DPI Solutions in Practice: Benchmark and Comparison

Having a clear insight on the protocols carrying traffic is crucial for network applications. Deep Packet Inspection (DPI) has been a key technique to provide visibility into traffic. DPI has proven effective in various scenarios, and indeed several open source DPI solutions are maintained by the community. Yet, these solutions provide different classifications, and it is hard to establish a common ground truth. Independent works approaching the question of the quality of DPI are already aged and rely on limited datasets. Here, we test if open source DPI solutions can provide useful information in practical scenarios, e.g., supporting security applications. We provide an evaluation of the performance of four open-source DPI solutions, namely nDPI, Libprotoident, Tstat and Zeek. We use datasets covering various traffic scenarios, including operational networks, IoT scenarios and malware. As no ground truth is available, we study the consistency of classification across the solutions, investigating root-causes of conflicts. Important for on-line security applications, we check whether DPI solutions provide reliable classification with a limited number of packets per flow. All in all, we confirm that DPI solutions still perform satisfactorily for well-known protocols. They however struggle with some P2P traffic and security scenarios (e.g., with malware traffic). All tested solutions reacha final classification after observing few packets with payload, showing adequacy for on-line application

Certification of open-source software : a role for formal methods?

Despiteitshugesuccessandincreasingincorporationincom- plex, industrial-strength applications, open source software, by the very nature of its open, unconventional, distributed development model, is hard to assess and certify in an effective, sound and independent way. This makes its use and integration within safety or security-critical systems, a risk. And, simultaneously an opportunity and a challenge for rigourous, mathematically based, methods which aim at pushing software analysis and development to the level of a mature engineering discipline. This paper discusses such a challenge and proposes a number of ways in which open source development may benefit from the whole patrimony of formal methods.L. S. Barbosa research was partially supported by the CROSS project, under contract PTDC/EIA-CCO/108995/2008

Securing the Sage Notebook

This paper looks at some of the information security challenges of Web based Open Source applications through a case study of the Sage Notebook application. Considering the core underlying issues of open source and web based applications, predominately the fact that the source code of the application is exposed to any potential attacker, the paper investigates methodologies to examine and improve upon the security of such applications. The Sage Notebook application provides some unique information security challenges, both in terms of analysis and mitigation. The paper uses a structured threat modelling process based on industry methodologies to identify threats and vulnerabilities to both the Sage open source development process and the application itself. It rates the discovered threats and suggests several mitigation options to consider. The paper analyses the ndings, focusing on several architectural and design mitigation options, and investigates some of the technologies and tools to address the discovered threats and vulnerabilities most eectively. It covers generic open source and web based security challenges as well as issues aecting cloud computing, software as a service, virtualisation, process isolation and containments and others

An investigation into the efficiency of forensic data erasure tools for removable usb flash memory storage devices

Securely erasing data is of key importance to anyone that is concerned with the security of their sensitive information, whether an individual or an organization. Simply deleting the data in question or formatting the storage device is not enough to ensure that the data cannot be recovered. Furthermore, with the uptake of Universal Serial Bus drives (USBs) flash memory based storage devices have replaced previous portable secondary storage media. Therefore, it is of a major concern whether these tools and products developed for securely erasing data secondary storage Hard Disk Drives (HDDs) would be as efficient when targeting the USB flash memory storage devices. With a wide range of open source and commercial products available on the market, all claiming, among other things, to be able to securely delete your data, it is quite a difficult task for the consumer to pick the most efficient product. This paper therefore discusses the results of experiments conducted with both the open source and commercial tools which claim to securely delete data off USB flash memory storage devices

An Integrated, Secured, Open-Source Medical Prototype for Collaborative Patient Management on the Internet

Conventional approaches to building critical and secured systems are based on the use of commercial tools for development and maintenance. Changes in the marketplace and the acceptance of the open-source model have brought this assumption into question. The combination of open-source\u27s rapid rise and the introduction of pervasive computing has made the computing industry more receptive to open-source tools and products. The open-source model allows systems to be controlled by a single individual or a small developer group that reduces dependence on individual experts. The availability of free system source codes, an expanding commercial support market, and increasing global collaborative projects makes open-source an important development in the computing environment and an exciting innovation in software engineering. Open-source projects require a level of modeling to successfully implement a solution. This study implemented a Web application prototype that models medical business logic and state that is secured. The researcher adopted the object-oriented design methodology and prototyping that improved security and lowered overall development cost. The open-source community had played an increasingly significant role in the business plans of established computing companies, in university research labs, and in the development of new companies focused on open-source support and integration issues. The openness of the Internet presents both system development and privacy issues. The availability of free tools and instructions on how to compromise systems is alarming within the online community. Thus, open-source security tools are helping protect people\u27s privacy by enforcing authentication, confidentiality, and information integrity to prevent unauthorized access. Open-source growth motivated this research to develop a medical prototype for online collaboration. Open-source tools including PHP, MySQL, Apache Web Server, and the Linux operating system were used to develop the secured application through prototyping. The main contribution of this study is that it demonstrated the exclusive use of open-source software and tools for an online application. The researcher hypothesized that open-source tools like PHP, MySQL, XML, and LINUX are the answer to building dynamic multi-tiers and cost effective systems faster. The research also explored major tools available for open-source software development

