Cooperating Security Management for Mutually Trusted Secure Networks
|
|
- Osborne Shaw
- 8 years ago
- Views:
Transcription
1 Cooperating Security Management for Mutually Trusted Secure Networks Lai-Ming Shiue Department of Applied Mathematics National Chung-Hsing University Taichung 402, Taiwan Shang-Juh Kao Department of Computer Science National Chung-Hsing University Taichung 402, Taiwan Abstract - A network system could be better protected by physically dividing it into administrative management groups according to different access rights. However, to effectively manage a network system, security information sharing is necessary. Since a system could suffer from the same security threats as another system, how to share the security information to prevent a system from the same security flaw is urgently requested. In this paper, we first propose a concept of management domain by differentiating the access rights of network hosts. We then present a global secure management platform by constructing a three-layered security architecture: agent layer, server layer, and manager layer. Through the security information collected by intrusion detection agents, vulnerability assessment agents, and service guard agents, and exchanged among domain servers, mutually trusted network domains can be cooperated to provide a better and effective management system. Keyword: firewall, intrusion detection, vulnerability assessment, security information exchange. 1. Introduction With rapid growth of the Internet, intrusive incidents are also increasing. These incidents may damage the Internet access, or even disable the network services. A network without sufficient protection scheme usually becomes a target for Internet hackers and malicious intruders. How to provide an adequate Internet security is thus strongly requested. From an end user s perspective, Internet security is usually emphasized on host-based security [1,2,3]. While from a network administrator s perspective, domain-based security [1,2,3] is expected, which is supposed to build a defense wall around the physical network. Host-based security is easily achieved by personal security tools, but domain-based security requires integrating advanced security technologies into the management system. In this paper, we first propose a concept of management domain by differentiating the access rights of network hosts. We then present a global secure management platform by constructing a three-layered security architecture: agent layer, server layer, and manager layer. Every management domain crosses both the server layer and agent layer, and all cooperated domains are independent and mutual trusted. Physically, a domain can be divided into Common Users Group, Public Servers Group, Proprietary Servers Group, and Management Group according to the associated access rights. For each group, local monitor agents are deployed at agent layer. In particular, local monitor agents of intrusion detection, vulnerability assessment, and service guard, are collaborated to provide a defense for all network services. After collecting security information from agent layer, the domain servers
2 produce new defense rules and configure the firewall system at the server layer. By exchanging security information between different servers, the area manager at the manager layer can correlate the alarms, recognize the attacks, and produce new global security policies to avoid the potentially future intrusions. Based on information exchanges, every domain can quickly get the new defense rules to prevent from the same attack as another domain. As a result, each monitor agent becomes more powerful in protecting network services and network security is enhanced consequently. 2. Criteria for Security Evaluation How to protect a network system against intrusions and attacks is an imperative task for a network administrator. In general, there are four criteria to be taken into consideration for the protection: security levels, attack modes, defense methods, and cost performance. Security level may be high, medium, or low. With high security level, network connections are strictly restricted and only some public access services, such as HTTP, SSH, and FTP, are allowed, which are usually uni-directional. With low security level, the network administrator doesn t assume the responsibility to protect the network, and thus host-based security is regarded more appropriate than domain-based security. In general, high security level is adopted in private or enterprise network environment [4,5], while low security level is suitable for public networks. In the between high level and low level, the medium security level requires the network administrator more efforts to dynamically adjust the defense policy according to complete security requirements. It is also called the dynamic security [6]. In this paper, we primary focus on the dynamic security to construct a secure network environment. For motivations like benefits, swank, and malice, hackers may lock some specific sites or unsafe targets and direct an attack. Most attacks are based on messages flooding, services disabling, or unsafe programs embedding, which are due to system bugs or protocol flaws [7,8]. Generally, there are three modes for attacks: attack after probing, attack with brute force, and attack with back-doors. An attack could be mixed and has the regional characteristic. A regional attack means that it could happen in the neighboring networks. To defend such a regional attack, exchanging security information among neighboring networks is required. Several defense methods are applied to secure a network system, and some are under development. Famous ones include firewall system [9,10], intrusion detection system [11,12], vulnerability assessment system [13,14], and service guard system. A firewall system provides a single point of defense between the external world and the internal network system. There are three kinds of firewall: packet filtering firewalls, application layer firewalls, and gateway firewalls and they are often constructed using multiple protection mechanisms according to the management scope and requirement of the protected system. An intrusion detection system can monitor anomalous actions, detect network intrusions, and produce relative protection strategies. It can be either host-based or network-based. Both misuse detection and anomaly detection are commonly used in analysis. A vulnerability assessment system is used to discover the system vulnerability before an attack takes place. The service
