21,773 research outputs found
Automated Implementation of Windows-related Security-Configuration Guides
Hardening is the process of configuring IT systems to ensure the security of
the systems' components and data they process or store. The complexity of
contemporary IT infrastructures, however, renders manual security hardening and
maintenance a daunting task.
In many organizations, security-configuration guides expressed in the SCAP
(Security Content Automation Protocol) are used as a basis for hardening, but
these guides by themselves provide no means for automatically implementing the
required configurations.
In this paper, we propose an approach to automatically extract the relevant
information from publicly available security-configuration guides for Windows
operating systems using natural language processing. In a second step, the
extracted information is verified using the information of available settings
stored in the Windows Administrative Template files, in which the majority of
Windows configuration settings is defined.
We show that our implementation of this approach can extract and implement
83% of the rules without any manual effort and 96% with minimal manual effort.
Furthermore, we conduct a study with 12 state-of-the-art guides consisting of
2014 rules with automatic checks and show that our tooling can implement at
least 97% of them correctly. We have thus significantly reduced the effort of
securing systems based on existing security-configuration guides
Käyttöjärjestelmän kovennuskonfiguraation hallinta automaatioympäristössä
Hardening improves security by removing unnecessary features from the system. Hardening can be performed for a network, a device, an operating system and single applications. As virtualization is added, the virtualization environment must also be hardened. In this thesis, the focus is on operating system hardening and its management. Frequent operating system updates cause system changes that make hardening management challenging. System hardening is presented using the ICS lifecycle model. This includes tasks, such as designing of the hardening configuration, implementation and testing, and maintaining the system hardening. To make implementation and maintaining of the hardening configuration possible two PowerShell scripts are made. One for automating hardening and other for auditing of Windows hosts. The scripts use a new hardening configuration template which is designed in this thesis. As a result, effective scripts were implemented, though some features had to be dropped due to lack of proper tools. Discarded features and other development ideas are presented in further development section. Additionally, several challenges for hardening and using Windows 10 in control systems, are observed in this thesis. Most notable discovery is that Windows 10 restores hardened settings and even broke the operation of system without any apparent reason. For this reason, the hardening configuration should be monitored and its management continued through the systems lifecycle
Hardening with Scapolite: a DevOps-based Approach for Improved Authoring and Testing of Security-Configuration Guides in Large-Scale Organizations
Security Hardening is the process of configuring IT systems to ensure the
security of the systems' components and data they process or store. In many
cases, so-called security-configuration guides are used as a basis for security
hardening. These guides describe secure configuration settings for components
such as operating systems and standard applications. Rigorous testing of
security-configuration guides and automated mechanisms for their implementation
and validation are necessary since erroneous implementations or checks of
hardening guides may severely impact systems' security and functionality. At
Siemens, centrally maintained security-configuration guides carry
machine-readable information specifying both the implementation and validation
of each required configuration step. The guides are maintained within git
repositories; automated pipelines generate the artifacts for implementation and
checking, e.g., PowerShell scripts for Windows, and carry out testing of these
artifacts on AWS images. This paper describes our experiences with our
DevOps-inspired approach for authoring, maintaining, and testing
security-configuration guides. We want to share these experiences to help other
organizations with their security hardening and, thus, increase their systems'
security.Comment: We submitted this article as a full-length paper. Unfortunately, the
CODASPY Program Committee decided that our paper can only be accepted in the
tool track. Thus, the published version only consists of 6 page
Enhanced granular medium-based tube press hardening
Active and passive control strategies of internal pressure for hot forming of
tubes and profiles with granular media are described. Force transmission and
plastic deformation of granular medium is experimentally investigated. Friction
