Security Vulnerability Evaluation of Popular Personal Firewalls and Operating Systems

In this thesis, experimental evaluation of security vulnerabilities has been performed under DoS attacks for popular personal firewalls from McAfee, Norton and Kaspersky; and for operating systems namely Apple’s Leopard and SnowLeopard, and Microsoft’s Windows XP and Windows 7. Our experimental results show that the firewalls and operating systems behave differently under a given DoS attack. Some of the firewalls crashed under certain DoS attacks especially when they were configured to prevent and block packets belonging to such attacks. Operating systems evaluated in this thesis were also found to have different built-in security capabilities, and some of them even crashed under certain DoS attacks requiring forced reboot of the system. Comparative performance of firewalls and operating systems under DoS attacks has been presented

Evaluation of Security Availability of Data Components for A Renewable Energy Micro Smart Grid System

In this thesis, we study the development and security testing of photovoltaic data collection system. With the introduction of the smart grid concept, a lot of research has been done on the communication aspect of energy production and distribution throughout the power network. For Smart Grid, Internet is used as the communication medium for specific required services and for data collection. Despite all the advantages of the Smart Grid infrastructure, there is also some security concern regarding the vulnerabilities associated with internet access. In this thesis, we consider security testing of the two most popular and globally deployed web server platforms Apache running on Red Had Linux 5 and IIS on Windows Server 2008, and their performance under Distributed Denial of Service Attacks. Furthermore we stress test the data collection services provided by MySQL running on both Windows and Linux Servers when it is also under DDoS attacks

Security Evaluation of Virtualized Computing Platforms

In this thesis, security experiments were conducted to evaluate embedded security protocol performance of two leading server operating systems, Apple’s MAC OS server LION Vs. Microsoft’s Windows server 2012 R2 OS under different types of security attack. Furthermore, experiments were conducted to understand and evaluate the effect of virtualization using Hyper-V with Windows 2012 R2 OS on MAC hardware platform. For these experiments, connection rate, connection latency, non-paged pool allocations and processor core utilization for different OS, virtual machines, and under different traffic types were measured

Security integrity of EKG signal monitoring under different network attack conditions

This thesis focuses on issues related with monitoring of EKG signals under different network attack traffic conditions. It is becoming common for modern hospitals to monitor real time EKG signals of patients on computers that are usually connected to networks. If the network suffers with attack conditions, it can affect connected computers and alter EKG signals monitoring, hence raising false alarms. Denial of Service attacks may silently affect the real time monitoring of EKG signals. Altering of EKG signals may result in loss of integrity and it can violate CIA triad of security. In this thesis, different attack conditions were simulated for various operating systems under different loads of attack traffic to observe how the EKG signals were affected

Can Routers Provide Sufficient Protection against Cyber Security Attacks?

Nowadays many devices that make up a computer network are being equipped with security hardware and software features to prevent cyber security attacks. The idea is to distribute security features to intermediate systems in the network to mitigate the overall adverse effect of cyber attacks. In this paper, we will be focusing on the Juniper J4350 router with the Junos Software Enhanced, and it has security-attack protections in the router. We are going to evaluate how the Juniper router with built-in security protections affected the overall server performance under a cyber security attack

The Cyber Security Evaluation of a Wireless and Wired Smart Electric Meter

In this thesis, an Experimental cyber security evaluation of Wireless Smart Electric Meter has been performed under cyber security attacks. The security integrity of data collection from EPM 6100 Power Quality Wireless Smart Electric Meter under a wireless cyber-attack was evaluated. After which the security integrity of data collection from the same Wireless Smart Electric Meter was evaluated under a different configuration. In this Thesis, we tested three different smart meters for their connectivity under different cybersecurity attacks. We compared the security integrity of the three different smart meters to measure their response under different cybersecurity attacks

Cyber Security Evaluation of Smart Electric Meters

In this thesis, effect of intermediate network systems on power usage data collection from Smart Electric Meter in Smart Grid was evaluated. Security integrity of remote data collection from GE’s Power Quality Smart Electric Meter EPM 6100 and EPM 7000 under cyber-attacks were evaluated. Experimental security evaluations of Smart Electric Meters were conducted to understand their operation under cyber-attacks. Integrity of data communication between the GE’s smart meters and remote monitoring computer was evaluated under different types of cyber security attacks. Performance comparison was done for security integrity of EPM 6100 and EPM 7000 power quality meter under various cyber-attacks

Cyber Security Evaluation of CentOS Red Hat Based Operating System Under Cyber Attack with Increasing Magnitude

The increasing interest in ‘always-connected’ devices and the Internet of Things has led to electronic devices with Internet connectivity becoming a staple in modern household and workplace. Consequently, this increase has also led to an increase in vulnerable devices, ripe for hijacking by a malicious third party. Distributed Denial of Service (DDoS) attacks have consistently been an issue since the birth of the Internet. With the large number of devices available today, the strength and consistency of these attacks has only grown and will continue to grow. Since, depending on certain variables, these DDoS attacks can effectively render a target system inoperable, precautions must be taken in order to prevent these attacks. Not all devices are created equal; Many harbor flaws that allow them to be used by a separate, malicious host without the knowledge of the owner. There is a myriad of devices on the market today, any of which can be used in a network of zombie machines meant to carry out an attack, a botnet. These botnets are used to flood a system with information, ideally consuming large amounts of resources, such as memory or processing power. If the attack is successful, operation within the target system is effectively halted, often for long periods of time in the more severe attacks. Just like the variety in devices, there is a variety in the software that operates these devices. In this experiment, I focus efforts on comparing the ability of CentOS 15 with Windows Server 2012R to function under attack. I analyze four popular DDoS attacks using simulated network traffic consisting of botnets ranging from of over 16 million systems, 65 thousand systems and 254 systems in a controlled, closed environment

