Your search keyword '"*FIREWALLS (Computer security)"' showing total 4,316 results

151. Is a government filter for the internet useful?

Author

Kenny, Katie

Published

2020

152. Data System Upgrades on E/V Nautilus.

Author

Koskela, Matt, Burbank, Timothy, and Race, Julian

Subjects

LOCAL area networks, BANDWIDTH allocation, NETWORK routers, FIREWALLS (Computer security), INFRASTRUCTURE (Economics), VIRTUAL machine systems, UNDERWATER exploration

Published

2023

153. Protecting yourself.

Author

HERN, ALEX

Subjects

TECHNOLOGICAL innovations, DATA privacy, DATA protection, VIRTUAL private networks, FIREWALLS (Computer security)

Abstract

The article offers information on the use of technological development and privacy apps to opt out of sharing private information. It mentions the reason for the rise of privacy apps as the increase in settings and to protect data; and also focuses on the role of Google to track physical location on an Android phone which depends on use of first Google Maps along with the company's offering of service that uses ad blockers, firewalls and virtual private networks (VPNs).

Published

2020

154. Federal Telework During the COVID-19 Pandemic: Cybersecurity Issues in Brief.

Author

Jaikaran, Chris

Subjects

TELECOMMUTING, COVID-19 pandemic, GOVERNMENT agencies, INTERNET security, ANTI-malware (Computer software), FIREWALLS (Computer security)

Abstract

The article offers information on telework in practice at federal agencies due to COVID-19 Pandemic and potential effects of telework on communications infrastructure, data, and security. It mentions employees may access an organization's digital resources and potential effects that may have on communications infrastructure. It also mentions cybersecurity safeguards an organization may provide include anti-malware software, intrusion protection systems and firewalls.

Published

2020

155. EGIFM -- Extendable Gateway and Industrial Firewall for ModBus.

Author

TRANCA, Dumitru-Cristian, BANU, Calin Iulian, and ROSNER, Daniel

Subjects

INTERNET of things, GATEWAY computers, FIREWALLS (Computer security), CYBERTERRORISM, COUNTERTERRORISM, COMPUTER security vulnerabilities, SUPERVISORY control & data acquisition systems, INDUSTRIAL equipment, SAFETY

Abstract

In Ukraine, December 2015, took place one successful cyberattack on a power grid. Hackers were able to compromise the information systems of three energy distribution companies leaving about 230 thousand people without electricity for several hours. Industrial equipment used in factories, refineries, power plant stations and in other automation facilities have a service life of tens of years. In many working power plants and other automation devices and infrastructures designed in the 80's are still being used. Supervisory Control and Data Acquisition (SCADA) systems are based on standard industrial protocols to control and gather data from the on-field devices (sensors, stations, drives, robots, controllers, etc.). With the spreading of the Internet in industrial facilities, new technologies and possibilities have arisen, gluing together the robustness of the automation equipment with the remote control and visualization offered by the internet, enhancing SCADA systems and allowing remote monitorization and control of different infrastructures. Together with the technologies came more advanced threats aimed at the devices and SCADA systems connected to the internet. SCADA systems can become a point of vulnerability when connected to a cyber environment and current security solutions are not designed nor targeted for protecting these industrial infrastructures Modern industrial equipment is controlled using protocols designed decades ago that do not implement any security features. One of the most used protocols in industrial equipment is Modbus. Our solution, EIGFM addresses the Modbus vulnerabilities that permitted the attack by filtering and encrypting the packages with little changes on the network and equipment, especially on software level. We have tested our device showing the power consumption is lower than 3W and that it is capable of filtering Modbus packets based on a configurable ruleset. [ABSTRACT FROM AUTHOR]

Published

2018

156. Marketing Credibility: Chinese newspapers' responses to revenue losses from falling circulation and advertising decline.

Author

Wang, Haiyan and Sparks, Colin

Subjects

NEWSPAPERS, MASS media, BUSINESS revenue, ADVERTISING of newspapers, FIREWALLS (Computer security)

Abstract

New communication technologies have had a major impact on the newspaper press in China. They have lost readers and advertisers and have experienced economic difficulties. These have been more severe for the commercially-oriented newspapers than the official party papers. In response to the loss of advertising they have adopted three strategies. The first is internal reorganization. Editorial and business departments have been merged into sections charged with producing both newspaper content and advertising revenue and which have been set explicit revenue targets. The second has been a heavy stress on non-news gathering activities. These include trading favourable coverage for advertising and using the newspaper to develop other non-news businesses. Thirdly, journalists have been encouraged to adapt to business roles and undertake directly commercial tasks. These have included the sale of advertising space and, more indirectly, the exploitation of their professional contacts as leads for their business colleagues. These strategies have eroded, and sometimes completely removed, the firewall between the journalistic and business goals of the newspapers. Journalists are increasingly subordinated to the needs of revenue raising rather than news reporting. [ABSTRACT FROM AUTHOR]

Published

2019

157. AUTOMATIC DETECTION OF FOREST-ROAD DISTANCES TO IMPROVE CLEARING OPERATIONS IN ROAD MANAGEMENT.

Author

Novo, A., González-Jorge, H., Martínez-Sánchez, J., González-de Santos, L. M., and Lorenzo, H.

Subjects

OPERATIONS management, WILDFIRE prevention, FOREST roads, FOREST fires, FIREWALLS (Computer security), INDUSTRIAL efficiency, INFORMATION storage & retrieval systems, FOREST management

Abstract

There is a complex relation between roads and fires. Several major wildfires were ignited near to roads (Morrison 2007) and how they progressed is an important role to understand the importance to forest management in this environment. Nowadays, a sustainable forest management is necessary both for environment and politics. One of the reasons of road management is that these infrastructures provide an effective firewall in case of forest fires and an escape route for the population. Forest management optimization in road surroundings would improve wildfires prevention and mitigate their effects. One of the main indicators of road safety is the distance between road and vegetation.The aim of this work is to develop a methodology to determine what areas do not obey current laws about safety distances between forest and roads. The acquisition of LiDAR data is done by Lynx Mobile Mapper System from University of Vigo. The methodology is automated using LiDAR data processing. The developed algorithms are based in height and length segmentation of the road. The objective is classifying vegetation groups by height and calculate the distance to the edges of road. The vegetation is divided in groups of height of 5, 10, 15 and 30 m. The minimum distance calculation is 2 m, for the vegetation of 5 m height and a maximum of 60 m for vegetation 30 m height. The height of vegetation has a directly relation with the distance separation with the road. [ABSTRACT FROM AUTHOR]

Published

2019

158. New Authentication Scheme to Secure against the Phishing Attack in the Mobile Cloud Computing.

Author

E, Munivel and A, Kannammal

Subjects

PHISHING, SMARTPHONES, CLOUD computing, FIREWALLS (Computer security), COMPUTER passwords