between tube, granular medium and die as also the external stress field are
shown to be essential for the process understanding. Wrinkling, thinning and
insufficient forming of the tube establishes the process window for the active
pressure process. By improving the punch geometry and controlling tribological
conditions, the process limits are extended. Examples for the passive pressure
process reveal new opportunities for hot forming of tubes and profiles.Comment: 4 pages, 11 figure
Self consistent model for the evolution of eccentric massive black hole binaries in stellar environments: implications for gravitational wave observations
We construct evolutionary tracks for massive black hole binaries (MBHBs)
embedded in a surrounding distribution of stars. The dynamics of the binary is
evolved by taking into account the erosion of the central stellar cusp bound to
the massive black holes, the scattering of unbound stars feeding the binary
loss cone, and the emission of gravitational waves (GWs). Stellar dynamics is
treated in a hybrid fashion by coupling the results of numerical 3-body
scattering experiments of bound and unbound stars to an analytical framework
for the evolution of the stellar density distribution and for the efficiency of
the binary loss cone refilling. Our main focus is on the behaviour of the
binary eccentricity, in the attempt of addressing its importance in the merger
process and its possible impact for GW detection with the planned Laser
Interferometer Space Antenna ({\it LISA}), and ongoing and forthcoming pulsar
timing array (PTA) campaigns. We produce a family of evolutionary tracks
extensively sampling the relevant parameters of the system which are the binary
mass, mass ratio and initial eccentricity, the slope of the stellar density
distribution, its normalization and the efficiency of loss cone refilling. We
find that, in general, stellar dynamics causes a dramatic increase of the MBHB
eccentricity, especially for initially already mildly eccentric and/or unequal
mass binaries. When applied to standard MBHB population models, our results
predict eccentricities in the ranges and for sources
detectable by {\it LISA} and PTA respectively. Such figures may have a
significant impact on the signal modelling, on source detection, and on the
development of parameter estimation algorithms.Comment: 15 pages, 9 figures, accepted for publication in the Astrophysical
Journa
Security Hardening of Windows Server 2016
Tato bakalářská práce se zabývá problematikou zvyšování bezpečnosti systémů Windows pro servery, konkrétně je teorie aplikována na prostředí Windows Server 2016. Popisuje jednotlivé kroky zvyšování zabezpečení sítě za použití tohoto operačního systému u nejmenované nadnárodní společnosti.This bachelor thesis is focused on the security hardening of Windows systems for servers. In this thesis, the theory is applied on Windows Server 2016 operating system. There are described individual steps one should take to increase network security. The entire project is set in the environment of unnamed multinational company.
Constraints on the black hole spin in the quasar SDSS J094533.99+100950.1
The spin of the black hole is an important parameter which may be responsible
for the properties of the inflow and outflow of the material surrounding a
black hole. Broad band IR/optical/UV spectrum of the quasar SDSS
J094533.99+100950.1 is clearly disk-dominated, with the spectrum peaking up in
the observed frequency range. Therefore, disk fitting method usually used for
Galactic black holes can be used in this object to determine the black hole
spin. We develop the numerical code for computing disk properties, including
radius-dependent hardening factor, and we apply the ray-tracing method to
incorporate all general relativity effects in light propagation. We show that
the simple multicolor disk model gives a good fit, without any other component
required, and the disk extends down to the marginally stable orbit. The best
fit accretion rate is 0.13, well below the Eddington limit, and the black hole
spin is moderate, 0.3. The contour error for the fit combined with the
constraints for the black hole mass and the disk inclination gives a constraint
that the spin is lower than 0.8. We discuss the sources of possible systematic
errors in the parameter determinations
Continuum mesoscale theory inspired by plasticity
We present a simple mesoscale field theory inspired by rate-independent
plasticity that reflects the symmetry of the deformation process. We
parameterize the plastic deformation by a scalar field which evolves with
loading. The evolution equation for that field has the form of a
Hamilton-Jacobi equation which gives rise to cusp-singularity formation. These
cusps introduce irreversibilities analogous to those seen in plastic
deformation of real materials: we observe a yield stress, work hardening,
reversibility under unloading, and cell boundary formation.Comment: 7 pages, 5 .eps figures. submitted to Europhysics Letter
- …