605 research outputs found

    Honeypot setup for education

    Get PDF
    "Honeypot" is just a computer system or a network segment, loaded with servers and devices and data. It may be protected with a firewall, although you want the attackers to have some access. There may be some monitoring capability, done carefully so that the monitoring is not evident to the attacker. The reason to setup honeypot varies from avoid tampering to tracking and capturingthe attacker. The purpose for this project is to set up an education tool for student to learn and know how honeypot works. Because of the increasing rate of cyber crime, it is hope that with this, it can encourage the student and the public generally to be more aware about the matter concerning information technology security. The Honeynet Project made up of a small group of security professionals dedicated to learning the tools and tactics of the black-hat community and sharing those lessons learned with the security community. Their contribution varies from how to setup a honeypot to how the attacker behaves and what triggers them is shown in this paper and research. To design this particular honeypot, I've use the waterfallmodel methodology as a guideline to build and design it. Honeypot are interesting research topic and open up a new field of technology and creative thinking

    A study of System Interface Sets (SIS) for the host, target and integration environments of the Space Station Program (SSP)

    Get PDF
    System interface sets (SIS) for large, complex, non-stop, distributed systems are examined. The SIS of the Space Station Program (SSP) was selected as the focus of this study because an appropriate virtual interface specification of the SIS is believed to have the most potential to free the project from four life cycle tyrannies which are rooted in a dependance on either a proprietary or particular instance of: operating systems, data management systems, communications systems, and instruction set architectures. The static perspective of the common Ada programming support environment interface set (CAIS) and the portable common execution environment (PCEE) activities are discussed. Also, the dynamic perspective of the PCEE is addressed

    Honeypot setup for education

    Get PDF
    "Honeypot" is just a computer system or a network segment, loaded with servers and devices and data. It may be protected with a firewall, although you want the attackers to have some access. There may be some monitoring capability, done carefully so that the monitoring is not evident to the attacker. The reason to setup honeypot varies from avoid tampering to tracking and capturingthe attacker. The purpose for this project is to set up an education tool for student to learn and know how honeypot works. Because of the increasing rate of cyber crime, it is hope that with this, it can encourage the student and the public generally to be more aware about the matter concerning information technology security. The Honeynet Project made up of a small group of security professionals dedicated to learning the tools and tactics of the black-hat community and sharing those lessons learned with the security community. Their contribution varies from how to setup a honeypot to how the attacker behaves and what triggers them is shown in this paper and research. To design this particular honeypot, I've use the waterfallmodel methodology as a guideline to build and design it. Honeypot are interesting research topic and open up a new field of technology and creative thinking

    On the genesis of computer forensis

    Get PDF
    This thesis presents a coherent set of research contributions to the new discipline of computer forensis. It analyses emergence of computer forensis and defines challenges facing this discipline, carries forward research advances in conventional methodology, introduces novel approach to using virtual environments in forensis, and systemises the computer forensis body of knowledge leading to the establishment of tertiary curriculum. The emergence of computer forensis as a separate discipline of science was triggered by evolution and growth of computer crime. Computer technology reached a stage when a conventional, mechanistic approach to collecting and analysing data is insufficient: the existing methodology must be formalised, and embrace technologies and methods that will enable the inclusion of transient data and live systems analysis. Further work is crucial to incorporate advances in related disciplines like computer security and information systems audit, as well as developments in operating systems to make computer forensics issues inherent in their design. For example: it is proposed that some of the features offered by persistent systems could be built into conventional operating systems to make illicit activities easier to identify and analyse. The analysis of permanent data storage is fundamental to computer forensics practice. There is very little finalised, and a lot still to be discovered in the conventional computer forensics methodology. This thesis contributes to formalisation and improved integrity of forensic handling of data storage by: formalising methods for data collection and analysis in NTFS (Microsoft file system) environment: presenting safe methodology for handling data backups in order to avoid information loss where Alternate Data Streams (ADS) are present: formalising methods of hiding and extracting hidden and encrypted data. A significant contribution of this thesis is in the field of application of virtualisation, or simulation of the computer in the virtual environment created by the underlying hardware and software, to computer forensics practice. Computer systems are not easily analysed for forensic purpose, and it is demonstrated that virtualisation applied in computer forensics allows for more efficient and accurate identification and analysis of the evidence. A new method is proposed where two environments used in parallel can bring faster and verifiable results not dependent on proprietary, close source tools and may lead to gradual shift from commercial Windows software to open source software (OSS). The final contribution of this thesis is systemising the body of knowledge in computer forensics, which is a necessary condition for it to become an established discipline of science. This systemisation led to design and development of tertiary curriculum in computer forensics illustrated here with a case study of computer forensics major for Bachelor of Computer Science at University of Western Sydney. All genesis starts as an idea. A natural part of scientific research process is replacing previous assumptions, concepts, and practices with new ones which better approximate the truth. This thesis advances computer forensis body of knowledge in the areas which are crucial to further development of this discipline. Please note that the appendices to this thesis consist of separately published items which cannot be made available due to copyright restrictions. These items are listed in the PDF attachment for reference purposes

