Simulation on Network Security Design Architecture for Server Room in Rwanda Information Technology Agency

Today, computer networks attacks have continued to increase in severity and sophistication. Data lost and unavailability of network resources due to attacks from internet have negative financial impact on many companies. Unprotected organisation’s networks from internet attacks face high risk of data loss and espionage. Network devices that make up network are the most targeted in order to penetrate in companies system as some come with vulnerability from the manufacturer. In this study, network security architecture for server room had been developed for enhancing the security. Further, two simulation models had been developed to compare the throughput for both existing and developed security architecture

Сравнительный анализ производительности транспортных протоколов Trickles и TCP в условиях высокой нагрузки на коммуникационную сеть

We study the performance of the Trickles protocol which is a transport-layer protocol for the TCP/IP architecture. We have implemented the original model of the Trickles protocol for the ns-2 simulator and defined performance metrics which were measured using ns-2 simulations.Исследуется производительность протокола Trickles, который предназначен для управления передачей на транспортном уровне архитектуры TCP/IP. Для этого была построена имитационная модель протокола в системе ns-2, определены характеристики производительности, которые были экспериментально измерены на моделях сетевых инфраструктур

Bloom Filter-Based Secure Data Forwarding in Large-Scale Cyber-Physical Systems

Cyber-physical systems (CPSs) connect with the physical world via communication networks, which significantly increases security risks of CPSs. To secure the sensitive data, secure forwarding is an essential component of CPSs. However, CPSs require high dimensional multiattribute and multilevel security requirements due to the significantly increased system scale and diversity, and hence impose high demand on the secure forwarding information query and storage. To tackle these challenges, we propose a practical secure data forwarding scheme for CPSs. Considering the limited storage capability and computational power of entities, we adopt bloom filter to store the secure forwarding information for each entity, which can achieve well balance between the storage consumption and query delay. Furthermore, a novel link-based bloom filter construction method is designed to reduce false positive rate during bloom filter construction. Finally, the effects of false positive rate on the performance of bloom filter-based secure forwarding with different routing policies are discussed

Evaluation of Windows Servers Security Under ICMP and TCP Denial of Service Attacks

Securing server from Distributed denial of service (DDoS) attacks is a challenging task for network operators. DDOS attacks are known to reduce the performance of web based applications and reduce the number of legitimate client connections. In this thesis, we evaluate performance of a Windows server 2003 under these attacks. In this thesis, we also evaluate and compare effectiveness of three different protection mechanisms, namely SYN Cache, SYN Cookie and SYN proxy protection methods, to protect against TCP SYN DDoS attacks. It is found that the SYN attack protection at the server is more effective at lower loads of SYN attack traffic, whereas the SYN cookies protection is more effective at higher loads compared to other methods

Trustworthy Knowledge Planes For Federated Distributed Systems

In federated distributed systems, such as the Internet and the public cloud, the constituent systems can differ in their configuration and provisioning, resulting in significant impacts on the performance, robustness, and security of applications. Yet these systems lack support for distinguishing such characteristics, resulting in uninformed service selection and poor inter-operator coordination. This thesis presents the design and implementation of a trustworthy knowledge plane that can determine such characteristics about autonomous networks on the Internet. A knowledge plane collects the state of network devices and participants. Using this state, applications infer whether a network possesses some characteristic of interest. The knowledge plane uses attestation to attribute state descriptions to the principals that generated them, thereby making the results of inference more trustworthy. Trustworthy knowledge planes enable applications to establish stronger assumptions about their network operating environment, resulting in improved robustness and reduced deployment barriers. We have prototyped the knowledge plane and associated devices. Experience with deploying analyses over production networks demonstrate that knowledge planes impose low cost and can scale to support Internet-scale networks