Information Security Fundamentals

Information Security Fundamentals allows security professionals to gain a solid understandings of the foundations of the field and the entire range of issues that practitioners must address. This book enables you to understand the key elements that comprise the successful information security program and apply these concepts into your own effort. The book examines the element computer security, employee roles and responsibilities, and common threats. It examines the need for management controls, policies and procedures, and risk analysis, and also presents a comprehensive list of task and objectives that kame up a typical information protection program. The volume discusses organizational wide (Tier 1) policies and their documentation, and legal and business requirements. It explains policy format, focusing on global, topic-specific, and application-specific policies. Following a review of asset classification, the book explores access control, the components of physical security, and the foundation and processes of risk analysis and risk management. Information Security Fundamentals concludes by describing business continuity planning, including preventive controls, recovery strategies, and ways to conduct a business impact analysis. Features : • Provides a solid understanding of the foundations of the field and the entire range of issues that practitioners must address • Discusses the legal requirements that impact security policies, including Sarbanes-Oxley, HIPAA, and Gramm-Leach-Bliley Act (GLBA) • Details physical sequrity requirement and controls, and offers a sample physical security policy • Examines elements of the risk analysis process such as asset definition, threat identification occurrence probability, and more • Describes components of business continuity planning, outlining how to conduct a business impact analysis, and how to test a pla

The Critical Role of NIDSNIPS in Protecting Internet Infrastructure

With the rapid development and wide application of the Internet, network security has become an important issue in modern society. Network attacks such as network worms, botnets and computer viruses are constantly emerging, bringing serious threats and economic losses to the Internet infrastructure. In this context, Network Intrusion Detection/Prevention System (NIDS/NIPS) plays a key role in protecting the Internet infrastructure. By monitoring network traffic in real time, NIDS/NIPS is able to detect and identify internal and external security intrusions in a timely manner and take appropriate measures for defense. Ensuring the high performance of NIDS/NIPS is an important topic in network security research, because the increase of Internet traffic and the variety of attacks make it face great challenges. In this paper, we will explore the fundamentals and functions of NIDS/NIPS and their key role in protecting the Internet infrastructure. We will also discuss key techniques to improve the performance of NIDS/NIPS and look at future directions in this area. An in-depth understanding and study of the theory and technology of NIDS/NIPS is an important reference for professionals in the field of network security

Learning through play: an educational computer game to introduce radar fundamentals

The information exchange has evolved from traditional books to computers and Internet in a few years' time. Our current university students were born in this age: they learn and have fun with different methods as previous generations did. These digital natives enjoy computer games. Thus, designing games for learning some selected topics could be a good teaching strategy for such collective and also for undergraduate university students. This paper describes the development and test of an educational computer game revolving around radar. The objective of the game RADAR Technology is to teach students about the fundamentals of radar, while having fun during the learning experience. Based on the principle that you learn better what you practice, the authors want to induce students to discover a difficult to understand topic by proposing them a different experience, in a format better adapted to their generation skills. The computer game has been tested with actual students and the obtained results seem to be very promising

Data Communications and Network Technologies

This open access book is written according to the examination outline for Huawei HCIA-Routing Switching V2.5 certification, aiming to help readers master the basics of network communications and use Huawei network devices to set up enterprise LANs and WANs, wired networks, and wireless networks, ensure network security for enterprises, and grasp cutting-edge computer network technologies. The content of this book includes: network communication fundamentals, TCP/IP protocol, Huawei VRP operating system, IP addresses and subnetting, static and dynamic routing, Ethernet networking technology, ACL and AAA, network address translation, DHCP server, WLAN, IPv6, WAN PPP and PPPoE protocol, typical networking architecture and design cases of campus networks, SNMP protocol used by network management, operation and maintenance, network time protocol NTP, SND and NFV, programming, and automation. As the world’s leading provider of ICT (information and communication technology) infrastructure and smart terminals, Huawei’s products range from digital data communication, cyber security, wireless technology, data storage, cloud-computing, and smart computing to artificial intelligence

Beyond ECDL: basic and advanced IT skills for the new library professional

This paper reports on a new multimedia-centred ICT module, called Fundamentals of Information and Communication Technology (FICT) for Postgraduate Information and Library Studies students at the Graduate School of Informatics at Strathclyde University. It had radical aims (introducing novel ICT skill content in a progressive manner, encouraging deep learning and self-directed study) and used a weekly survey and a post-module survey to investigate its operation. Skills learnt were compared to skills required during student placement in libraries. Conclusions are drawn as to its success in matching the needs of future library professionals

