10,290 research outputs found
A Practical Approach to Protect IoT Devices against Attacks and Compile Security Incident Datasets
open access articleThe Internet of Things (IoT) introduced the opportunity of remotely manipulating home appliances (such as heating systems, ovens, blinds, etc.) using computers and mobile devices. This idea fascinated people and originated a boom of IoT devices together with an increasing demand that was difficult to support. Many manufacturers quickly created hundreds of devices implementing functionalities but neglected some critical issues pertaining to device security. This oversight gave rise to the current situation where thousands of devices remain unpatched having many security issues that manufacturers cannot address after the devices have been produced and deployed. This article presents our novel research protecting IOT devices using Berkeley Packet Filters (BPFs) and evaluates our findings with the aid of our Filter.tlk tool, which is able to facilitate the development of BPF expressions that can be executed by GNU/Linux systems with a low impact on network packet throughput
The Impact of IPv6 on Penetration Testing
In this paper we discuss the impact the use of IPv6 has on remote penetration testing of servers and web applications. Several modifications to the penetration testing process are proposed to accommodate IPv6. Among these modifications are ways of performing fragmentation attacks, host discovery and brute-force protection. We also propose new checks for IPv6-specific vulnerabilities, such as bypassing firewalls using extension headers and reaching internal hosts through available transition mechanisms. The changes to the penetration testing process proposed in this paper can be used by security companies to make their penetration testing process applicable to IPv6 targets
SecSip: A Stateful Firewall for SIP-based Networks
SIP-based networks are becoming the de-facto standard for voice, video and
instant messaging services. Being exposed to many threats while playing an
major role in the operation of essential services, the need for dedicated
security management approaches is rapidly increasing. In this paper we present
an original security management approach based on a specific vulnerability
aware SIP stateful firewall. Through known attack descriptions, we illustrate
the power of the configuration language of the firewall which uses the
capability to specify stateful objects that track data from multiple SIP
elements within their lifetime. We demonstrate through measurements on a real
implementation of the firewall its efficiency and performance
- …