An Investigation Into The Efficiency Of Forensic Data Erasure Tools For Removable Usb Flash Memory Storage Devices

Securely erasing data is of key importance to anyone that is concerned with the security of their sensitive information, whether an individual or an organization. Simply deleting the data in question or formatting the storage device is not enough to ensure that the data cannot be recovered. Furthermore, with the uptake of Universal Serial Bus drives (USBs) flash memory based storage devices have replaced previous portable secondary storage media. Therefore, it is of a major concern whether these tools and products developed for securely erasing data secondary storage Hard Disk Drives (HDDs) would be as efficient when targeting the USB flash memory storage devices. With a wide range of open source and commercial products available on the market, all claiming, among other things, to be able to securely delete your data, it is quite a difficult task for the consumer to pick the most efficient product. This paper therefore discusses the results of experiments conducted with both the open source and commercial tools which claim to securely delete data off USB flash memory storage devices

Analysis of intrusion prevention methods

Thesis (Master)--Izmir Institute of Technology, Computer Engineering, Izmir, 2004Includes bibliographical references (leaves: 105-108)Text in English; Abstract: Turkish and Englishviii, 108 leavesToday, the pace of the technological development and improvements has compelled the development of new and more complex applications. The obligatory of application development in a short time to rapidly changing requirements causes skipping of some stages, mostly the testing stage, in the software development cycle thus, leads to the production of applications with defects. These defects are, later, discovered by intruders to be used to penetrate into computer systems. Current security technologies, such as firewalls, intrusion detection systems, honeypots, network-based antivirus systems, are insufficient to protect systems against those, continuously increasing and rapid-spreading attacks. Intrusion Prevention System (IPS) is a new technology developed to block today.s application-specific, data-driven attacks that spread in the speed of communication. IPS is the evolved and integrated state of the existing technologies; it is not a new approach to network security. In this thesis, IPS products of various computer security appliance developer companies have been analyzed in details. At the end of these analyses, the requirements of network-based IPSs have been identified and an architecture that fits those requirements has been proposed. Also, a sample network-based IPS has been developed by modifying the open source application Snort

INTEGRATION OF INTELLIGENCE TECHNIQUES ON THE EXECUTION OF PENETRATION TESTS (iPENTEST)

Penetration Tests (Pentests) identify potential vulnerabilities in the security of computer systems via security assessment. However, it should also benefit from widely recognized methodologies and recommendations within this field, as the Penetration Testing Execution Standard (PTES). The objective of this research is to explore PTES, particularly the three initial phases: 1. Pre-Engagement Interactions; 2. Intelligence Gathering; 3. Threat Modeling; and ultimately to apply Intelligence techniques to the Threat Modeling phase. To achieve this, we will use open-source and/or commercial tools to structure a process to clarify how the results were reached using the research inductive methodology. The following steps were implemented: i) critical review of the “Penetration Testing Execution Standard (PTES)”; ii) critical review of Intelligence Production Process; iii) specification and classification of contexts in which Intelligence could be applied; iv) definition of a methodology to apply Intelligence Techniques to the specified contexts; v) application and evaluation of the proposed methodology to real case study as proof of concept. This research has the ambition to develop a model grounded on Intelligence techniques to be applied on PTES Threat Modeling phase

Terrorism in the Sinai

This report tracks and analyzes militant activity in the Sinai Peninsula. It focuses on the violence that has occurred since 2011, and particularly on the major increase in violence has been ongoing since July 2013. The project relies on open source intelligence to identify the reasons for the increase in violence and also determine the nature of the violence – who is carrying out the attacks and why. On July 3, 2013, the Egyptian military removed the democratically elected President Mohamed Morsi. What followed was an unprecedented increase in violence in the Sinai Peninsula. Since the fall of 2013, the violence has spread from the Sinai Peninsula into the mainland of Egypt. Hundreds of security personnel have been killed or injured since the uptick in the violence. After the coup that removed Morsi, there was a significant shift in the targets of attacks and the tactics used and this shift is indicative of the presence of the global jihadi network in the Sinai. Terrorist groups stopped targeting Israel and turned almost exclusively to Egypt security personnel. There has also been a major increase in suicide attacks, which indicates that there is a connection between the global jihadi network and Egyptian militant groups. The military is once again in control of Egypt’s government yet they have focused on consolidating political control instead of dealing with Egypt’s mounting security problem. The military has consistently insisted that the Muslim Brotherhood is behind the terror and ignored the true cause of the violence. This willful omission has allowed the terrorist groups in the Sinai to flourish and threaten security in mainland Egypt.Middle Eastern StudiesGlobal Policy Studie