, using different character sets and different number of characters. Then each scenario is evaluated based on the time taken to break that passphrase. At the end of the study, it is determined that the choice of the passphrase is the weakest part of the entire 802.11 wireless security system.; Comment: 8 pages, 3 tables

Service Oriented Architecture in Network Security - a novel Organisation in Security Systems

Hilker, Michael; Schommer, Christoph
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 07/05/2008 Português
Relevância na Pesquisa
57.31554%
Current network security systems are a collection of various security components, which are directly installed in the operating system. These check the whole node for suspicious behaviour. Armouring intrusions e.g. have the ability to hide themselves from being checked. We present in this paper an alternative organisation of security systems. The node is completely virtualized with current virtualization systems so that the operating system with applications and the security system is distinguished. The security system then checks the node from outside and the right security components are provided through a service oriented architecture. Due to the running in a virtual machine, the infected nodes can be halted, duplicated, and moved to other nodes for further analysis and legal aspects. This organisation is in this article analysed and a preliminary implementation showing promising results are discussed.; Comment: 4 pages

Some Aspects of Quantum Cryptography and Network Security

Sen, Jaydip; Chowdhury, Piyali Roy; Sengupta, Indranil
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Português
Relevância na Pesquisa
57.241206%
Quantum mechanics is the current best description of the world as we know it. Experiments have shown that quantum predictions are accurate up ten places of decimal. In quantum cryptography much work has been devoted to the study of Quantum Key Distribution (QKD). The purpose of QKD is to securely distribute secret keys between the users in a network. As a result, several quantum cryptographic protocols have been implemented and tested after the advent of quantum computing. In this paper, we have given a brief overview of QKD, and some practical networks that integrate QKD in the current Internet security architecture. We have also discussed some aspects of quantum network security with particular attention to Byzantine Agreement Protocol.; Comment: This was withdrawn because the key distribution figures Figure 1 and 3 in the paper are technically incorrect

Course Material Selection Rubric for Creating Network Security Courses

Marriotti, Matthew
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 04/06/2009 Português
Relevância na Pesquisa
57.376426%
Teaching network security can be a difficult task for university teachers, especially for teachers at smaller universities where the course loads are more diverse. Creating a new course in network security requires investigation into multiple subject areas within the field and from multiple sources. This task can be daunting and overwhelming for teachers from smaller universities because of their requirement to teach multiple subjects, not just network security. Along with the requirement of teachers to understand the material that they wish to teach, the factors of obsolescence and the ability to build material off of core topics need to be addressed. These three factors are difficult for a smaller university teacher to address without a set of standards to analyze these areas. A rubric addressing these topic areas of timelessness, associability, and simplicity has been created to assist in the selection of materials based on the three criteria. The use of this rubric provides an effective means to choose material for a new course and help teachers to present the material they determine most appropriate to teach.

Effective Measurement Requirements for Network Security Management

Ahmad, Rabiah; Sahib, Shahrin; Nor'Azuwa, Muhamad Pahri
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 20/05/2014 Português
Relevância na Pesquisa
57.672026%
Technical security metrics provide measurements in ensuring the effectiveness of technical security controls or technology devices/objects that are used in protecting the information systems. However, lack of understanding and method to develop the technical security metrics may lead to unachievable security control objectives and incompetence of the implementation. This paper proposes a model of technical security metric to measure the effectiveness of network security management. The measurement is based on the effectiveness of security performance for (1) network security controls such as firewall, Intrusion Detection Prevention System (IDPS), switch, wireless access point, wireless controllers and network architecture; and (2) network services such as Hypertext Transfer Protocol Secure (HTTPS) and virtual private network (VPN). We use the Goal-Question-Metric (GQM) paradigm [1] which links the measurement goals to measurement questions and produce the metrics that can easily be interpreted in compliance with the requirements. The outcome of this research method is the introduction of network security management metric as an attribute to the Technical Security Metric (TSM) model. Apparently, the proposed TSM model may provide guidance for organizations in complying with effective measurement requirements of ISO/IEC 27001 Information Security Management System (ISMS) standard. The proposed model will provide a comprehensive measurement and guidance to support the use of ISO/IEC 27004 ISMS Measurement template.; Comment: 8 pages