3 guard system ensures the proper accessibility of Internet services at the application layer [15,16], such , ftp, and news. Regarding with the development of security defense methods, higher performance usually pays for higher price. Therefore, how to balance the cost performance in building a secure network has to be taken into account also. As a summary, security levels, attack modes, defense methods, and cost performance have to be determined before a security system is developed. Several defense methods, such as firewall system, intrusion detection system, vulnerability assessment system, and service guard system, are employed in this paper. By integrating these methods, we construct a secure network environment with dynamic security. Through the exchange of security information, the development cost of building a secure environment will be effectively reduced. 3. Secure Management Platform In this paper, we propose a domain-based secure management platform to enhance the security management. In this platform, a federate network environment, called secure area, is formed. A secure area, as shown in Figure 1, consists of several domains and one secure area manager (SAM). Hierarchically, a secure area can be divided into three layers. On the top layer, the SAM plays the role of coordinator. Each domain, which crosses both server layer and agent layer, has independent management system. After collecting and analyzing security information, and producing its own defense policies, each secure domain gains its local security. When facing with various attacks especially in the same attack in different regions, local security is not enough. Relied upon exchange of security information between each domain, a powerful defense shield can be built against intrusions. In our three-layered architecture, security management exchange area (SMEA) crosses both manager layer and server layer. Below the level of SMEA, secure domains are independent and mutually trusted, and security information is shared among each others. Figure 1 The Architecture of Secure Area. 3.1 Trusted Secure Domain For domain-based management, we are mostly concerned about the accessibility of network services. That is, upon the access rights form internal users and external users, we may classify a domain according various services. Figure 2 is the classification with respect to the access rights of external and internal users. Public services can be accessed by both of users, while proprietary services can only be accessed internally. Management services are the services that are available to managers only.
4 Figure 2 Access Rights of External and Internal Users. Figure 3 Physical perspective of Trusted Secure Domain. Accordingly, we can divide each secure domain into four functional clusters: Common Users Group, Public Servers Group, Proprietary Servers Group, and Management Group, as illustrated in Figure 3. As in the figure, between external world and four clusters, a firewall system is placed to differentiate and to protect domain services. The firewall system is composed of front-end firewall and route-based firewall. The front-end firewall, which could be either a packet filter firewall or an application layer firewall, determines the connectivity from the external request according to the defense policies. The route-based firewall, which is a gateway firewall, translates communication protocols and forwards messages to destined cluster accordingly. In normal, the front-end firewall is adopted by packet filter firewall appropriately. Usually, a stateful or stateless packet filter firewall is adopted as the front-end firewall. Common users group contains general purpose hosts which are most unrestricted. It should be protected from those well-known attacks and be monitored by the security management system. All public services are put located in the group of public servers for all users and proprietary servers group provides for internal users only. Management group exists dedicated for management information processing. 3.2 Three-layered Architecture Our security management architecture is hierarchically divided into manager layer, server layer, and agent layer. There are two perspectives to observe this three-layered architecture. From the physical perspective, each secure domain is independent and deployed across server layer and agent layer, as illustrated in Figure 4a. Any managed component of four clusters is monitored and controlled in the agent layer and its correlative information is collected in server layer. From the functional perspective, there are several management functions according to various servers, as shown in Figure 4b. There exist developing security techniques to enhance the network security, such as intrusion detection (ID), vulnerability assessment (VA), and service guard (SG). The attacks or intrusions, which usually come from external network, can be detected by ID system; the system bugs and protocol flaws in the internal network will be discovered via VA system; and SG system will examine and filter the packet of application services directly. We take three security tech-
5 niques into our system to enhance our defense capability. Figure 4a The three-layered architecture from the physical perspective. Figure 4b The three-layered architecture from the functional perspective. At the agent layer, local agents are deployed at corresponding managed nodes and responsible for monitoring, examining, and filtering. All output, sent by local agents, are collected by related functional servers at the sever layer for analysis and further security information generation. At this layer, there exists another important server, the domain server. Domain server integrates all kinds of security information, analyzes possible attacks, and produces new defense policies. Each mutually trusted domain provides latest security information to the secure area manger. The secure area manger resided at the top layer analyzes the collection from all domains, produces new security knowledge, and shares security information to avoid suffering from the same attack. Based on sharing of security information in SMEA, we are able to build a defense shield and gain a more powerful defense capability. 4. Security Information Exchanges In order to avoid the same security threats as incurred in neighboring networks and improve the protective capability of defense methods, security information exchange is necessary. There are two types of security information to exchange: public information and private information. Public information refers to the analysis rules of security knowledge in the security software, such as intrusion detection system, vulnerability assessment system, and service guard system. When analysis rules of security software is public, it can avoid weakness of software design and develop more secure security systems consequently. Exchanges of public information are helpful to build the local security strategy. Private information is shared only among trusted secure domains. It includes security information collection from DSs to SAM and defense suggestions from SAM to DSs. The security information collection covers both already-known attacks which happened in the past and anomalies which are realized by security software. In each domain, the DS can gain the local security by security software and send the security information to SAM. After analyzing the security information collection and defining the degree of urgency, the defense suggestions will be sent to all DSs by SAM. The defense suggestions will prevent the same attacks as occurred in neighboring domains. At the same time,