Abstract

A phishing attack is one of the severe threats to the smartphone users. As per the recent lookout report, mobile phishing attack is increasing 85% year to year and going to become a significant threat to the smartphone users. This social engineering attack attempts to get the user's password by disguising as trusted service provider. Most of the smartphone users are using the Internet services outside of the traditional firewall. Cloud-based documents are one of the primary targets of this phishing attack in mobile cloud computing. Also, most smartphone users are using the cloud storage in their device. To secure against this password attack in a mobile cloud environment, we propose a new authentication scheme to provide novel security to the mobile cloud services. This scheme will verify the user and service provider without transmitting the password using the Zero-knowledge proof based authentication protocol. Moreover, the proposed scheme will provide mutual authentication between the communication entities. The effectiveness of proposed scheme would be verified using protocol verification tool called Scyther. [ABSTRACT FROM AUTHOR]

Published

2019

159. Deep Learning for Encrypted Traffic Classification: An Overview.

Author

Rezaei, Shahbaz and Liu, Xin

Subjects

DEEP learning, FIREWALLS (Computer security), INTRUSION detection systems (Computer security), MACHINE learning, DATA packeting

Abstract

Traffic classification has been studied for two decades and applied to a wide range of applications from QoS provisioning and billing in ISPs to security-related applications in firewalls and intrusion detection systems. Port-based, data packet inspection, and classical machine learning methods have been used extensively in the past, but their accuracy has declined due to the dramatic changes in Internet traffic, particularly the increase in encrypted traffic. With the proliferation of deep learning methods, researchers have recently investigated these methods for traffic classification and reported high accuracy. In this article, we introduce a general framework for deep-learning-based traffic classification. We present commonly used deep learning methods and their application in traffic classification tasks. Then we discuss open problems, challenges, and opportunities for traffic classification. [ABSTRACT FROM AUTHOR]

Published

2019

160. An Energy Aware Trust Based Secure Routing Algorithm for Effective Communication in Wireless Sensor Networks.

Author

Selvi, M., Thangaramya, K., Ganapathy, Sannasi, Kulothungan, K., Khannah Nehemiah, H., and Kannan, A.

Subjects

WIRELESS sensor networks, ENERGY conservation, ROUTING algorithms, FIREWALLS (Computer security), MALWARE

Abstract

Security is an important phenomena for energy conservation in wireless sensor networks (WSN). Moreover, the management of trust in the WSN is a challenging task since trust is used when collaboration is critical to achieve reliable communication. In a military application using WSN, it is often necessary to communicate secret information such as military operation urgently. However, the existing routing algorithms do not consider security in the routing process. Moreover, since security is an important aspect in WSN, it is necessary to consider the security aspects in routing algorithms. Different approaches for providing security are trust management, intrusion detection, firewalls and key management are considered in the literature. Among them, trust management can provide enhanced security when it is compared with other security methods. Therefore, a new secure routing algorithm called energy aware trust based secure routing algorithm is proposed in this paper where the trust score evaluation is used to detect the malicious users effectively in WSN and spatio-temporal constraints are used with decision tree algorithm for selecting the best route. From the experiments conducted, it is proved that the proposed trust based routing algorithm achieves significant performance improvement over the existing schemes in terms of security, energy efficiency and packet delivery ratio. [ABSTRACT FROM AUTHOR]

Published

2019

161. A Quantified Trust-Risk Assessment Approach for Enhancing Firewalls-Filtering Services.

Author

JAIDI, Faouzi

Subjects

FIREWALLS (Computer security), VALUE at risk, ACCESS control, DATA security, VIRTUAL private networks

Abstract

As a highly approved, widely deployed and one of the most important security mechanism, firewalls have an essential role in setting up powerful, trustworthy and reliable security policies to ensure the protection of private and sensitive applications, services, systems and infrastructures. This importance given to firewalls as a key security mechanism for protecting sensitive resources has been well justified in literature and nowadays several open source and commercial firewall solutions exist. The primary feature of this fundamental security component is to enforce access control policies. It provides a rules based filtering service that acts as a sentinel for a gateway via blocking, dropping or authorizing access to specific areas and segments of a network with regards to a set of filtering rules. Hence, it is commonly agreed that the efficiency of a firewall protection depends mainly on the correctness, reliability, efficiency and coherence of its configuration. We address in the current paper, the thematic of improving and enhancing the quality of firewalls filtering service. We introduce our concept of a novel firewall filtering technique based on a rules and policies trust-risk assessment approach. By evaluating and analyzing the risk associated to firewall rules, we aim, via our proposal, to strengthen the quality of the firewall filtering service. These pertinent information relative to rules trust and risk values help primary in tuning and adjusting the access control policy via: (i) deactivating or changing the actions associated to critical rules (evaluated as risky rules) in specific/critical contexts; (ii) injecting (in a dynamic manner) new rules in the policy that refine existing rules (via giving more precision about or reducing domains) in order to reduce the corresponding risk; (iii) modifying the firewall behavior via changing its configuration (the base of rules) in order to avoid or prevent malicious scenarios. [ABSTRACT FROM AUTHOR]

Published

2019

162. Investigating Brute Force Attack Patterns in IoT Network.

Author

Stiawan, Deris, Idris, Mohd. Yazid, Malik, Reza Firsandaya, Nurmaini, Siti, Alsharif, Nizar, and Budiarto, Rahmat

Subjects

CLIENT/SERVER computing, PARAMETER identification, FIREWALLS (Computer security), SYSTEM administrators, INTERNET of things, GATEWAYS (Computer networks), SECURITY systems

Abstract

Internet of Things (IoT) devices may transfer data to the gateway/application server through File Transfer Protocol (FTP) transaction. Unfortunately, in terms of security, the FTP server at a gateway or data sink very often is improperly set up. At the same time, password matching/theft holding is among the popular attacks as the intruders attack the IoT network. Thus, this paper attempts to provide an insight of this type of attack with the main aim of coming up with attack patterns that may help the IoT system administrator to analyze any similar attacks. This paper investigates brute force attack (BFA) on the FTP server of the IoT network by using a time-sensitive statistical relationship approach and visualizing the attack patterns that identify its configurations. The investigation focuses on attacks launched from the internal network, due to the assumption that the IoT network has already installed a firewall. An insider/internal attack launched from an internal network endangers more the entire IoT security system. The experiments use the IoT network testbed that mimic the internal attack scenario with three major goals: (i) to provide a topological description on how an insider attack occurs; (ii) to achieve attack pattern extraction from raw sniffed data; and (iii) to establish attack pattern identification as a parameter to visualize real-time attacks. Experimental results validate the investigation. [ABSTRACT FROM AUTHOR]

Published

2019

163. The Quest for Visibility and Control in the Cloud.

Author

Diogenes, Yuri

Subjects

CLOUD computing, INTERNET security, DIGITAL footprint, FIREWALLS (Computer security), RISK assessment

Abstract

Although cloud security has evolved over the years and is becoming more mature, the endless journey to obtain the right level of visibility and control over the cloud workloads is still a challenge. From companies that are still in the process of migrating to the cloud to companies that are already building their infrastructure entirely in the cloud, the governance of cloud workloads can be difficult if not approached correctly and using the right tools. In addition, companies that need to adhere to certain compliance standards must understand the current security controls around their workloads and how they map to the standards that they need to be in compliance with. This article will cover important considerations regarding cloud security visibility and control. [ABSTRACT FROM AUTHOR]