Q-Class Authentication System for Double Arbiter PUF

Physically Unclonable Function (PUF) is a cryptographic primitive that is based on physical property of each entity or Integrated Circuit (IC) chip. It is expected that PUF be used in security applications such as ID generation and authentication. Some responses from PUF are unreliable, and they are usually discarded. In this paper, we propose a new PUF-based authentication system that exploits information of unreliable responses. In the proposed method, each response is categorized into multiple classes by its unreliability evaluated by feeding the same challenges several times. This authentication system is named Q-class authentication, where Q is the number of classes. We perform experiments assuming a challenge-response authentication system with a certain threshold of errors. Considering 4-class separation for 4-1 Double Arbiter PUF, it is figured out that the advantage of a legitimate prover against a clone is improved form 24% to 36% in terms of success rate. In other words, it is possible to improve the tolerance of machine-learning attack by using unreliable information that was previously regarded disadvantageous to authentication systems

Cyber-security of Cyber-Physical Systems (CPS)

This master's thesis reports on security of a Cyber-Physical System (CPS) in the department of industrial engineering at UiT campus Narvik. The CPS targets connecting distinctive robots in the laboratory in the department of industrial engineering. The ultimate objective of the department is to propose such a system for the industry. The thesis focuses on the network architecture of the CPS and the availability principle of security. This report states three research questions that are aimed to be answered. The questions are: what a secure CPS architecture for the purpose of the existing system is, how far the current state of system is from the defined secure architecture, and how to reach the proposed architecture. Among the three question, the first questions has absorbed the most attention of this project. The reason is that a secure and robust architecture would provide a touchstone that makes answering the second and third questions easier. In order to answer the questions, Cisco SAFE for IoT threat defense for manufacturing approach is chosen. The architectural approach of Cisco SAFE for IoT, with similarities to the Cisco SAFE for secure campus networks, provides a secure network architecture based on business flows/use cases and defining related security capabilities. This approach supplies examples of scenarios, business flows, and security capabilities that encouraged selecting it. It should be noted that Cisco suggests its proprietary technologies for security capabilities. According to the need of the project owners and the fact that allocating funds are not favorable for them, all the suggested security capabilities are intended to be open-source, replacing the costly Cisco-proprietary suggestions. Utilizing the approach and the computer networking fundamentals resulted in the proposed secure network architecture. The proposed architecture is used as a touchstone to evaluate the existing state of the CPS in the department of industrial engineering. Following that, the required security measures are presented to approach the system to the proposed architecture. Attempting to apply the method of Cisco SAFE, the identities using the system and their specific activities are presented as the business flow. Based on the defined business flow, the required security capabilities are selected. Finally, utilizing the provided examples of Cisco SAFE documentations, a complete network architecture is generated. The architecture consists of five zones that include the main components, security capabilities, and networking devices (such as switches and access points). Investigating the current state of the CPS and evaluating it by the proposed architecture and the computer networking fundamentals, helped identifying six important shortcomings. Developing on the noted shortcomings, and identification of open-source alternatives for the Cisco-proprietary technologies, nine security measures are proposed. The goal is to perform all the security measures. Thus, the implementations and solutions for each security measure is noted at the end of the presented results. The security measures that require purchasing a device were not considered in this project. The reasons for this decision are the time-consuming process of selecting an option among different alternatives, and the prior need for grasping the features of the network with the proposed security capabilities; features such as amount and type of traffic inside the network, and possible incidents detected using an Intrusion Detection Prevention System. The attempts to construct a secure cyber-physical system is an everlasting procedure. New threats, best practices, guidelines, and standards are introduced on a daily basis. Moreover, business needs could vary from time to time. Therefore, the selected security life-cycle is required and encouraged to be used in order to supply a robust lasting cyber-physical system

Asymmetric Leakage from Multiplier and Collision-Based Single-Shot Side-Channel Attack

The single-shot collision attack on RSA proposed by Hanley et al. is studied focusing on the difference between two operands of multiplier. It is shown that how leakage from integer multiplier and long-integer multiplication algorithm can be asymmetric between two operands. The asymmetric leakage is verified with experiments on FPGA and micro-controller platforms. Moreover, we show an experimental result in which success and failure of the attack is determined by the order of operands. Therefore, designing operand order can be a cost-effective countermeasure. Meanwhile we also show a case in which a particular countermeasure becomes ineffective when the asymmetric leakage is considered. In addition to the above main contribution, an extension of the attack by Hanley et al. using the signal-processing technique of Big Mac Attack is presented

"The Good, The Bad And The Ugly": Evaluation of Wi-Fi Steganography

In this paper we propose a new method for the evaluation of network steganography algorithms based on the new concept of "the moving observer". We considered three levels of undetectability named: "good", "bad", and "ugly". To illustrate this method we chose Wi-Fi steganography as a solid family of information hiding protocols. We present the state of the art in this area covering well-known hiding techniques for 802.11 networks. "The moving observer" approach could help not only in the evaluation of steganographic algorithms, but also might be a starting point for a new detection system of network steganography. The concept of a new detection system, called MoveSteg, is explained in detail.Comment: 6 pages, 6 figures, to appear in Proc. of: ICNIT 2015 - 6th International Conference on Networking and Information Technology, Tokyo, Japan, November 5-6, 201