    Attack development for intrusion detector evaluation

    Get PDF
    Thesis (S.B. and M.Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2000.Includes bibliographical references (p. 96-97).An important goal of the 1999 DARPA Intrusion Detection Evaluation was to promote the development of intrusion detection systems that can detect new attacks. This thesis describes UNIX attacks developed for the 1999 DARPA Evaluation. Some attacks were new in 1999 and others were stealthy versions of 1998 User-to-Root attacks designed to evade network-based intrusion detection systems. In addition, new and old attacks were fragmented at the packet level to evade network-based intrusion detection systems. Results demonstrated that new and stealthy attacks were not detected well. New attacks that were never seen before were not detected by any network-based systems. Stealthy attacks, modified to be difficult to detect by network intrusion detection systems, were detected less accurately than clear versions. The best network-based system detected 42% of clear attacks and only 11% of stealthy attacks at 10 false alarms per day. A few attacks and background sessions modified with packet modifications eluded network intrusion detection systems causing them to generate false negatives and false positives due to improper TCP/IP reassembly.by Kumar J. Das.S.B.and M.Eng

    Memory-Based antiforensic tools and techniques

    Get PDF
    Computer forensics is the discipline that deals with the acquisition, investigation, preservation, and presentation of digital evidence in the court of law. Whereas antiforensics is the terminology used to describe malicious activities deployed to delete, alter, or hide digital evidence with the main objective of manipulating, destroying, and preventing the creation of evidence. Various antiforensic methodologies and tools can be used to interfere with digital evidence and computer forensic tools. However, memory-based antiforensic techniques are of particular interest because of their effectiveness, advanced manipulation of digital evidence, and attack on computer forensic tools. These techniques are mainly performed in volatile memory using advanced data alteration and hiding techniques. For these reasons memory-based antiforensic techniques are considered to be unbeatable. This article aims to present some of the current antiforensic approaches and in particular reports on memory-based antiforensic tools and techniques

    Uncovering Assumptions in Information Security

    Get PDF
    The design and implementation of security is based upon many assumptions. This paper discusses the need for students to learn to question assumptions, and in so doing identify unrealistic or incorrect assumptions and any associated policies. More realisticassumptions can then made and/or procedures implemented to protect against violation ofthe assumptions. A number of examples in the context of teaching computer security arediscussed and some methods of teaching awareness of assumptions presented

    Determining the effectiveness of deceptive honeynets

    Get PDF
    Over the last few years, incidents of network based intrusions have rapidly increased, due to the increase and popularity of various attack tools easily available for download from the Internet. Due to this increase in intrusions, the concept of a network defence known as Honeypots developed. These honeypots are designed to ensnare attackers and monitor their activities. Honeypots use the principles of deception such as masking, mimicry, decoying, inventing, repackaging and dazzling to deceive attackers. Deception exists in various forms. It is a tactic to survive and defeat the motives of attackers. Due to its presence in the nature, deception has been widely used during wars and now in Information Systems. This thesis considers the current state of honeypot technology as well as describes the framework of how to improve the effectiveness of honeypots through the effective use of deception. In this research, a legitimate corporate deceptive network is created using Honeyd (a type of honeypot) which is attacked and improved using empirical learning approach. The data collected during the attacking exercise were analysed, using various measures, to determine the effectiveness of the deception in the honeypot network created using honeyd. The results indicate that the attackers were deceived into believing the honeynet was a real network which instead was a deceptive network

    2D Java Strategy Game

    Get PDF
    Tato práce se zabývá návrhem a implementací strategické video hry v jazyce Java. Součástí práce bude simulace netriviálního počítačového protivníka. V praktické části je popsán postup implementace jednoduché strategické hry War paths.This thesis aims at designing and implemetation of video strategy game. Part of thesis will be aimed at simulation of nontrivial computer enemy. Implementation process of simple computer game War paths will be described in practical part of thesis.
    corecore