Published

2019

164. FORTRESS: An Efficient and Distributed Firewall for Stateful Data Plane SDN.

Author

Caprolu, Maurantonio, Raponi, Simone, and Di Pietro, Roberto

Subjects

SOFTWARE-defined networking, FIREWALLS (Computer security), COMPUTER networks, COMPUTER network security, ALGORITHMS

Abstract

The Software Defined Networking (SDN) paradigm decouples the logic module from the forwarding module on traditional network devices, bringing a wave of innovation to computer networks. Firewalls, as well as other security appliances, can largely benefit from this novel paradigm. Firewalls can be easily implemented by using the default OpenFlow rules, but the logic must reside in the control plane due to the dynamic nature of their rules that cannot be handled by data plane devices. This leads to a nonnegligible overhead in the communication channel between layers, as well as introducing an additional computational load on the control plane. To address the above limitations, we propose the architectural design of FORTRESS: a stateful firewall for SDN networks that leverages the stateful data plane architecture to move the logic of the firewall from the control plane to the data plane. FORTRESS can be implemented according to two different architectural designs: Stand-Alone and Cooperative, each one with its own peculiar advantages. We compare FORTRESS against FlowTracker, the state-of-the-art solution for SDN firewalling, and show how our solution outperforms the competitor in terms of the number of packets exchanged between the control plane and the data plane—we require 0 packets for the Stand-Alone architecture and just 4 for the Cooperative one. Moreover, we discuss how the adaptability, elegant and modular design, and portability of FORTRESS contribute to make it the ideal candidate for SDN firewalling. Finally, we also provide further research directions. [ABSTRACT FROM AUTHOR]

Published

2019

165. Reverse engineering Java Card and vulnerability exploitation: a shortcut to ROM.

Author

Mesbah, Abdelhak, Mezghiche, Mohamed, and Lanet, Jean-Louis

Subjects

JAVA programming language, SMART cards, READ-only memory, REVERSE engineering, APPLICATION program interfaces, COMPUTER software, FIREWALLS (Computer security)

Abstract

Secure elements store and manipulate assets in a secure way. The most attractive assets are the cryptographic keys stored into the memory that can be used to provide secure services to a system. For this reason, secure elements are prone to attacks. But retrieving assets inside such a highly secure device is a challenging task. This paper presents the process we used to gain access to the assets in the particular case of Java Card secure element. In a Java Card, the assets are stored securely, i.e., respecting confidentiality and integrity attributes. Only the native layers can manipulate these sensitive objects. Thus, the Java interpreter, the API and the run time act as a firewall between the assets and the Java applications that one can load into the device. Finding a vulnerability into this piece of software is of a prime importance. Finding a vulnerability into a software is often not enough to develop a complete exploit. Here, we demonstrate at the end that a Java Card applet can call the hidden native functions used to decipher the secure container that encapsulates a key. Some previous attacks have shown the ability to get access to the application code area. But the Java Card intermediate byte code detected in the dumps has shown several differences with regard to the specification, which prevents the reverse engineering of the applicative code. Thus, to avoid the execution of shell code by a hostile applet, a part of the byte code stored into the card is unknown. The transformation is done on-the-fly during the upload of an application. We present in this article a new approach for reversing the unknown instruction set of the intermediate byte code which in turn has led to reverse engineering of the Java classes of the attacked card. We discovered during the reverse that some method calls have an unusual signature. Without having access to the native code, we have inferred the semantics of the called methods and their calling convention. These methods have access to the assets of the card without being restricted by security mechanisms like the firewall. We exploit this knowledge to set up a new attack that provides a full access to the cryptographic material and allows to reset the state of the card to the initial configuration. We demonstrate the ability to call these methods at the Java level in an application to retrieve sensitive assets whatever the protections are. Then, we suggest several possibilities to mitigate these attacks. [ABSTRACT FROM AUTHOR]

Published

2019

166. Cryptanalysis and improvement of an elliptic curve based signcryption scheme for firewalls.

Author

Zia, Malik and Ali, Rashid

Subjects

COMPUTER network security, FIREWALLS (Computer security), DATA security, COMPUTER security, CRYPTOGRAPHY

Abstract

In network security, firewall is a security system that observes and controls the network traffic based on some predefined rules. A firewall sets up a barrier between internal network and another outside unsecured network, such as the Internet. A number of signcryption schemes for firewall are proposed over the years, many of them are proved to have security flaws. In this paper, an elliptic curve based signcryption scheme for firewalls is analyzed. It is observed that the scheme is not secure and has many security flaws. Anyone who knows the public parameters, can modify the message without the knowledge of sender and receiver. The claimed security attributes of non-repudiation, unforgeability, integrity and authentication are compromised. After successful cryptanalysis of this scheme, we proposed a modified version of the scheme. [ABSTRACT FROM AUTHOR]

Published

2018

167. The Internet in Asia through Singapore.

Author

Graham, Connor, Kerr, Eric, Pang, Natalie, and Fischer, MichaelM. J.

Subjects

INTERNET of things, FIREWALLS (Computer security), SOCIAL networks, INTERNET users

Abstract

The Internet or, as these authors argue, Internets (plural) in Asia are composed of cables and exchanges, protocols and firewalls, regulations and other legal devices, making them subject to investment and governance strategies, as well as treaties and court cases. But they are also composed of figures, layers, stories, and rumors. These latter descriptors provide a heuristic framework of social features that, together with metaphors from folklore, provide analytic tools for understanding the diversity, conflicts, competitions, and disengagements of the patchwork of Internet development across Asia. The authors further argue that Singapore provides an exceptionally valuable comparative site from which to explore these features. The first part of this article lays out some of the comparative features, and the second part turns to the four themes or heuristics of figures, layers, stories, and rumors, developed through an STS research cluster at the Asia Research Institute and Tembusu College, both at the National University of Singapore. [ABSTRACT FROM AUTHOR]

Published

2018

168. China's Eyes on The Prize.

Author

Beech, Hannah and Ramzy, Austin

Subjects

NOBEL Prize winners, TIANANMEN Square Massacre, China, 1989, CHINESE politics & government, 1949-, CRITICS, FIREWALLS (Computer security)

Abstract

The article looks at the reaction of China to the Nobel Peace Prize being awarded to imprisoned literary critic and poet, Liu Xiaobo. Liu's political activities as a Chinese dissident are reviewed, including leading the 1989 Tiananmen democracy movement which ended with a massacre in Beijing, China. The author questions how many Chinese citizens are aware that Liu has won the Nobel Peace Prize, noting that China restricts the information that its Internet users are able to access by using firewalls. The political attitude of the Chinese Communist Party is reviewed.

Published

2010

169. THE PSYCHOLOGY OF SECURITY.

Author

West, Ryan

Subjects

COMPUTER user attitudes, COMPUTER security, SECURITY systems, FIREWALLS (Computer security), DATA protection, SURVEYS, COMPUTER users, LEGAL compliance, SECURITY management

Abstract

The article focuses on computer users' behavior regarding security mechanisms. It mentions that the user problem in security problems concerns how people think of risk that guides their behavior. Users think that they are less likely to be harmed by computer vulnerability. Due to this, survey showed that only 72% of home users did not have a properly configured firewall and only one third had updated their antivirus programs. The author declares that users are only unmotivated and enumerates the reasons why users behave that way. While the author suggests increasing the immediate and tangible reward for secure actions to increase compliance, he also recommends catching corporate security policy violators.

