353 research outputs found
A framework for IPSec functional architecture.
In today\u27s network, various stand-alone security services and/or proxies are used to provide different security services. These individual security systems implementing one single security function cannot address security needs of evolving networks that require secure protocol such as IPSec. In this paper, we provide a framework for implementing IPSec security functions in a well structured functional architecture. The proposed architecture is modular and allows for composing software applications from products commercially available and developed by different suppliers to implement the entire security requirements of IPSec protocol. In addition the proposed architecture is robust in the sense that it supports open standards and interfaces, and implements security functions of IPSec as an integrated solution under a unified security management system.Dept. of Electrical and Computer Engineering. Paper copy at Leddy Library: Theses & Major Papers - Basement, West Bldg. / Call Number: Thesis2005 .F34. Source: Masters Abstracts International, Volume: 44-03, page: 1451. Thesis (M.Sc.)--University of Windsor (Canada), 2005
Fingerprinting Encrypted Tunnel Endpoints
Operating System fingerprinting is a reconnaissance method used by Whitehats and Blackhats alike. Current techniques for fingerprinting do not take into account tunneling protocols, such as IPSec, SSL/TLS, and SSH, which effectively `wrap` network traffic in a ciphertext mantle, thus potentially rendering passive monitoring ineffectual. Whether encryption makes VPN tunnel endpoints immune to fingerprinting, or yields the encrypted contents of the VPN tunnel entirely indistinguishable, is a topic that has received modest coverage in academic literature. This study addresses these question by targeting two tunnelling protocols: IPSec and SSL/TLS. A new fingerprinting methodology is presented, several fingerprinting discriminants are identified, and test results are set forth, showing that endpoint identities can be uncovered, and that some of the contents of encrypted VPN tunnels can in fact be discerned.Dissertation (MSc (Computer Science))--University of Pretoria, 2005.Computer Scienceunrestricte
Uncovering Network Perimeter Vulnerabilities in Cisco Routers According to Requirements Defined in Pci Dss 2.0
According to the Payment Card Industry (PCI), over 500 million records containing sensitive cardholder data have been breached since January 2005. Merchants accepting credit and debit cards are at the center of payment card transactions, making it crucial that standard security procedures and technologies are employed to thwart cardholder data theft. Numerous organizations have experienced embarrassing breaches, which lead to losses of credit card data, including Starbucks, California Pizza Kitchen, and TJX Companies. This paper examined an action research methodology to test the security of a network router and remediate all the vulnerabilities that caused it to fail the requirements of the Payment Card Industry Data Security Standards (PCI DSS). The basic functions of a router include packet forwarding, sharing routing information with adjacent routers, packet filtering, network address translation (NAT), and encrypting or decrypting packets. Since a router is traditionally installed at the perimeter of a network, it plays an important role in network security. By following the approach of this study, administrators should understand how employing a network vulnerability scanner to test a host can illuminate hidden security risks. This study also demonstrated how to use the results of the vulnerability scan to harden a host to ensure it complied with the Payment Card Industry\u27s (PCI DSS) requirements
IPv6: a new security challenge
Tese de mestrado em Segurança Informática, apresentada à Universidade de Lisboa, através da Faculdade de Ciências, 2011O Protocolo de Internet versão 6 (IPv6) foi desenvolvido com o intuito de resolver alguns dos problemas não endereçados pelo seu antecessor, o Protocolo de Internet versão 4 (IPv4), nomeadamente questões relacionadas com segurança e com o espaço de endereçamento disponÃvel. São muitos os que na última década têm desenvolvido estudos sobre os investimentos necessários à sua adoção e sobre qual o momento certo para que o mesmo seja adotado por todos os players no mercado. Recentemente, o problema da extinção de endereçamentos públicos a ser disponibilizado pelas diversas Region Internet registry – RIRs - despertou o conjunto de entidades envolvidas para que se agilizasse o processo de migração do IPv4 para o IPv6. Ao contrário do IPv4, esta nova versão considera a segurança como um objetivo fundamental na sua implementação, nesse sentido é recomendado o uso do protocolo IPsec ao nÃvel da camada de rede. No entanto, e devido à imaturidade do protocolo e à complexidade que este perÃodo de transição comporta, existem inúmeras implicações de segurança que devem ser consideradas neste perÃodo de migração. O objetivo principal deste trabalho é definir um conjunto de boas práticas no âmbito da segurança na implementação do IPv6 que possa ser utilizado pelos administradores de redes de dados e pelas equipas de segurança dos diversos players no mercado. Nesta fase de transição, é de todo