Sistema de descubrimiento y control de equipamiento presente en redes

El trabajo del administrador de IT, especificamnte en su rol de gestor de la red y de los equipos que con figuran la infraestructura, se ve afectado por diversos factores que reducen el tiempo disponible para, por un lado, implementar políticas consistentes y con procedimientos predefinidos y, por el otro, para realizar los controles y verificaciones periódicas indispensables. En este contexto, el presente trabajo presenta una posible herramienta para mejorar la calidad de trabajo, la productividad y reducir los costos asociados, denominada Sistema de Descubrimiento y Control de Equipamiento (SIDECOE). A través de una arquitectura modular, utilizando una base de datos, mecanismos de monitoreo y de validación, este sistema permite ejecutar un conjunto de controles predefinidos y posibilita la identificación de errores y/o fallas de configuración de los equipos de una red y alerta a los administradores sobre los riesgos que de estas circunstancias se derivan.IX Workshop en Arquitectura, Redes y Sistemas OperativosRed de Universidades con Carreras de Informática (RedUNCI

Sistema de descubrimiento y control de equipamiento presente en redes

El trabajo del administrador de IT, especificamnte en su rol de gestor de la red y de los equipos que con figuran la infraestructura, se ve afectado por diversos factores que reducen el tiempo disponible para, por un lado, implementar políticas consistentes y con procedimientos predefinidos y, por el otro, para realizar los controles y verificaciones periódicas indispensables. En este contexto, el presente trabajo presenta una posible herramienta para mejorar la calidad de trabajo, la productividad y reducir los costos asociados, denominada Sistema de Descubrimiento y Control de Equipamiento (SIDECOE). A través de una arquitectura modular, utilizando una base de datos, mecanismos de monitoreo y de validación, este sistema permite ejecutar un conjunto de controles predefinidos y posibilita la identificación de errores y/o fallas de configuración de los equipos de una red y alerta a los administradores sobre los riesgos que de estas circunstancias se derivan.IX Workshop en Arquitectura, Redes y Sistemas OperativosRed de Universidades con Carreras de Informática (RedUNCI

Increasing security in the physical layer of wireless communication

This paper introduces a concept of increasing securing in the Physical layer (PHY) of wireless communication. It gives a short description of current status of wireless standards and their security. Despite the existence of advanced security protocols such as IEEE 802.11i or WLAN VPNs, wireless networks still remain vulnerable to denial-of-service (DoS) attacks aiming at PHY and Data Link Layers. The new solution challenges the problems with the currently defined PHY and Data Link layers. The concept introduced here, holds a promise of descending with some of the security measures to the lower layers of the TCP/IP and in this way not only increases security but also efficiency and performance. In addition this model would reduce management overhead and security architecture complexity. The proposed solution is dealing with: encryption implemented as part of modulation techniques as well as authentication procedures partially deployed within the first two layers of Open System Interconnection (OSI) protocol stack. The introduced model attempts to solve problems related to DoS that is focused on Data Link Layer, eavesdropping and man-in-the-middle (MITM) attacks. Additionally, there are presented some ideas for future research in the area of protection from malicious activity aimed at the PHY Layer – e.g., jamming attacks, as well as other security issues such as eavesdropping prevention by use of physics laws and tunnelling as another layer of protection to ensure privacy and signal robustness. The potential deployment of this technology embraces Wireless Local Area Networks (WLANs) as well as the emerging IEEE 802.16e (mobile WiMAX) standard. In this paper there are considered and analysed practical needs, defined necessary steps and set priorities. In the final part, there are presented challenges concerning the research and there is established a background for the consecutive papers

Security and Privacy Issues in IoT

Internet of Things (IoT) is a global network of physical and virtual ‘things’ connected to the internet. Each object has unique ID which is used for identification. IoT is the emerging technology which will change the way we interact with devices. In future almost every electronic device will be a smart device which can compute and communicate with hand-held and other infrastructure devices. As most of the devices may be battery operated, due to less processing power the security and privacy is a major issue in IoT. Authentication, Identification and device heterogeneity are the major security and privacy concerns in IoT. Major challenges include integration, scalability, ethics communication mechanism, business models and surveillance. In this paper major issues related to security and privacy of IoT are focused

IPv6 Network Mobility

Network Authentication, Authorization, and Accounting has been used since before the days of the Internet as we know it today. Authentication asks the question, “Who or what are you?” Authorization asks, “What are you allowed to do?” And fi nally, accounting wants to know, “What did you do?” These fundamental security building blocks are being used in expanded ways today. The fi rst part of this two-part series focused on the overall concepts of AAA, the elements involved in AAA communications, and highlevel approaches to achieving specifi c AAA goals. It was published in IPJ Volume 10, No. 1[0]. This second part of the series discusses the protocols involved, specifi c applications of AAA, and considerations for the future of AAA

A reputation framework for behavioural history: developing and sharing reputations from behavioural history of network clients

The open architecture of the Internet has enabled its massive growth and success by facilitating easy connectivity between hosts. At the same time, the Internet has also opened itself up to abuse, e.g. arising out of unsolicited communication, both intentional and unintentional. It remains an open question as to how best servers should protect themselves from malicious clients whilst offering good service to innocent clients. There has been research on behavioural profiling and reputation of clients, mostly at the network level and also for email as an application, to detect malicious clients. However, this area continues to pose open research challenges. This thesis is motivated by the need for a generalised framework capable of aiding efficient detection of malicious clients while being able to reward clients with behaviour profiles conforming to the acceptable use and other relevant policies. The main contribution of this thesis is a novel, generalised, context-aware, policy independent, privacy preserving framework for developing and sharing client reputation based on behavioural history. The framework, augmenting existing protocols, allows fitting in of policies at various stages, thus keeping itself open and flexible to implementation. Locally recorded behavioural history of clients with known identities are translated to client reputations, which are then shared globally. The reputations enable privacy for clients by not exposing the details of their behaviour during interactions with the servers. The local and globally shared reputations facilitate servers in selecting service levels, including restricting access to malicious clients. We present results and analyses of simulations, with synthetic data and some proposed example policies, of client-server interactions and of attacks on our model. Suggestions presented for possible future extensions are drawn from our experiences with simulation