Published

2008

170. SASE: Schutz für Userkonten, Standorte und IoT-Geräte.

Subjects

DATA security, INTERNET security, DATA protection, FIREWALLS (Computer security), INTERNET of things

Abstract

The article focuses on Barracuda SecureEdge, a Secure Access Service Edge (SASE) solution, which simplifies complexity and provides security and access to data and applications hosted anywhere. Topics include how SecureEdge integrates Barracuda services like Secure SD-WAN, Firewall-as-a-Service, and Zero Trust Network Access, replacing traditional security measures and offering protection for user accounts, locations, and IoT devices.

Published

2024

171. Allied Telesis AT-AR4050S-5G.

Author

MITCHELL, DAVE

Subjects

FIREWALLS (Computer security), WIDE area networks, OFFICES, SMALL business, TRAFFIC monitoring, COMPUTER network security, RURAL geography

Abstract

The Allied Telesis AT-AR4050S-5G is a desktop firewall appliance designed for small and medium-sized businesses (SMBs) and remote offices. It offers tough network perimeter security and WAN redundancy with dual-SIM 5G failover services. The appliance supports two 5G SIMs, which can be configured as primary and backup mobile network connections. It also has gigabit WAN ports, a gigabit LAN switch, and a quad-core 1.5GHz CPU. The base license includes a SPI firewall, IPS, web filtering, application controls, bandwidth management, and support for IPsec and SSL VPNs. Optional security licenses are available for advanced firewall and threat protection features. The appliance is easy to deploy and manage through its browser interface. It provides a graphical dashboard for monitoring traffic activity, hardware utilization, security services, and top applications. The appliance uses entities to define network zones, networks, and clients, which are used in creating firewall rules. The AT-AR4050S-5G is a suitable solution for businesses and remote offices in rural areas with limited broadband services, and it is offered at a competitive price. [Extracted from the article]

Published

2024

172. Inside the Great Firewall of China.

Author

Chandler, Clay, Dan, Zhang, Levenson, Eugenia, and Levinstein, Joan L.

Subjects

INTERNET, FREEDOM of information, FREEDOM of speech, DISSENTERS, CENSORSHIP, FIREWALLS (Computer security)

Abstract

This article discusses China's censorship of Internet sites that contain political dissent and references to politically sensitive topics. The Great Firewall of China has received Western media attention because of Yahoo, Google, Microsoft, and Cisco Systems' cooperation with the censorship. U.S. Rep. Chistopher Smith has proposed a bill that would force such companies to withdraw from China. Google and the other companies argue that the Chinese enjoy more freedom than ever before and that the censorship will eventually lessen.

Published

2006

173. Firewalla Gold SE review: Superb network protection, no subscription required: A firewall made for fast broadband.

Author

Martin, Jim

Subjects

GOLD, FIREWALLS (Computer security)

Abstract

The Firewalla Gold SE is an easy-to-use box of tricks that will protect your network, with no subscription required. [ABSTRACT FROM AUTHOR]

Published

2023

174. Marvell introduces two new OCTEON 10 DPUs.

Subjects

FIREWALLS (Computer security), PRODUCT design, ELECTRONIC data processing

Abstract

Marvell has introduced two new OCTEON 10 data processing units (DPUs) designed for routers, firewalls, 5G small cells, and other applications. The CN102 and CN103 DPUs offer improved performance and reduced power consumption compared to previous models. Marvell states that several major networking equipment manufacturers have already incorporated the new DPUs into their product designs. In addition, Intel has launched its latest processors for data centers, cloud, network, edge, and PCs, featuring AI optimizations. The 5th Gen Intel Xeon processors are optimized for networking workloads, including specialized AI and virtualized workloads. [Extracted from the article]

Published

2023

175. Free Bird.

Author

Lyons, Daniel

Subjects

COMPUTER operating systems, OPEN source software, DATA encryption, COMPUTER security, DATA protection, PREVENTION of computer hacking, FIREWALLS (Computer security)

Abstract

Theo De Raadt can't understand why people pay $50,000 for an antihacker firewall from Cisco Systems or Check Point when they could arguably get better protection using his software. And it's free. De Raadt, 37, is a blunt-spoken, even obnoxious programmer who works out of his basement in Calgary. He is the chief author of one of the most airtight, hacker-proof operating systems ever created: OpenBSD. Bolstered by advanced cryptography and data-traffic filtering, OpenBSD runs systems at Intel, Oracle and Adobe, secures a gas pipeline in Kurdistan and runs servers at the University of Minnesota. De Raadt is thus something of a budding cult hero in the open-source-software movement, a not-yet-famous Canadian version of Linus Torvalds, the creator of the open Linux system that sparked the free-code revolution.

Published

2005

176. WHY HACKERS ARE A GIANT THREAT TO MICROSOFT'S FUTURE.

Author

Vogelstein, Fred

Subjects

COMPUTER viruses, DATA protection, COMPUTER security, WINDOWS (Graphical user interfaces), COMPUTER hackers, COMPUTER crimes, CUSTOMER relations, CYBERTERRORISM, FIREWALLS (Computer security), COMPUTER operating systems, COMPUTER software

Abstract

The article discusses Microsoft's efforts to fight against viruses and worms, which have cost customers billions of dollars. In August 2003, viruses and worms aimed at flaws in Windows software flooded the Internet. The attacks marked a watershed for the software giant. Not only was Microsoft savaged in the media, but also it was hurt financially. This August, Microsoft unveiled a response to the hacker threat: a 100-megabyte revision of its Windows XP operating system. Service Pack 2, which customers can download for free, fixes thousands of weaknesses and flaws in Windows XP that hackers could otherwise attack. It represents the first meaningful improvement in the security of the software that sits on hundreds of millions of computers worldwide. Microsoft has also been scrambling to ease corporate customers' concerns. Chairman Bill Gates acknowledges that Microsoft's struggle will be long, disruptive, and expensive. Security issues have also compelled Microsoft to rethink the way it relates to customers. Microsoft is finding that security is costing more time and money than anyone realized. Another year or two should bring programs that make security more foolproof and high tech. Gates calls this kind of software dynamic system protection. Microsoft is also getting into the antivirus- software business. INSETS: WORST OUTBREAKS EVER;WHY VIRUSES LIKE MICROSOFT.