útil e conveniente contribuir de forma eficiente na interpretação dos pontos fortes deste novo protocolo assim como nas vulnerabilidades a ele associadas.IPv6 was developed to address the exhaustion of IPv4 addresses, but has not yet seen global deployment. Recent trends are now finally changing this picture and IPv6 is expected to take off soon. Contrary to the original, this new version of the Internet Protocol has security as a design goal, for example with its mandatory support for network layer security. However, due to the immaturity of the protocol and the complexity of the transition period, there are several security implications that have to be considered when deploying IPv6. In this project, our goal is to define a set of best practices for IPv6 Security that could be used by IT staff and network administrators within an Internet Service Provider. To this end, an assessment of some of the available security techniques for IPv6 will be made by means of a set of laboratory experiments using real equipment from an Internet Service Provider in Portugal. As the transition for IPv6 seems inevitable this work can help ISPs in understanding the threats that exist in IPv6 networks and some of the prophylactic measures available, by offering recommendations to protect internal as well as customers’ networks
Junos OS Security Configuration Guide
This preface provides the following guidelines for using the Junos OS Security Configuration
Guide:
• J Series and SRX Series Documentation and Release Notes on page xli
• Objectives on page xlii
• Audience on page xlii
• Supported Routing Platforms on page xlii
• Document Conventions on page xlii
• Documentation Feedback on page xliv
• Requesting Technical Support on page xliv
Juniper Networks supports a technical book program to publish books by Juniper Networks
engineers and subject matter experts with book publishers around the world. These
books go beyond the technical documentation to explore the nuances of network
architecture, deployment, and administration using the Junos operating system (Junos
OS) and Juniper Networks devices. In addition, the Juniper Networks Technical Library,
published in conjunction with O'Reilly Media, explores improving network security,
reliability, and availability using Junos OS configuration techniques. All the books are for
sale at technical bookstores and book outlets around the world. The current list can be
viewed at http://www.juniper.net/books .Junos OS for SRX Series Services Gateways integrates the world-class network security
and routing capabilities of Juniper Networks. Junos OS includes a wide range of
packet-based filtering, class-of-service (CoS) classifiers, and traffic-shaping features
as well as a rich, extensive set of flow-based security features including policies, screens, network address translation (NAT), and other flow-based services.
Traffic that enters and exits services gateway is processed according to features you
configure, such as packet filters, security policies, and screens. For example, the software
can determine:
• Whether the packet is allowed into the device
• Which firewall screens to apply to the packet
• The route the packet takes to reach its destination
• Which CoS to apply to the packet, if any
• Whether to apply NAT to translate the packet’s IP address
• Whether the packet requires an Application Layer Gateway (ALG
Quantum key distribution: A networking perspective
The convergence of quantum cryptography with applications used in everyday life is a topic drawing attention from the industrial and academic worlds. The development of quantum electronics has led to the practical achievement of quantum devices that are already available on the market and waiting for their first application on a broader scale. A major aspect of quantum cryptography is the methodology of Quantum Key Distribution (QKD), which is used to generate and distribute symmetric cryptographic keys between two geographically separate users using the principles of quantum physics. In previous years, several successful QKD networks have been created to test the implementation and interoperability of different practical solutions. This article surveys previously applied methods, showing techniques for deploying QKD networks and current challenges of QKD networking. Unlike studies focusing on optical channels and optical equipment, this survey focuses on the network aspect by considering network organization, routing and signaling protocols, simulation techniques, and a software-defined QKD networking approach.Web of Science535art. no. 9
Internet of Things From Hype to Reality
The Internet of Things (IoT) has gained significant mindshare, let alone attention, in academia and the industry especially over the past few years. The reasons behind this interest are the potential capabilities that IoT promises to offer. On the personal level, it paints a picture of a future world where all the things in our ambient environment are connected to the Internet and seamlessly communicate with each other to operate intelligently. The ultimate goal is to enable objects around us to efficiently sense our surroundings, inexpensively communicate, and ultimately create a better environment for us: one where everyday objects act based on what we need and like without explicit instructions
- …