6 analyzing the anomalies from all domains can produce new defense policies against unknown attacks. Under the cooperation of DSs and SAM, SMEA will process a reliable defense shield and form a global, cooperated security system. The exchanges of security information also occur between local agent and functional servers, and between functional servers and domain server. The differences are that exchanges of between DSs and SAM are under strict authentication and authorization requested and others are not. Figure 5 Secure Area Manager. SAM is located at the top layer and consists of area manager control unit, public information center, registration center, private information center, upload center, authentication center, security analysis engine, knowledge management center, and system management center, as shown in Figure 5. The area manager control unit plays the cooperating role with other components. The public information center and registration center provide interface between external world and trusted secure domains with security rule sets and registration respectively. The private information center and upload center provide trusted secure domains with uploading and downloading private information. All connections between SAM and DS are authenticated and authorized by authentication center. After collecting security information sent by DSs, the security analysis engine analyzes it, and then produces new defense polices and new analysis rules. All new defense polices and analysis rules will be stored in the knowledge management center. The system management center also records all members information within SMEA. With the exchanges of security information, SMEA will be more secure. 5. Summary In a security management area, each trusted secure domain has its own independent security management system based on dynamic security strategy. This dynamic security is accomplished by cooperating firewall, intrusion detection, vulnerability assessment, and service guard system. The security information generated by any available security software will be helpful to build a local secu-
7 rity system in each domain. Through the exchanges of security information among trusted secure domains, we are able to prevent the same attacks as occurred in neighboring domains. Furthermore, local security facilities in each domain can freely download new security information to enhance its defense capability consequently. In this paper, we propose a three-layered security management architecture for mutually trusted networks. Through the sharing of security information and integration of available defense methods, we are able to construct an efficient and flexible secure network environment. 6. References [1] William Cheswick, Steven Bellovin, and Aviel Rubin, Firewalls and Internet Security 2 nd Edition, Addison Wesley, [2] Simson Garfinkel and Gene Spafford, Practical Unix & Internet Security, 3 rd Edition, O Reilly, [3] Matt Curtin, Introduction to Network Security, Kent Information Services, Inc., [4] Simon Liu, John Sullivan, and Jerry Ormaner, A practical approach to enterprise IT security, IT Professional, Volume: 3, Issue: 5, [5] Rongsheng Shan, Shenghong Li, Mingzheng Wang, and Jianhua Li, Network security policy for large-scale VPN, ICCT 2003, [6] Lai-Ming Shiue, I-Ping Hsieh, and Shang-Juh Kao, Security and Traffic Management for a Department Local Area Network 32 nd ICC&IE, [7] Kevin Killourhy, Roy Maxion, and Kymie Tan, A defense-centric taxonomy based on attack manifestations, DSN 04, [8] Anirban Chakrabart and Manimaran Govindarasu, Internet infrastructure security: a taxonomy, Network, IEEE, Volume: 16, Issue: 6, [9] Robert Zalenski, Firewall Technologies, IEEE Potentials, Volume 21 Issue 1, [10] Brent Chapman and Elizabeth Zwicky, Building Internet Firewall 2 nd Edition, O Reilly, [11] Rebecca Gurley Bace, Intrusion detection / Rebecca Gurley Bace, Macmillan Technical Publishing, [12] Robert Graham, FAQ: Network Intrusion Detection Systems, version 0.8.3, [13] Cabin Ying; Alan Tsa, and Henry Yu, Vulnerability assessment system (VAS), 37 th ANNUAL CONFERENCE, [14] Ghulam Mallah and Zubair Shaikh, Vulnerability assessment through mobile agents, E-Tech 2004, [15] Carnegie Mellon University, TCP Wrapper, ftp://ftp.porcupine.org/pub/security/. [16] Central Command Inc., Vexira Antivirus for Mail Servers,
Implementation of a Department Local Area Network Management System
Implementation of a Department Local Area Network Management System I-Ping Hsieh Lai-Ming Shiue Shang-Juh Kao Department of Computer Science Department of Applied Mathematics Department of Computer Science
More informationCIT 480: Securing Computer Systems. Firewalls
CIT 480: Securing Computer Systems Firewalls Topics 1. What is a firewall? 2. Types of Firewalls 1. Packet filters (stateless) 2. Stateful firewalls 3. Proxy servers 4. Application layer firewalls 3. Configuring
More informationCIT 480: Securing Computer Systems. Firewalls
CIT 480: Securing Computer Systems Firewalls Topics 1. What is a firewall? 2. Types of Firewalls 1. Packet filters (stateless) 2. Stateful firewalls 3. Proxy servers 4. Application layer firewalls 3. Configuring
More informationFirewalls. Basic Firewall Concept. Why firewalls? Firewall goals. Two Separable Topics. Firewall Design & Architecture Issues
CS 155 May 20, 2004 Firewalls Basic Firewall Concept Separate local area net from internet Firewall John Mitchell Credit: some text, illustrations from Simon Cooper Router All packets between LAN and internet
More informationIMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT
IMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT Roopa K. Panduranga Rao MV Dept of CS and Engg., Dept of IS and Engg., J.N.N College of Engineering, J.N.N College of Engineering,
More informationInternet Firewalls Policy Development and Technology Choices
Internet Firewalls Policy Development and Technology Choices Leonard J. D Alotto GTE Laboratories, Incorporated Abstract Since the development of the World Wide Web (WWW), more and more organizations are
More informationWhat is Firewall? A system designed to prevent unauthorized access to or from a private network.