Graph Theory Applications in Network Security

Webb, Jonathan; Docemmilli, Fernando; Bonin, Mikhail
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 15/11/2015 Português
Relevância na Pesquisa
57.241206%
Graph theory has become a very critical component in many applications in the computing field including networking and security. Unfortunately, it is also amongst the most complex topics to understand and apply. In this paper, we review some of the key applications of graph theory in network security. We first cover some algorithmic aspects, then present network coding and its relation to routing.

A Tutorial on Network Security: Attacks and Controls

Meghanathan, Natarajan
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 07/12/2014 Português
Relevância na Pesquisa
57.460625%
With the phenomenal growth in the Internet, network security has become an integral part of computer and information security. In order to come up with measures that make networks more secure, it is important to learn about the vulnerabilities that could exist in a computer network and then have an understanding of the typical attacks that have been carried out in such networks. The first half of this paper will expose the readers to the classical network attacks that have exploited the typical vulnerabilities of computer networks in the past and solutions that have been adopted since then to prevent or reduce the chances of some of these attacks. The second half of the paper will expose the readers to the different network security controls including the network architecture, protocols, standards and software/ hardware tools that have been adopted in modern day computer networks.; Comment: 21 pages, 19 figures

NetSecCC: A Scalable and Fault-tolerant Architecture without Outsourcing Cloud Network Security

He, Jin; Dong, Mianxiong; Ota, Kaoru; Fan, Minyu; Wang, Guangwei
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 04/05/2014 Português
Relevância na Pesquisa
57.606987%
Modern cloud computing platforms based on virtual machine monitors carry a variety of complex business that present many network security vulnerabilities. At present, the traditional architecture employs a number of security devices at front-end of cloud computing to protect its network security. Under the new environment, however, this approach can not meet the needs of cloud security. New cloud security vendors and academia also made great efforts to solve network security of cloud computing, unfortunately, they also cannot provide a perfect and effective method to solve this problem. We introduce a novel network security architecture for cloud computing (NetSecCC) that addresses this problem. NetSecCC not only provides an effective solution for network security issues of cloud computing, but also greatly improves in scalability, fault-tolerant, resource utilization, etc. We have implemented a proof-of-concept prototype about NetSecCC and proved by experiments that NetSecCC is an effective architecture with minimal performance overhead that can be applied to the extensive practical promotion in cloud computing.; Comment: 10pages, 10figures

Modelling and Analysis of Network Security - an Algebraic Approach

Zhang, Qian; Jiang, Ying; Wu, Peng
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 05/12/2015 Português
Relevância na Pesquisa
57.599175%
Game theory has been applied to investigate network security. But different security scenarios were often modeled via different types of games and analyzed in an ad-hoc manner. In this paper, we propose an algebraic approach for modeling and analyzing uniformly several types of network security games. This approach is based on a probabilistic extension of the value-passing Calculus of Communicating Systems (CCS) which is regarded as a Generative model for Probabilistic Value-passing CCS (PVCCSG for short). Our approach gives a uniform framework, called PVCCSG based security model, for the security scenarios modeled via perfect and complete or incomplete information games. We present then a uniform algorithm for computing the Nash equilibria strategies of a network security game on its PVCCSG based security model. The algorithm first generates a transition system for each of the PVCCSG based security models, then simplifies this transition system through graph-theoretic abstraction and bisimulation minimization. Then, a backward induction method, which is only applicable to finite tree models, can be used to compute all the Nash equilibria strategies of the (possibly infinite) security games. This algorithm is implemented and can also be tuned smoothly for computing its social optimal strategies. The effectiveness and efficiency of this approach are further demonstrated with four detailed case studies from the field of network security.