Published

2004

177. Taking back the Net.

Author

Kirkpatrick, David and Tkaczyk, Christopher

Subjects

COMPUTER security, INTERNET, COMPUTER hackers, COMPUTER viruses, CYBERTERRORISM, COMPUTER network security, WORLD Wide Web, COMPUTER crimes, DATA protection, FIREWALLS (Computer security)

Abstract

As every computer user knows, hackers, spammers, and others are threatening the Internet. Merrill Lynch, the Washington Post Company, and other giants have found that roughly 60% of all e-mail their employees receive is unwanted and often fraudulent--a costly waste of time. Consumers are being targeted, too. As e-commerce becomes more mainstream, thieves are figuring out how to mimic sites and gain personal information from would-be buyers. A growing group of influential technologists argue that spam and outbreaks of worms and viruses are good, as such disruptions could spur businesses, individuals, and governments to strengthen and protect the Net. As virus attacks have increased, Microsoft has stepped up efforts to hacker-proof its software. Yet the Federal Trade Commission, one government agency with the authority to target spammers, has been hard-pressed to act. Chairman Timothy Muris says that spam senders are tough to find and prosecute. In addition to new government rules and controls, business needs to take a more active role. Every company should install antispam technology. The technology industry, even as it continues to improve its software and hardware weapons, will have to start spending heavily on user education.

Published

2003

178. Vaunted Technologies That Don't Measure Up.

Author

Crock, Stan, Crockett, Roger O., Port, Otis, Edwards, Cliff, Green, Heather, Woellert, Lorraine, and Kerwin, Kathleen

Subjects

TECHNOLOGY, STEALTH aircraft, FIREWALLS (Computer security), HUMAN fingerprints

Abstract

Reports on several technologies that do not live up to expectations. How so-called stealth planes can be picked up by radar; Weak spots in computer network firewalls; Potential for inaccuracies in fingerprint analysis; Others.

Published

2002

179. A Fortune In Firewalls.

Author

GOLDMAN, LEA

Subjects

BILLIONAIRES, FIREWALLS (Computer security)

Abstract

Profiles Israeli billionaire Gil Shwed, cofounder of Check Point Software Technologies, a seller of firewall software. Rivals to his company, including Microsoft's Windows XP and Cisco; Thoughts on his fortune; Hopes to expand his business.

Published

2002

180. Safeguard Systems to Maintain Manufacturing Uptime.

Author

Parrott, John

Subjects

MANUFACTURING processes, BUSINESS networks, DIGITAL technology, TECHNOLOGICAL innovations, INDUSTRIAL robots, REMANUFACTURING, MACHINE-to-machine communications, FIREWALLS (Computer security)

Published

2023

181. Kinetic Business Launches Security Solution to Counter Cyber Threats.

Subjects

CYBERTERRORISM, COMPUTER crime prevention, FIREWALLS (Computer security), COMPUTER network security, BUSINESS enterprises

Published

2023

182. Honeypots : A New Paradigm to Information Security

Author

R. C. Joshi, Anjali Sardana, R. C. Joshi, and Anjali Sardana

Subjects

Computer security, Hackers, Firewalls (Computer security), Computer networks--Security measures, Wireless communication systems--Security measure

Abstract

A well-rounded, accessible exposition of honeypots in wired and wireless networks, this book addresses the topic from a variety of perspectives. Following a strong theoretical foundation, case studies enhance the practical understanding of the subject. The book covers the latest technology in information security and honeypots, including honeytoken

Published

2011

183. PfSense 2 Cookbook

Author

Matt Williamson and Matt Williamson

Subjects

Firewalls (Computer security), Routers (Computer networks), Computer interfaces

Abstract

This book is written in a cookbook style. Each chapter consists of recipes, each of which is composed of step-by-step instructions to complete a particular task. Each recipe also includes tips, alternatives, and references to other recipes or appropriate external sources. The book can be explored chapter by chapter or in no particular order. This book is intended for all levels of network administrators. If you are an advanced user of pfSense, then you can flip to a particular recipe and quickly accomplish the task at hand, while if you are new to pfSense, you can read chapter by chapter and learn all of the features of the system from the ground up.

Published

2011

184. Cisco Firewalls

Author

Alexandre M.S.P. Moraes and Alexandre M.S.P. Moraes

Subjects

Firewalls (Computer security)

Abstract

Cisco Firewalls Concepts, design and deployment for Cisco Stateful Firewall solutions ¿ “ In this book, Alexandre proposes a totally different approach to the important subject of firewalls: Instead of just presenting configuration models, he uses a set of carefully crafted examples to illustrate the theory in action.¿A must read!” —Luc Billot, Security Consulting Engineer at Cisco ¿ Cisco Firewalls thoroughly explains each of the leading Cisco firewall products, features, and solutions, and shows how they can add value to any network security design or operation. The author tightly links theory with practice, demonstrating how to integrate Cisco firewalls into highly secure, self-defending networks. Cisco Firewalls shows you how to deploy Cisco firewalls as an essential component of every network infrastructure. The book takes the unique approach of illustrating complex configuration concepts through step-by-step examples that demonstrate the theory in action. This is the first book with detailed coverage of firewalling Unified Communications systems, network virtualization architectures, and environments that include virtual machines. The author also presents indispensable information about integrating firewalls with other security elements such as IPS, VPNs, and load balancers; as well as a complete introduction to firewalling IPv6 networks. Cisco Firewalls will be an indispensable resource for engineers and architects designing and implementing firewalls; security administrators, operators, and support professionals; and anyone preparing for the CCNA Security, CCNP Security, or CCIE Security certification exams. ¿ Alexandre Matos da Silva Pires de Moraes, CCIE No. 6063, has worked as a Systems Engineer for Cisco Brazil since 1998 in projects that involve not only Security and VPN technologies but also Routing Protocol and Campus Design, IP Multicast Routing, and MPLS Networks Design. He coordinated a team of Security engineers in Brazil and holds the CISSP, CCSP, and three CCIE certifications (Routing/Switching, Security, and Service Provider). A frequent speaker at Cisco Live, he holds a degree in electronic engineering from the Instituto Tecnológico de Aeronáutica (ITA – Brazil). ¿ ·¿¿¿¿¿¿¿ Create advanced security designs utilizing the entire Cisco firewall product family ·¿¿¿¿¿¿¿ Choose the right firewalls based on your performance requirements ·¿¿¿¿¿¿¿ Learn firewall¿ configuration fundamentals and master the tools that provide insight about firewall operations ·¿¿¿¿¿¿¿ Properly insert firewalls in your network's topology using Layer 3 or Layer 2 connectivity ·¿¿¿¿¿¿¿ Use Cisco firewalls as part of a robust, secure virtualization architecture ·¿¿¿¿¿¿¿ Deploy Cisco ASA firewalls with or without NAT ·¿¿¿¿¿¿¿ Take full advantage of the classic IOS firewall feature set (CBAC) ·¿¿¿¿¿¿¿ Implement flexible security policies with the Zone Policy Firewall (ZPF) ·¿¿¿¿¿¿¿ Strengthen stateful inspection with antispoofing, TCP normalization, connection limiting, and IP fragmentation handling ·¿¿¿¿¿¿¿ Use application-layer inspection capabilities built into Cisco firewalls ·¿¿¿¿¿¿¿ Inspect IP voice protocols, including SCCP, H.323, SIP, and MGCP ·¿¿¿¿¿¿¿ Utilize identity to provide user-based stateful functionality ·¿¿¿¿¿¿¿ Understand

Published

2011

185. The Book of PF, 2nd Edition : A No-Nonsense Guide to the OpenBSD Firewall

Author

Peter N.M. Hansteen and Peter N.M. Hansteen

Subjects

TCP/IP (Computer network protocol), Firewalls (Computer security)