What is Firewall? A system designed to prevent unauthorized access to or from a private network. What is Firewall? (cont d) Firewall is a set of related programs, located at a network gateway server. Firewalls
More informationIP Link Best Practices for Network Integration and Security. Introduction...2. Passwords...4 ACL...5 VLAN...6. Protocols...6. Conclusion...
IP Link Best Practices for Network Integration and Security Table of Contents Introduction...2 Passwords...4 ACL...5 VLAN...6 Protocols...6 Conclusion...9 Abstract Extron IP Link technology enables A/V
More informationPROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES
PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute
More informationIndustrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1
Industrial Network Security for SCADA, Automation, Process Control and PLC Systems Contents 1 An Introduction to Industrial Network Security 1 1.1 Course overview 1 1.2 The evolution of networking 1 1.3
More informationComputer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1
Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls CS426 Fall 2010/Lecture 36 1 Announcements There will be a quiz on Wed There will be a guest lecture on Friday, by Prof. Chris Clifton
More informationNetwork Security Controls. CSC 482: Computer Security
Network Security Controls Topics 1. Firewalls 2. Virtual Private Networks 3. Intrusion Detection and Prevention 4. Honeypots What is a Firewall? A software or hardware component that restricts network
More informationPayment Card Industry (PCI) Executive Report. Pukka Software
Payment Card Industry (PCI) Executive Report For Pukka Software Primary Contact: Brian Ghidinelli none Los Gatos, California United States of America 415.462.5603 Payment Card Industry (PCI) Executive
More informationNETWORK SECURITY (W/LAB) Course Syllabus
6111 E. Skelly Drive P. O. Box 477200 Tulsa, OK 74147-7200 NETWORK SECURITY (W/LAB) Course Syllabus Course Number: NTWK-0008 OHLAP Credit: Yes OCAS Code: 8131 Course Length: 130 Hours Career Cluster: Information
More informationFirewall Design Principles
Firewall Design Principles Software Engineering 4C03 Dr. Krishnan Stephen Woodall, April 6 th, 2004 Firewall Design Principles Stephen Woodall Introduction A network security domain is a contiguous region
More informationFIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design Learning Objectives Identify common misconceptions about firewalls Explain why a firewall
More informationArchitecture Overview
Architecture Overview Design Fundamentals The networks discussed in this paper have some common design fundamentals, including segmentation into modules, which enables network traffic to be isolated and
More informationWhat is a Firewall? Computer Security. Firewalls. What is a Firewall? What is a Firewall?
