Transient Addressing for Related Processes: Improved Firewalling by Using IPV6 and Multiple Addresses per Host

Traditionally, hosts have tended to assign relatively few network addresses to an interface for extended periods. Encouraged by the new abundance of addressing possibilities provided by IPv6, we propose a new method, called Transient Addressing for Related Processes (TARP), whereby hosts temporarily employ and subsequently discard IPv6 addresses in servicing a client host's network requests. The method provides certain security advantages and neatly finesses some well-known firewall problems caused by dynamic port negotiation used in a variety of application protocols. A prototype implementation exists as a small set of kame/BSD kernel enhancements and allows socket programmers and applications nearly transparent access to TARP addressing's advantages

Software product description

An overview of the MultiNet system is presented. Services, supported configurations, remote printer services, netstat, netcontrol, DECnet interoperability services, and programming libraries are briefly described

Analysis of operating system diversity for intrusion tolerance

One of the key benefits of using intrusion-tolerant systems is the possibility of ensuring correct behavior in the presence of attacks and intrusions. These security gains are directly dependent on the components exhibiting failure diversity. To what extent failure diversity is observed in practical deployment depends on how diverse are the components that constitute the system. In this paper, we present a study with operating system's (OS's) vulnerability data from the NIST National Vulnerability Database (NVD). We have analyzed the vulnerabilities of 11 different OSs over a period of 18 years, to check how many of these vulnerabilities occur in more than one OS. We found this number to be low for several combinations of OSs. Hence, although there are a few caveats on the use of NVD data to support definitive conclusions, our analysis shows that by selecting appropriate OSs, one can preclude (or reduce substantially) common vulnerabilities from occurring in the replicas of the intrusion-tolerant system

Implementation of multi-purpose system based on LINUX

Práce Realizace víceúčelového systému na bázi Linux je zaměřena na výběr vhodné distribuce systému GNU/Linux, všech běžně dostupných síťových služeb poskytovaných servery a implementaci vhodného autorizačního procesu na jeden server. První část práce je zaměřena na seznámení čtenáře s různými operačními systémy a jejich vzájemné srovnání. Také jsou zde podrobně probrány open- source technologie používané pro služby jako je HTTP, FTP nebo mail server. Dále se první část věnuje způsobu sdílení dat a tiskáren v počítačové síti a možnosti přihlašování do takovéto sítě pomocí Novell klienta. Druhá část je zaměřena na praktickou realizaci takovéhoto serveru pomocí zvoleného systému a potřebných aplikací. Je zde popsán podrobně postup pro instalaci a zprovoznění všech potřebných aplikací.The thesis Realization of Multipurpose System on the base of Linux is focused on the selection of suitable distribution of GNU/Linux system for all commonly accessible network services provided by servers and for implementation of suitable authorization process for one server. The first part of the Bachelor thesis acquaints the reader with different operating systems, and their mutual comparison. There are also in detail examined open-source technologies used for HTTP, FTP or mail server services. Further the first part describes the way of sharing data and printers in the network and a possibility of log in the Network by means of Novell client. Second part is focused on practical realization of this server by selected system and by needed applications. There is also in detail described the process of instalation and launching all needed applications.