Abstract

OpenBSD's stateful packet filter, PF, is the heart of the OpenBSD firewall and a necessity for any admin working in a BSD environment. With a little effort and this book, you'll gain the insight needed to unlock PF's full potential.This second edition of The Book of PF has been completely updated and revised. Based on Peter N.M. Hansteen's popular PF website and conference tutorials, this no-nonsense guide covers NAT and redirection, wireless networking, spam fighting, failover provisioning, logging, and more. Throughout the book, Hansteen emphasizes the importance of staying in control with a written network specification, keeping rule sets readable using macros, and performing rigid testing when loading new rules.The Book of PF tackles a broad range of topics that will stimulate your mind and pad your resume, including how to:– Create rule sets for all kinds of network traffic, whether it's crossing a simple LAN, hiding behind NAT, traversing DMZs, or spanning bridges or wider networks– Create wireless networks with access points, and lock them down with authpf and special access restrictions– Maximize flexibility and service availability via CARP, relayd, and redirection– Create adaptive firewalls to proactively defend against would-be attackers and spammers– Implement traffic shaping and queues with ALTQ (priq, cbq, or hfsc) to keep your network responsive– Master your logs with monitoring and visualization tools (including NetFlow)The Book of PF is for BSD enthusiasts and network administrators at any skill level. With more and more services placing high demands on bandwidth and an increasingly hostile Internet environment, you can't afford to be without PF expertise.

Published

2011

186. Firewall Design And Analysis

Author

Alex X Liu and Alex X Liu

Subjects

Firewalls (Computer security), Computer networks--Security measures

Abstract

This unique book represents the first rigorous and comprehensive study of firewall policy design and analysis. Firewalls are the most critical and widely deployed intrusion prevention systems. Designing new firewall policies and analyzing existing firewall policies have been difficult and error-prone. This book presents scientifically sound and practically useful methods for designing and analyzing firewall policies.This book is useful to a variety of readers. First, it can be used as a handbook for network/firewall administrators and network security professionals. Second, it can be used as an advanced textbook for graduate students and senior undergraduate students in computer science and engineering. Third, it is also suitable for non-experts in network security who wish to understand more about firewalls. The presentation of the book is detailed enough to capture the interest of curious readers, and complete enough to provide the necessary background material needed to delve further into the subject of firewalls and network security.

Published

2011

187. ZERO NETWORKS ENHANCES RPC FIREWALL CAPABILITIES.

Subjects

TELECOMMUNICATION, 4G networks, 5G networks, FIREWALLS (Computer security), HOME computer networks, TRUST

Abstract

Zero Networks has announced the addition of enhanced Remote Procedure Call (RPC) Firewall capabilities to its platform. RPC is a protocol used by Microsoft services for communication, but it is also exploited by attackers to deploy ransomware. The RPC Firewall offered by Zero Networks operates at the application layer, allowing for granular decision-making on which RPC operations to allow or block. This feature significantly reduces an organization's attack surface and protects against various attacks. Zero Networks is a platform that provides automated, agentless, and MFA-powered solutions for network segmentation, secure remote access, and identity segmentation. [Extracted from the article]

Published

2024

188. FCC approves $200M K-12 cybersecurity pilot.

Author

Merod, Anna

Subjects

INTERNET security, FIREWALLS (Computer security), SCHOOL security, LIBRARIES

Abstract

The article discusses the U.S. Federal Communications Commission's approval of a pilot program to enhance cybersecurity in schools and libraries. Topics discussed include the program's funding mechanism, which will allocate funds to eligible schools and districts, and the types of cybersecurity solutions that can be funded, such as firewalls, endpoint protection, and identity protection.

Published

2024

189. Design Network Model for Good Performance of Network Security.

Author

Pattanavichai, Santi and Prasartkaew, Chutima

Subjects

COMPUTER network security, COMPUTER network architectures, NETWORK routers, INTRUSION detection systems (Computer security), FIREWALLS (Computer security)

Abstract

In this paper a design network model for good performance of network security, using the router, Firewall, Intrusion Detection System (IDS) and Intrusion Prevention System (IPS). Also, this paper was conducted the network security weakness in Intrusion Detection System (IDS) and Intrusion Prevention System (IPS), the method set the position these devices in the network for good performance of network security. In this paper, a tested and secure network design is proposed based on the practical requirements and this proposed network infrastructure is realizable with adaptable infrastructure for good performance of network security. [ABSTRACT FROM AUTHOR]

Published

2017

190. Systematic Literature Review on Usability of Firewall Configuration.

Author

VORONKOV, ARTEM, IWAYA, LEONARDO HORN, MARTUCCI, LEONARDO A., and LINDSKOG, STEFAN

Subjects

SECURITY firewall software, FIREWALLS (Computer security), USER-centered system design, META-analysis, INTERNET security, STANDARDS, COMPUTER software

Abstract

Firewalls are network security components that handle incoming and outgoing network traffic based on a set of rules. The process of correctly configuring a firewall is complicated and prone to error, and it worsens as the network complexity grows. A poorly configured firewall may result in major security threats; in the case of a network firewall, an organization’s security could be endangered, and in the case of a personal firewall, an individual computer’s security is threatened. A major reason for poorly configured firewalls, as pointed out in the literature, is usability issues. Our aim is to identify existing solutions that help professional and non-professional users to create and manage firewall configuration files, and to analyze the proposals in respect of usability. A systematic literature review with a focus on the usability of firewall configuration is presented in the article. Its main goal is to explore what has already been done in this field. In the primary selection procedure, 1,202 articles were retrieved and then screened. The secondary selection led us to 35 articles carefully chosen for further investigation, of which 14 articles were selected and summarized. As main contributions, we propose a taxonomy of existing solutions as well as a synthesis and in-depth discussion about the state of the art in firewall usability. Among the main findings, we perceived that there is a lack (or even an absence) of usability evaluation or user studies to validate the proposed models. Although all articles are related to the topic of usability, none of them clearly defines it, and only a few actually employ usability design principles and/or guidelines. [ABSTRACT FROM AUTHOR]

Published

2018

191. On optimizing firewall performance in dynamic networks by invoking a novel swapping window–based paradigm.

Author

Mohan, Ratish, Yazidi, Anis, Feng, Boning, and Oommen, John

Subjects

FIREWALLS (Computer security), INTERNET of things, RANDOM forest algorithms, BIG data, DENIAL of service attacks

Abstract

Summary: Designing and implementing efficient firewall strategies in the age of the internet of things is far from trivial. This is because, as time proceeds, an increasing number of devices will be connected, accessed, and controlled on the internet. Additionally, an ever‐increasingly amount of sensitive information will be stored on various networks. A good and efficient firewall strategy will attempt to secure this information and to also manage the large amount of inevitable network traffic that these devices create. The goal of this paper is to propose a framework for designing optimized firewalls for the internet of things. This paper deals with 2 fundamental challenges/problems encountered in such firewalls. The first problem is associated with the so‐called rule matching time problem. Here, we propose a simple condition for performing the swapping of the firewall's rules; using which, we can guarantee the firewall's consistency and integrity and also ensure a greedy reduction in the matching time. Unlike the state of the art, our swapping condition considers rules that are not necessarily consecutive, using a novel concept referred to as a “swapping window.” The second contribution of our paper is a novel “batch”‐based traffic estimator that provides network statistics to the firewall placement optimizer. The traffic estimator is a subtle but modified batch‐based embodiment of the Stochastic Learning Weak Estimator. Further, by performing a rigorous suite of experiments, we demonstrate that both algorithms are capable of optimizing the constraints imposed for obtaining an efficient firewall. [ABSTRACT FROM AUTHOR]

Published

2018

192. Computer Network Simulation of Firewall and VoIP Performance Monitoring.

Author

Barznji, Ammar O., Rashid, Tarik A., and Al-Salihi, Nawzad K.