What is a Firewall? Computer Security Firewalls fire wall 1 : a wall constructed to prevent the spread of fire 2 usually firewall : a computer or computer software that prevents unauthorized access to
More informationA SURVEY ON GENETIC ALGORITHM FOR INTRUSION DETECTION SYSTEM
A SURVEY ON GENETIC ALGORITHM FOR INTRUSION DETECTION SYSTEM MS. DIMPI K PATEL Department of Computer Science and Engineering, Hasmukh Goswami college of Engineering, Ahmedabad, Gujarat ABSTRACT The Internet
More informationA Prevention & Notification System By Using Firewall. Log Data. Pilan Lin
A Prevention & Notification System By Using Firewall Log Data By Pilan Lin 1 Table Of Content ABSTRACT... 3 1 INTRODUCTION... 4 2. Firewall Log data... 6 2.1 How to collect log data... 6 3. Prevention
More informationReference Architecture: Enterprise Security For The Cloud
Reference Architecture: Enterprise Security For The Cloud A Rackspace Whitepaper Reference Architecture: Enterprise Security for the Cloud Cover Table of Contents 1. Introduction 2 2. Network and application
More informationIntrusion Detection: Game Theory, Stochastic Processes and Data Mining
Intrusion Detection: Game Theory, Stochastic Processes and Data Mining Joseph Spring 7COM1028 Secure Systems Programming 1 Discussion Points Introduction Firewalls Intrusion Detection Schemes Models Stochastic
More informationModule 8. Network Security. Version 2 CSE IIT, Kharagpur
Module 8 Network Security Lesson 3 Firewalls Specific Instructional Objectives On completion of this lesson, the students will be able to answer: What a firewall is? What are the design goals of Firewalls
More informationSafeguard Intranet Using Embedded and Distributed Firewall System
Safeguard Intranet Using Embedded and Distributed Firewall System Chu-Hsing Lin, Jung-Chun Liu, Chien-Ting Kuo, Mei-Chun Chou, and Tsung-Che Yang Department of Computer Science and Information Engineering,
More informationComparison of Firewall, Intrusion Prevention and Antivirus Technologies
White Paper Comparison of Firewall, Intrusion Prevention and Antivirus Technologies How each protects the network Juan Pablo Pereira Technical Marketing Manager Juniper Networks, Inc. 1194 North Mathilda
More informationNetwork- vs. Host-based Intrusion Detection
Network- vs. Host-based Intrusion Detection A Guide to Intrusion Detection Technology 6600 Peachtree-Dunwoody Road 300 Embassy Row Atlanta, GA 30348 Tel: 678.443.6000 Toll-free: 800.776.2362 Fax: 678.443.6477
More informationA Review of Anomaly Detection Techniques in Network Intrusion Detection System
A Review of Anomaly Detection Techniques in Network Intrusion Detection System Dr.D.V.S.S.Subrahmanyam Professor, Dept. of CSE, Sreyas Institute of Engineering & Technology, Hyderabad, India ABSTRACT:In
More informationCryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 40 Firewalls and Intrusion
More informationManaging the Co-existing Network of IPv6 and IPv4 under Various Transition Mechanisms
Managing the Co-existing Network of IPv6 and IPv4 under Various Transition Mechanisms I-Ping Hsieh Shang-Juh Kao Department of Computer Science National Chung-Hsing University 250 Kuo-Kuang Rd., Taichung,
More informationSymantec Enterprise Firewalls. From the Internet Thomas Jerry Scott
Symantec Enterprise Firewalls From the Internet Thomas Symantec Firewalls Symantec offers a whole line of firewalls The Symantec Enterprise Firewall, which emerged from the older RAPTOR product We are
More informationSecond-generation (GenII) honeypots
Second-generation (GenII) honeypots Bojan Zdrnja CompSci 725, University of Auckland, Oct 2004. b.zdrnja@auckland.ac.nz Abstract Honeypots are security resources which trap malicious activities, so they
More informationCS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013
CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access
More informationPayment Card Industry (PCI) Executive Report 10/27/2015
Payment Card Industry (PCI) Executive Report 10/27/2015 ASV Scan Report Attestation of Scan Compliance Scan Customer Information Approved Scanning Vendor Information Company: Rural Computer Consultants
More informationPayment Card Industry (PCI) Executive Report 08/04/2014
Payment Card Industry (PCI) Executive Report 08/04/2014 ASV Scan Report Attestation of Scan Compliance Scan Customer Information Approved Scanning Vendor Information Company: A.B. Yazamut Company: Qualys
More informationHow To Understand A Firewall
Module II. Internet Security Chapter 6 Firewall Web Security: Theory & Applications School of Software, Sun Yat-sen University Outline 6.1 Introduction to Firewall What Is a Firewall Types of Firewall
More informationIntrusion Detection for Mobile Ad Hoc Networks
Intrusion Detection for Mobile Ad Hoc Networks Tom Chen SMU, Dept of Electrical Engineering tchen@engr.smu.edu http://www.engr.smu.edu/~tchen TC/Rockwell/5-20-04 SMU Engineering p. 1 Outline Security problems
More informationMcAfee Next Generation Firewall (NGFW) Administration Course
McAfee Product Education McAfee Next Generation Firewall (NGFW) Administration Course The McAfee NGFW Administration course from Education Services provides attendees with hands-on training on the design,
More informationHow Cisco IT Protects Against Distributed Denial of Service Attacks
How Cisco IT Protects Against Distributed Denial of Service Attacks Cisco Guard provides added layer of protection for server properties with high business value. Cisco IT Case Study / < Security and VPN
More informationNetwork and Host-based Vulnerability Assessment
Network and Host-based Vulnerability Assessment A guide for information systems and network security professionals 6600 Peachtree-Dunwoody Road 300 Embassy Row Atlanta, GA 30348 Tel: 678.443.6000 Toll-free:
More informationCountermeasure for Detection of Honeypot Deployment
Proceedings of the International Conference on Computer and Communication Engineering 2008 May 13-15, 2008 Kuala Lumpur, Malaysia Countermeasure for Detection of Honeypot Deployment Lai-Ming Shiue 1, Shang-Juh
More informationSE 4C03 Winter 2005 An Introduction of Firewall Architectures and Functions. Kevin Law 26 th March, 2005-03-29
SE 4C03 Winter 2005 An Introduction of Firewall Architectures and Functions Kevin Law 26 th March, 2005-03-29 1). Introduction A person who has used the Internet before would hear about the term firewall.