Penetration Testing: A Roadmap to Network Security

Naik, Nitin A.; Kurundkar, Gajanan D.; Khamitkar, Santosh D.; Kalyankar, Namdeo V.
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Português
Relevância na Pesquisa
57.39758%
Network penetration testing identifies the exploits and vulnerabilities those exist within computer network infrastructure and help to confirm the security measures. The objective of this paper is to explain methodology and methods behind penetration testing and illustrate remedies over it, which will provide substantial value for network security Penetration testing should model real world attacks as closely as possible. An authorized and scheduled penetration testing will probably detected by IDS (Intrusion Detection System). Network penetration testing is done by either or manual automated tools. Penetration test can gather evidence of vulnerability in the network. Successful testing provides indisputable evidence of the problem as well as starting point for prioritizing remediation. Penetration testing focuses on high severity vulnerabilities and there are no false positive.

Firewall strategies using network processors

Mariani, Matthew
Fonte: Rochester Instituto de Tecnologia Publicador: Rochester Instituto de Tecnologia
Tipo: Tese de Doutorado
Português
Relevância na Pesquisa
57.62138%
The emergence of network processors provides a broad range of new applications, particularly in the field of network security. Firewalls have become one of the basic building blocks of implementing a network's security policy; however, the security of a firewall can potentially lead to a bottleneck in the network. Therefore, improving the performance of the firewall means also improving the performance of the protected network. With the ability to direcdy monitor and modify packet information at wire speeds, the network processor provides a new avenue for the pursuit of faster, more efficient firewall products. This paper describes the implementation of two simulated network processor based firewalls. The first architecture, a basic packet filtering firewall, utilizes tree-based structures for manipulating IP and transport level firewall rules while also utilizing parallelism available in the network processor during firewall rule look-ups. In the second architecture, a parallel firewall is created using a network processor based, load-balancing switch along with two network processor based firewall machines, both utilizing the basic packet filter operations of the first architecture. When added to existing routing software, these implementations demonstrate the feasibility of creating dynamic packet-filtering routers using network processor technology.

Identifying a weak link in the network chain: Determining how prepared Dominican IT administrators are to confront today’s security issues

Henríquez Badía, Héctor
Fonte: Rochester Instituto de Tecnologia Publicador: Rochester Instituto de Tecnologia
Tipo: Tese de Doutorado
Português
Relevância na Pesquisa
57.588184%
Enterprises in Dominican Republic are growing in size; this means that sooner or later these enterprises will have the necessity to create an IT department to manage their systems and networks. This research studied how secure an enterprise can be with Network administrators from the mentioned country. This study used mixed methods to get more deep results about the mentioned problem. This research discovered that Dominican IT administrators are well versed in network security theory, but when it comes to apply this knowledge at work, according to the qualitative part of this research they are slothful, and take things lightly; they usually believe that the network of the company they work for can't be the target of an attack resulting in a high threat. In the end, the last conclusion that this research gives, is that for IT Administrators in Dominican Republic it depends more on the network security policies that the enterprise impose than the skills of the IT administrators.

Network security: Risk assessment of information systems

Lurain, Sher
Fonte: Rochester Instituto de Tecnologia Publicador: Rochester Instituto de Tecnologia
Tipo: Tese de Doutorado
Português
Relevância na Pesquisa
57.348213%
This paper investigates fundamental security issues and the growing impact of security breaches on computer networks. Cost-effective security measures, such as asset-threat analysis, enable monitoring of security levels in complex systems. An evaluation of one technique, called the Livermore Risk Analysis Methodology (LRAM) is documentedC 1 ] . Untrusted communication lines, unauthorized access and unauthorized dissemination of information must be contained. The complexity and corresponding sophistication of todays' systems and the reliance of management on information generated by these systems make them attractive targets for computer related crimes. A profile of computer criminals and their crimes emphasize the importance of management involvement and social ethics as determents to crime. An overview of system security, control concepts, communication and transmission security, and a discussion of threats, vulnerabilities, and countermeasures is provided. The growing need for risk management models is presented as well as an overview of LRAM. Risk assessment of a specific system case study and risk profiles are developed using LRAM.