Subjects

HTTP (Computer network protocol), INTERNET telephony, COMPUTER networks, FIREWALLS (Computer security), INTERNET traffic

Abstract

Fast growing in communication technology has influenced global changes and challenges appear in the field of network security issues. Security solutions must be efficient and operate in a way to deal with threats, reject and stop the network intruders and Trojans. The simulated network of Salahaddin university new campus is planned to build on an area of 3000X3000 meter square. The network consists of many primary and secondary devices. It mainly consists of one core switch that provides a very high data transfer through connecting all the collected positions by a variety of cable media to the entire network switches which are installed in each college location. The network design of the university presidency is similar to the network design at each college. The mentioned switch obtains the services from a router that isolates the network from the cloud which supports the services of internet to the network. The firewall is connected to the switch that connects the main server and cloud together. This work focuses on undertaking a simulation to analyze and examine the performance of the whole network when two scenarios are implemented. The first one when firewall devices are used and the second when the are not used, since the project of building Salahaddin University-Erbil new campus is at the initial stage. Thus, the researchers think that it is very important to figure out the drawbacks and deadlocks of using firewall upon each branch of the network and overall network performance before the submitting the final networks design that is going to be implemented and installed. This will indicate many differences on the construction, for example, the network panels ways, the cable collecting locations, network channels and many other devices that are fixing components depending on the media types. The results show that using or adding of firewall device to the university campus computer network will improve the overall network performance though increasing the data stream on many network sections and sectors. [ABSTRACT FROM AUTHOR]

Published

2018

193. A Machine-Learning-Driven Evolutionary Approach for Testing Web Application Firewalls.

Author

Appelt, Dennis, Nguyen, Cu D., Panichella, Annibale, and Briand, Lionel C.

Subjects

MACHINE learning, WEB-based user interfaces, FIREWALLS (Computer security), CYBERTERRORISM, COMPUTER security vulnerabilities, SECURITY systems

Abstract

Web application firewalls (WAFs) are an essential protection mechanism for online software systems. Because of the relentless flow of new kinds of attacks as well as their increased sophistication, WAFs have to be updated and tested regularly to prevent attackers from easily circumventing them. In this paper, we focus on testing WAFs for SQL injection attacks, but the general principles and strategy we propose can be adapted to other contexts. We present ML-Driven, an approach based on machine learning and an evolutionary algorithm to automatically detect holes in WAFs that let SQL injection attacks bypass them. Initially, ML-Driven automatically generates a diverse set of attacks and submits them to the system being protected by the target WAF. Then, ML-Driven selects attacks that exhibit patterns (substrings) associated with bypassing the WAF and evolves them to generate new successful bypassing attacks. Machine learning is used to incrementally learn attack patterns from previously generated attacks according to their testing results, i.e., if they are blocked or bypass the WAF. We implemented ML-Driven in a tool and evaluated it on ModSecurity, a widely used open-source WAF, and a proprietary WAF protecting a financial institution. Our empirical results indicate that ML-Driven is effective and efficient at generating SQL injection attacks bypassing WAFs and identifying attack patterns. [ABSTRACT FROM AUTHOR]

Published

2018

194. Pockets of HIV Non-infection Within Highly-Infected Risk Networks in Athens, Greece.

Author

Williams, Leslie D., Kostaki, Evangelia-Georgia, Pavlitina, Eirini, Paraskevis, Dimitrios, Hatzakis, Angelos, Schneider, John, Smyrnov, Pavlo, Hadjikou, Andria, Nikolopoulos, Georgios K., Psichogiou, Mina, and Friedman, Samuel R.

Subjects

HIV infection transmission, RISK assessment, FIREWALLS (Computer security)

Abstract

As part of a network study of HIV infection among people who inject drugs (PWID) and their contacts, we discovered a connected subcomponent of 29 uninfected PWID. In the context of a just-declining large epidemic outbreak, this raised a question: What explains the existence of large pockets of uninfected people? Possible explanations include “firewall effects” (Friedman et al., 2000; Dombrowski et al., 2017) wherein the only HIV+ people that the uninfected take risks with have low viral loads; “bottleneck effects” wherein few network paths into the pocket of non-infection exist; low levels of risk behavior; and an impending outbreak. We considered each of these. Participants provided information on their enhanced sexual and injection networks and assisted us in recruiting network members. The largest connected component had 241 members. Data on risk behaviors in the last 6 months were collected at the individual level. Recent infection was determined by LAg (SediaTM Biosciences Corporation), data on recent seronegative tests, and viral load. HIV RNA was quantified using Artus HI Virus-1 RG RT-PCR (Qiagen). The 29 members of the connected subcomponent of uninfected participants were connected (network distance = 1) to 17 recently-infected and 24 long-term infected participants. Fourteen (48%) of these 29 uninfected were classified as “extremely high risk” because they self-reported syringe sharing and had at least one injection partner with viral load >100,000 copies/mL who also reported syringe sharing. Seventeen of the 29 uninfected were re-interviewed after 6 months, but none had seroconverted. These findings show the power of network research in discovering infection patterns that standard individual-level studies cannot. Theoretical development and exploratory network research studies may be needed to understand these findings and deepen our understanding of how HIV does and does not spread through communities. Finally, the methods developed here provide practical tools to study “bottleneck” and “firewall” network hypotheses in practice. [ABSTRACT FROM AUTHOR]

Published

2018

195. How Sudden Censorship Can Increase Access to Information.

Author

HOBBS, WILLIAM R. and ROBERTS, MARGARET E.

Subjects

CENSORSHIP, ACCESS to information, SOCIAL media -- Government policy, FIREWALLS (Computer security), CHINESE politics & government, 2002-

Abstract

Conventional wisdom assumes that increased censorship will strictly decrease access to information. We delineate circumstances when increases in censorship expand access to information for a substantial subset of the population. When governments suddenly impose censorship on previously uncensored information, citizens accustomed to acquiring this information will be incentivized to learn methods of censorship evasion. These evasion tools provide continued access to the newly blocked information—and also extend users’ ability to access information that has long been censored. We illustrate this phenomenon using millions of individual-level actions of social media users in China before and after the block of Instagram. We show that the block inspired millions of Chinese users to acquire virtual private networks, and that these users subsequently joined censored websites like Twitter and Facebook. Despite initially being apolitical, these new users began browsing blocked political pages on Wikipedia, following Chinese political activists on Twitter, and discussing highly politicized topics such as opposition protests in Hong Kong. [ABSTRACT FROM AUTHOR]

Published

2018

196. Non-dominated sorting particle swarm optimization (NSPSO) and network security policy enforcement for Policy Space Analysis.