More informationBuilding A Secure Microsoft Exchange Continuity Appliance
Building A Secure Microsoft Exchange Continuity Appliance Teneros, Inc. 215 Castro Street, 3rd Floor Mountain View, California 94041-1203 USA p 650.641.7400 f 650.641.7401 ON AVAILABLE ACCESSIBLE Building
More information74% 96 Action Items. Compliance
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on July 02, 2013 11:12 AM 1 74% Compliance 96 Action Items Upcoming 0 items About PCI DSS 2.0 PCI-DSS is a legal obligation mandated
More informationRole of Anomaly IDS in Network
Role of Anomaly IDS in Network SumathyMurugan 1, Dr.M.Sundara Rajan 2 1 Asst. Prof, Department of Computer Science, Thiruthangal Nadar College, Chennai -51. 2 Asst. Prof, Department of Computer Science,
More informationFirewall Design Principles Firewall Characteristics Types of Firewalls
Firewall Design Principles Firewall Characteristics Types of Firewalls Special Thanks to our friends at The Blekinge Institute of Technology, Sweden for providing the basis for these slides. Fall 2008
More informationFuzzy Network Profiling for Intrusion Detection
Fuzzy Network Profiling for Intrusion Detection John E. Dickerson (jedicker@iastate.edu) and Julie A. Dickerson (julied@iastate.edu) Electrical and Computer Engineering Department Iowa State University
More informationCIT 480: Securing Computer Systems. Incident Response and Honeypots
CIT 480: Securing Computer Systems Incident Response and Honeypots Incident Response What is an Incident? Phases of Incident Response 1. Preparation 2. Identification 3. Containment 4. Damage Assessment
More informationTaxonomy of Intrusion Detection System
Taxonomy of Intrusion Detection System Monika Sharma, Sumit Sharma Abstract During the past years, security of computer networks has become main stream in most of everyone's lives. Nowadays as the use
More informationIntegration Misuse and Anomaly Detection Techniques on Distributed Sensors
Integration Misuse and Anomaly Detection Techniques on Distributed Sensors Shih-Yi Tu Chung-Huang Yang Kouichi Sakurai Graduate Institute of Information and Computer Education, National Kaohsiung Normal
More informationPAVING THE PATH TO THE ELIMINATION OF THE TRADITIONAL DMZ
PAVING THE PATH TO THE ELIMINATION A RSACCESS WHITE PAPER 1 The Traditional Role of DMZ 2 The Challenges of today s DMZ deployments 2.1 Ensuring the Security of Application and Data Located in the DMZ
More informationChapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
More informationFirewalls and Intrusion Detection
Firewalls and Intrusion Detection What is a Firewall? A computer system between the internal network and the rest of the Internet A single computer or a set of computers that cooperate to perform the firewall
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Part 1: Firewall as a Technique to create a virtual security wall separating your organization from the wild west of the public internet 2 1 Firewalls
More informationPayment Card Industry (PCI) Data Security Standard
Payment Card Industry (PCI) Data Security Standard Security Scanning Procedures Version 1.1 Release: September 2006 Table of Contents Purpose...1 Introduction...1 Scope of PCI Security Scanning...1 Scanning
More informationFirewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA
Firewalls Securing Networks Chapter 3 Part 1 of 4 CA M S Mehta, FCA 1 Firewalls Learning Objectives Task Statements 1.3 Recognise function of Telecommunications and Network security including firewalls,..