Security attacks and solutions on SDN control plane: A survey

Sommario Software Defined Networks (SDN) è un modello di rete programmabile aperto promosso da ONF , che è stato un fattore chiave per le recenti tendenze tecnologiche. SDN esplora la separazione dei dati e del piano di controllo . Diversamente dai concetti passati, SDN introduce l’idea di separazione del piano di controllo (decisioni di instradamento e traffico) e piano dati (decisioni di inoltro basate sul piano di controllo) che sfida l’integrazione verticale raggiunta dalle reti tradizionali, in cui dispositivi di rete come router e switch accumulano entrambe le funzioni. SDN presenta alcuni vantaggi come la gestione centralizzata e la possibilità di essere programmato su richiesta. Oltre a questi vantaggi, SDN presenta ancora vulnerabilità di sicurezza e, tra queste,le più letali prendono di mira il piano di controllo. Come i controllers che risiedono sul piano di con- trollo gestiscono l’infrastruttura e i dispositivi di rete sottostanti (es. router/switch), anche qualsiasi insicurezza, minacce, malware o problemi durante lo svolgimento delle attività da parte del controller, possono causare interruzioni dell’intera rete. In particolare, per la sua posizione centralizzata, il con- troller SDN è visto come un punto di fallimento. Di conseguenza, qualsiasi attacco o vulnerabilità che prende di mira il piano di controllo o il controller è considerato fatale al punto da sconvolgere l’intera rete. In questa tesi, le minacce alla sicurezza e gli attacchi mirati al piano di controllo (SDN) sono identificati e classificati in diversi gruppi in base a come causano l’impatto sul piano di controllo. Per ottenere risultati, è stata condotta un’ampia ricerca bibliografica attraverso uno studio appro- fondito degli articoli di ricerca esistenti che discutono di una serie di attacchi e delle relative soluzioni per il piano di controllo SDN. Principalmente, come soluzioni intese a rilevare, mitigare o proteggere il (SDN) sono stati presi in considerazione le potenziali minacce gli attachi al piano di controllo. Sulla base di questo compito, gli articoli selezionati sono stati classificati rispetto al loro impatto potenziale sul piano di controllo (SDN) come diretti e indiretti. Ove applicabile, è stato fornito un confronto tra le soluzioni che affrontano lo stesso attacco. Inoltre, sono stati presentati i vantaggi e gli svantaggi delle soluzioni che affrontano diversi attacchi . Infine, una discussione sui risultati e sui esitti ottenuti durante questo processo di indagine e sono stati affrontatti suggerimenti di lavoro futuri estratti du- rante il processo di revisione. Parole chiave : SDN, Sicurezza, Piano di controllo, Denial of Service, Attacchi alla topologiaAbstract Software Defined Networks (SDN) is an open programmable network model promoted by ONF that has been a key-enabler of recent technology trends. SDN explores the separation of data and control plane. Different from the past concepts, SDN introduces the idea of separation of the control plane (routing and traffic decisions) and data plane (forwarding decisions based on the control plane) that challenges the vertical integration achieved by the traditional networks, in which network devices such as router and switches accumulate both functions. SDN presents some advantages such as centralized management and the ability to be programmed on demand. Apart from these benefits, SDN still presents security vulnerabilities and among them, the most lethal ones are targeting the control plane. As the controllers residing on the control plane manages the underlying networking infrastructure and devices (i.e., routers/switches), any security threat, malware, or issues during the carrying out of activities by the controller can lead to disruption of the entire network. In particular, due to its centralized position, the (SDN) controller is seen as a single point of failure. As a result, any attack or vulnerability targeting the control plane or controller is considered fatal to the point of disrupting the whole network. In this thesis, the security threats and attacks targeting the (SDN) control plane are identified and categorized into different groups by considering how they cause an impact to the control plane. To obtain results, extensive literature research has been carried out by performing an in-depth study of the existing research articles that discusses an array of attacks and their corresponding solutions for the (SDN) control plane. Mainly, the solutions intended to detect, mitigate, or protect the (SDN) control plane against potential threats and attacks have been considered. On basis of this task, the potential articles selected were categorized with respect to their impact to the (SDN) control plane as direct and indirect. Where applicable a comparison of the solutions addressing the same attack has been provided. Moreover, the advantages and disadvantages of the solutions addressing the respective attacks are presented. Finally, a discussion regarding the findings and results obtained during this su- veying process and future work suggestions extracted during the review process have been discussed. Keywords: SDN, Security, Control Plane, Denial of Service, Topology Attacks, Openflo

An approach in identifying and tracing back spoofed IP packets to their sources

With internet expanding in every aspect of businesses infrastructure, it becomes more and more important to make these businesses infrastructures safe and secure to the numerous attacks perpetrated on them conspicuously when it comes to denial of service (DoS) attacks. A Dos attack can be summarized as an effort carried out by either a person or a group of individual to suppress a particular outline service. This can hence be achieved by using and manipulating packets which are sent out using the IP protocol included into the IP address of the sending party. However, one of the major drawbacks is that the IP protocol is not able to verify the accuracy of the address and has got no method to validate the authenticity of the sender’s packet. Knowing how this works, an attacker can hence fabricate any source address to gain unauthorized access to critical information. In the event that attackers can manipulate this lacking for numerous targeted attacks, it would be wise and safe to determine whether the network traffic has got spoofed packets and how to traceback. IP traceback has been quite active specially with the DOS attacks therefore this paper will be focusing on the different types of attacks involving spoofed packets and also numerous methods that can help in identifying whether packet have spoofed source addresses based on both active and passive host based methods and on the router-based methods