Author

Sureshkumar, Thathan, Lingaraj, Mani, Anand, Bojan, and Premkumar, Thathan

Subjects

PARTICLE swarm optimization, COMPUTER network security, FUZZY control systems, FIREWALLS (Computer security), INTRUSION detection systems (Computer security)

Abstract

Network operators depend on security services with the aim of safeguarding their IT infrastructure. Various types of network security policies are employed on a global scale and are disseminated among several security middleboxes implemented in networks. But, owing to the complications in security policies, it is not quite efficient to directly use the path-wise enforcement schemes that are prevalent. The major motivation of this work is to improve security levels and solve the policy enforcement problem. For the first time, this work reports the issue of policy enforcement on middleboxes. The major contribution of this work is to design security policy enforcement as a Weighted K Set Covering Problem, and we designed a Policy Space Analysis (PSA) tool intended for a group of operations in the security policy. This PSA tool was developed based on range-signified hyper-rectangles, which are indexed by the Hilbert R-tree. Leveraging the PSA, we first investigated the topological features of various kinds of policies. Balancing the PSA tool in a non-dominated sorting particle swarm optimization technique exposes the intrinsic difficulties of this security strategy and provides guidance for designing the enforcement approach. In addition, in this research, a new fuzzy rule-based classification system is introduced for packet classification. A scope-wise policy enforcement algorithm was proposed, which chooses a moderate number of enforcement network nodes for deploying multiple policy subsets in a greedy manner. This scheme is much quicker compared with the first one and therefore has found its application in real-time deployments. [ABSTRACT FROM AUTHOR]

Published

2018

197. IoT as a Land of Opportunity for DDoS Hackers.

Author

Vlajic, Natalija and Zhou, Daiwei

Subjects

INTERNET of things, DENIAL of service attacks, COMPUTER hackers, INTERNET security, FIREWALLS (Computer security)

Abstract

In 2016, Mirai showed the destructive potential of a botnet composed exclusively of Internet of Things devices. To evaluate the current state of anti-DDoS (distributed denial-of-service) protection for such devices, the authors studied webcams—discovered by Shodan—and found that most have little to no firewall protection and, as such, are vulnerable to future direct and reflective DDoS attacks. [ABSTRACT FROM AUTHOR]

Published

2018

198. Learning-based dynamic scalable load-balanced firewall as a service in network function-virtualized cloud computing environments.

Author

Dezhabad, Naghmeh and Sharifian, Saeed

Subjects

VIRTUAL machine systems, COMPUTER network architectures, CLOUD computing, FIREWALLS (Computer security), COMPUTER network security, COMPUTER simulation

Abstract

Network function virtualization (NFV) is a network architecture which tries to provide communication services in clouds through virtualization techniques. Actually, NFV combines server and service and replaces a lot of network devices. NFV deploys software applications instead of hardware devices and therefore reduces network provider’s financial costs and facilities manageability. One of the services that NFVs present is virtualized firewalls in clouds. As other services in clouds, firewalls should be dynamically scaled to the needs of any business and adapt as demands increase. In this paper, a method is proposed for dynamic auto-scalability of the firewall service in cloud environments. The proposed method also balances incoming load among different virtualized firewalls which are installed as a software on virtual machines and are located in one pool. We consider a queuing model for each virtual machine. The goal here is to determine the number of active virtualized firewalls required in different time steps according to the intensity of incoming load and the proportion of total requests that goes to each firewall. Decisions are made regarding the utilization of firewall virtual machines so that QoS requirements can be met; at the same time, the resources will be saved in order to balance the performance with the cost of allocated firewall virtual machines. To solve the problem, we propose a hybrid genetic algorithm and reinforcement learning-based approach, namely GARLAS (genetic algorithm and reinforcement learning-based autonomic scaling), implemented in a cloud manager. The results of simulation with MATLAB on different realistic workloads demonstrate that the approach is able to find an optimal policy in both scalability and load balancing aspects. Also, it leads to 87.91 and 85.15% of lower average response time and 9.93 and 11.77% of improvement in utilization in comparison with static and threshold-based approaches, respectively. [ABSTRACT FROM AUTHOR]

Published

2018

199. An Efficient Security System for Mobile Data Monitoring.

Author

Liu, Likun, Zhang, Hongli, Yu, Xiangzhan, Xin, Yi, Shafiq, Muhammad, and Ge, Mengmeng

Subjects

DEEP packet inspection (Computer security), FIREWALLS (Computer security), SECURITY systems, WIRELESS communications, ALGORITHMS

Abstract

During the last decade, rapid development of mobile devices and applications has produced a large number of mobile data which hide numerous cyber-attacks. To monitor the mobile data and detect the attacks, NIDS/NIPS plays important role for ISP and enterprise, but now it still faces two challenges, high performance for super large patterns and detection of the latest attacks. High performance is dominated by Deep Packet Inspection (DPI) mechanism, which is the core of security devices. A new TTL attack is just put forward to escape detecting, such that the adversary inserts packet with short TTL to escape from NIDS/NIPS. To address the above-mentioned problems, in this paper, we design a security system to handle the two aspects. For efficient DPI, a new two-step partition of pattern set is demonstrated and discussed, which includes first set-partition and second set-partition. For resisting TTL attacks, we set reasonable TTL threshold and patch TCP protocol stack to detect the attack. Compared with recent produced algorithm, our experiments show better performance and the throughput increased 27% when the number of patterns is 106. Moreover, the success rate of detection is 100%, and while attack intensity increased, the throughput decreased. [ABSTRACT FROM AUTHOR]

Published

2018

200. Security Architecture for the Distributed Environments.

Author

Filipek, Jozef

Subjects

AD hoc computer networks, BANDWIDTHS, FIREWALLS (Computer security)

Abstract

Mobile ad hoc networks (MANET) have been subject of an active research for the last decade. As opposed to the wired networks, MANETs have dynamic topology, limited resources, limited bandwidth and are usually deployed in emergency scenarios outside, where landscape plays important role. MANETs are susceptible to insider and outsider attacks and bring new security challenges which were not present in the wired networks due to the individual nodes of MANETs acting like full-fledged routers. Security of the MANETs usually focuses on some key aspect of the networks, i.e. securing routing protocol, IPS (Intrusion Prevention System), trust infrastructure or secured data transfer. Current published works focused on the security lack top-down approach which would go in depth and tried to cover as much of the network as possible. This work deals with the design of a novel approach to secure MANETs by introducing several security mechanisms at the same time to create novel Security Architecture for these networks. In this paper we introduce Architecture comprised of PKI (Public Key Infrastructure), secured routing protocol, firewall and IPS. Tying all those aspects together creates viable security system for MANETs achieving level of security we are aiming for. Part of the paper are performance measurements of the deployed solution. [ABSTRACT FROM AUTHOR]

Published

2018