More informationNetwork Security Management with Firewalls
Network Security Management with Firewalls Stephen P. Cooper Advanced Security Projects Computer Security Technology Center Lawrence Livermore National Laboratory Email: SPCooper@LLNL.GOV Computer Security
More informationNetworking for Caribbean Development
Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n
More informationSECURITY TRENDS & VULNERABILITIES REVIEW 2015
SECURITY TRENDS & VULNERABILITIES REVIEW 2015 Contents 1. Introduction...3 2. Executive summary...4 3. Inputs...6 4. Statistics as of 2014. Comparative study of results obtained in 2013...7 4.1. Overall
More informationCoimbatore-47, India. Keywords: intrusion detection,honeypots,networksecurity,monitoring
Volume 4, Issue 8, August 2014 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Investigate the
More informationINTRUSION DETECTION SYSTEMS and Network Security
INTRUSION DETECTION SYSTEMS and Network Security Intrusion Detection System IDS A layered network security approach starts with : A well secured system which starts with: Up-to-date application and OS
More informationLayered Approach of Intrusion Detection System with Efficient Alert Aggregation for Heterogeneous Networks
Layered Approach of Intrusion Detection System with Efficient Alert Aggregation for Heterogeneous Networks Lohith Raj S N, Shanthi M B, Jitendranath Mungara Abstract Protecting data from the intruders
More informationRadware s Behavioral Server Cracking Protection
Radware s Behavioral Server Cracking Protection A DefensePro Whitepaper By Renaud Bidou Senior Security Specialist,Radware October 2007 www.radware.com Page - 2 - Table of Contents Abstract...3 Information
More informationTHE OPEN UNIVERSITY OF TANZANIA
THE OPEN UNIVERSITY OF TANZANIA Institute of Educational and Management Technologies COURSE OUTLINES FOR DIPLOMA IN COMPUTER SCIENCE 2 nd YEAR (NTA LEVEL 6) SEMESTER I 06101: Advanced Website Design Gather
More informationFirewall Introduction Several Types of Firewall. Cisco PIX Firewall
Firewall Introduction Several Types of Firewall. Cisco PIX Firewall What is a Firewall? Non-computer industries: a wall that controls the spreading of a fire. Networks: a designed device that controls
More informationIntrusion Detection. Tianen Liu. May 22, 2003. paper will look at different kinds of intrusion detection systems, different ways of
Intrusion Detection Tianen Liu May 22, 2003 I. Abstract Computers are vulnerable to many threats. Hackers and unauthorized users can compromise systems. Viruses, worms, and other kinds of harmful code
More informationA host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.
A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based
More informationConfiguring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA
Configuring Personal Firewalls and Understanding IDS Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA 1 Configuring Personal Firewalls and IDS Learning Objectives Task Statements 1.4 Analyze baseline
More informationBlack Box Penetration Testing For GPEN.KM V1.0 Month dd "#$!%&'(#)*)&'+!,!-./0!.-12!1.03!0045!.567!5895!.467!:;83!-/;0!383;!
Sample Penetration Testing Report Black Box Penetration Testing For GPEN.KM V1.0 Month dd "#$%&'#)*)&'+,-./0.-121.030045.5675895.467:;83-/;0383; th, yyyy A&0#0+4*M:+:#&*#0%+C:,#0+4N:
More informationCSCI 4250/6250 Fall 2015 Computer and Networks Security
CSCI 4250/6250 Fall 2015 Computer and Networks Security Network Security Goodrich, Chapter 5-6 Tunnels } The contents of TCP packets are not normally encrypted, so if someone is eavesdropping on a TCP
More informationModule II. Internet Security. Chapter 7. Intrusion Detection. Web Security: Theory & Applications. School of Software, Sun Yat-sen University
Module II. Internet Security Chapter 7 Intrusion Detection Web Security: Theory & Applications School of Software, Sun Yat-sen University Outline 7.1 Threats to Computer System 7.2 Process of Intrusions
More informationChapter 11 Cloud Application Development
Chapter 11 Cloud Application Development Contents Motivation. Connecting clients to instances through firewalls. Chapter 10 2 Motivation Some of the questions of interest to application developers: How
More informationCS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module
CS 665: Computer System Security Network Security Bojan Cukic Lane Department of Computer Science and Electrical Engineering West Virginia University 1 Usage environment Anonymity Automation, minimal human
More informationIDS : Intrusion Detection System the Survey of Information Security
IDS : Intrusion Detection System the Survey of Information Security Sheetal Thakare 1, Pankaj Ingle 2, Dr. B.B. Meshram 3 1,2 Computer Technology Department, VJTI, Matunga,Mumbai 3 Head Of Computer TechnologyDepartment,
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationNetwork Access Security. Lesson 10
Network Access Security Lesson 10 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Firewalls Given a scenario, install and configure routers and switches.
More informationIntrusion Detection System in Campus Network: SNORT the most powerful Open Source Network Security Tool
Intrusion Detection System in Campus Network: SNORT the most powerful Open Source Network Security Tool Mukta Garg Assistant Professor, Advanced Educational Institutions, Palwal Abstract Today s society
More informationNetwork Security Monitoring: Looking Beyond the Network
1 Network Security Monitoring: Looking Beyond the Network Ian R. J. Burke: GCIH, GCFA, EC/SA, CEH, LPT iburke@headwallsecurity.com iburke@middlebury.edu February 8, 2011 2 Abstract Network security monitoring
More informationMANAGED SECURITY SERVICES
MANAGED SECURITY SERVICES Security first Safety first! Security is becoming increasingly important for companies, especially for the extension of networking to mission-critical environments, with new intranet
More informationWindows Remote Access
Windows Remote Access A newsletter for IT Professionals Education Sector Updates Issue 1 I. Background of Remote Desktop for Windows Remote Desktop Protocol (RDP) is a proprietary protocol developed by
More informationComputer Firewalls. The term firewall was originally used with forest fires, as a means to describe the
Pascal Muetschard John Nagle COEN 150, Spring 03 Prof. JoAnne Holliday Computer Firewalls Introduction The term firewall was originally used with forest fires, as a means to describe the barriers implemented
More informationCompany Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.
