Network security

In a variety of settings, some payoff-relevant item spreads along a network of connected individuals. In some cases, the item will benefit those who receive it (for example, a music download, a stock tip, news about a new research funding source, etc.) while in other cases the impact may be negative (for example, viruses, both biological and electronic, financial contagion, and so on). Often, good and bad items may propagate along the same networks, so individuals must weigh the costs and benefits of being more or less connected to the network. The situation becomes more complicated (and more interesting) if individuals can also put effort into security, where security can be thought of as a screening technology that allows an individual to keep getting the benefits of network connectivity while blocking out the bad items. Drawing on the network literatures in economics, epidemiology, and applied math, we formulate a model of network security that can be used to study individual incentives to expand and secure networks and characterize properties of a symmetric equilibrium.social networks; network security; network robustness; contagion; random graphs

Biometrics and Network Security

This paper examines the techniques used in the two categories of biometric techniques (physiological and behavioral) and considers some of the applications for biometric technologies. Common physiological biometrics include finger characteristics (fingertip [fingerprint], thumb, finger length or pattern), palm (print or topography), hand geometry, wrist vein, face, and eye (retina or iris). Behavioral biometrics include voiceprints, keystroke dynamics, and handwritten signatures

Wireless Lan Network Security Method Wep (Wired Equivalent Privacy)

Scientific writing is about the WEP configuration on the WLAN network with RC4 encryption. The problem that arises is related aspects network security threats, strategic security and confidentiality of data in the network computer, the definition of encryption, definition kriptography algorithm, and algorithm functions

Learning to Customize Network Security Rules

Security is a major concern for organizations who wish to leverage cloud computing. In order to reduce security vulnerabilities, public cloud providers offer firewall functionalities. When properly configured, a firewall protects cloud networks from cyber-attacks. However, proper firewall configuration requires intimate knowledge of the protected system, high expertise and on-going maintenance. As a result, many organizations do not use firewalls effectively, leaving their cloud resources vulnerable. In this paper, we present a novel supervised learning method, and prototype, which compute recommendations for firewall rules. Recommendations are based on sampled network traffic meta-data (NetFlow) collected from a public cloud provider. Labels are extracted from firewall configurations deemed to be authored by experts. NetFlow is collected from network routers, avoiding expensive collection from cloud VMs, as well as relieving privacy concerns. The proposed method captures network routines and dependencies between resources and firewall configuration. The method predicts IPs to be allowed by the firewall. A grouping algorithm is subsequently used to generate a manageable number of IP ranges. Each range is a parameter for a firewall rule. We present results of experiments on real data, showing ROC AUC of 0.92, compared to 0.58 for an unsupervised baseline. The results prove the hypothesis that firewall rules can be automatically generated based on router data, and that an automated method can be effective in blocking a high percentage of malicious traffic.Comment: 5 pages, 5 figures, one tabl

Outsmarting Network Security with SDN Teleportation

Software-defined networking is considered a promising new paradigm, enabling more reliable and formally verifiable communication networks. However, this paper shows that the separation of the control plane from the data plane, which lies at the heart of Software-Defined Networks (SDNs), introduces a new vulnerability which we call \emph{teleportation}. An attacker (e.g., a malicious switch in the data plane or a host connected to the network) can use teleportation to transmit information via the control plane and bypass critical network functions in the data plane (e.g., a firewall), and to violate security policies as well as logical and even physical separations. This paper characterizes the design space for teleportation attacks theoretically, and then identifies four different teleportation techniques. We demonstrate and discuss how these techniques can be exploited for different attacks (e.g., exfiltrating confidential data at high rates), and also initiate the discussion of possible countermeasures. Generally, and given today's trend toward more intent-based networking, we believe that our findings are relevant beyond the use cases considered in this paper.Comment: Accepted in EuroSP'1