Company Co. Inc. LLC Multiple Minds, Singular Results LAN Domain Network Security Best Practices An integrated approach to securing Company Co. Inc. LLC s network Written and Approved By: Geoff Lacy, Tim
More informationCommercial Practices in IA Testing Panel
Commercial Practices in IA Testing Panel March 22, 2001 Albuquerque, New Mexico First Information Assurance Testing Conference Sponsored by: Director, Operational Test and Evaluation Panel Members! Dr.
More informationNetwork Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000
Network Security Protective and Dependable With the growth of the Internet threats, network security becomes the fundamental concerns of family network and enterprise network. To enhance your business
More informationFrom Network Security To Content Filtering
Computer Fraud & Security, May 2007 page 1/10 From Network Security To Content Filtering Network security has evolved dramatically in the last few years not only for what concerns the tools at our disposals
More informationIntroducing IBM s Advanced Threat Protection Platform
Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Extensible Approach to Threat Prevention Paul Kaspian Senior Product Marketing Manager IBM Security Systems 1 IBM NDA 2012 Only IBM
More informationNetwork Security Using Hybrid Port Knocking
8 Network Security Using Hybrid Port Knocking Dr. Hussein Al-Bahadili and Dr. Ali H. Hadi, Arab Academy for Financial Sciences, faculty of Information Technology, Amman Jordan Arab Academy for Financial
More informationNetwork Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting
Network Security: 30 Questions Every Manager Should Ask Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting Network Security: 30 Questions Every Manager/Executive Must Answer in Order
More informationCS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013
CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationFirewalls and Network Defence
Firewalls and Network Defence Harjinder Singh Lallie (September 12) 1 Lecture Goals Learn about traditional perimeter protection Understand the way in which firewalls are used to protect networks Understand
More informationNetwork Security Administrator
Network Security Administrator Course ID ECC600 Course Description This course looks at the network security in defensive view. The ENSA program is designed to provide fundamental skills needed to analyze
More informationINTRODUCTION TO FIREWALL SECURITY
INTRODUCTION TO FIREWALL SECURITY SESSION 1 Agenda Introduction to Firewalls Types of Firewalls Modes and Deployments Key Features in a Firewall Emerging Trends 2 Printed in USA. What Is a Firewall DMZ
More informationWhite paper. TrusGuard DPX: Complete Protection against Evolving DDoS Threats. AhnLab, Inc.
TrusGuard DPX: Complete Protection against Evolving DDoS Threats AhnLab, Inc. Table of Contents Introduction... 2 The Evolution of DDoS Attacks... 2 Typical Protection against DDoS Attacks... 3 Firewalls...
More informationNetDefend Firewall UTM Services
NetDefend Firewall UTM Services Unified Threat Management D-Link NetDefend UTM firewalls integrate an Intrusion Prevention System (IPS), gateway AntiVirus (AV), and Web Content Filtering (WCF) for superior
More informationTIME SCHEDULE. 1 Introduction to Computer Security & Cryptography 13
COURSE TITLE : INFORMATION SECURITY COURSE CODE : 5136 COURSE CATEGORY : ELECTIVE PERIODS/WEEK : 4 PERIODS/SEMESTER : 52 CREDITS : 4 TIME SCHEDULE MODULE TOPICS PERIODS 1 Introduction to Computer Security
More informationLinux Network Security
Linux Network Security Course ID SEC220 Course Description This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Host Security course. Protocols
More informationData Mining For Intrusion Detection Systems. Monique Wooten. Professor Robila
Data Mining For Intrusion Detection Systems Monique Wooten Professor Robila December 15, 2008 Wooten 2 ABSTRACT The paper discusses the use of data mining techniques applied to intrusion detection systems.
More informationSE 4C03 Winter 2005 Firewall Design Principles. By: Kirk Crane
SE 4C03 Winter 2005 Firewall Design Principles By: Kirk Crane Firewall Design Principles By: Kirk Crane 9810533 Introduction Every network has a security policy that will specify what traffic is allowed
More informationIntroduction of Intrusion Detection Systems
Introduction of Intrusion Detection Systems Why IDS? Inspects all inbound and outbound network activity and identifies a network or system attack from someone attempting to compromise a system. Detection:
More informationNetwork Security Forensics
Network Security Forensics As hacking and security threats grow in complexity and organizations face stringent requirements to document access to private data on the network, organizations require a new
More informationRule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed)
Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013 Rule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed) 01.1 Purpose
More information