Network security

In a variety of settings, some payoff-relevant item spreads along a network of connected individuals. In some cases, the item will benefit those who receive it (for example, a music download, a stock tip, news about a new research funding source, etc.) while in other cases the impact may be negative (for example, viruses, both biological and electronic, financial contagion, and so on). Often, good and bad items may propagate along the same networks, so individuals must weigh the costs and benefits of being more or less connected to the network. The situation becomes more complicated (and more interesting) if individuals can also put effort into security, where security can be thought of as a screening technology that allows an individual to keep getting the benefits of network connectivity while blocking out the bad items. Drawing on the network literatures in economics, epidemiology, and applied math, we formulate a model of network security that can be used to study individual incentives to expand and secure networks and characterize properties of a symmetric equilibrium.social networks; network security; network robustness; contagion; random graphs

Cyber situational awareness: from geographical alerts to high-level management

This paper focuses on cyber situational awareness and describes a visual analytics solution for monitoring and putting in tight relation data from network level with the organization business. The goal of the proposed solution is to make different security profiles (network security officer, network security manager, and financial security manager) aware of the actual network state (e.g., risk and attack progress) and the impact it actually has on the business tasks, making clear the relationships that exist between the network level and the business level. The proposed solution is instantiated on the ACEA infrastructure, the Italian company that provides power and water purification services to cities in central Italy (millions of end users

Introduction to Security Onion

Security Onion is a Network Security Manager (NSM) platform that provides multiple Intrusion Detection Systems (IDS) including Host IDS (HIDS) and Network IDS (NIDS). Many types of data can be acquired using Security Onion for analysis. This includes data related to: Host, Network, Session, Asset, Alert and Protocols. Security Onion can be implemented as a standalone deployment with server and sensor included or with a master server and multiple sensors allowing for the system to be scaled as required. Many interfaces and tools are available for management of the system and analysis of data such as Sguil, Snorby, Squert and Enterprise Log Search and Archive (ELSA). These interfaces can be used for analysis of alerts and captured events and then can be further exported for analysis in Network Forensic Analysis Tools (NFAT) such as NetworkMiner, CapME or Xplico. The Security Onion platform also provides various methods of management such as Secure SHell (SSH) for management of server and sensors and Web client remote access. All of this with the ability to replay and analyse example malicious traffic makes the Security Onion a suitable low cost alternative for Network Security Management. In this paper, we have a feature and functionality review for the Security Onion in terms of: types of data, configuration, interface, tools and system management

Lightweight Security for Network Coding

Under the emerging network coding paradigm, intermediate nodes in the network are allowed not only to store and forward packets but also to process and mix different data flows. We propose a low-complexity cryptographic scheme that exploits the inherent security provided by random linear network coding and offers the advantage of reduced overhead in comparison to traditional end-to-end encryption of the entire data. Confidentiality is achieved by protecting (or "locking") the source coefficients required to decode the encoded data, without preventing intermediate nodes from running their standard network coding operations. Our scheme can be easily combined with existing techniques that counter active attacks.Comment: Proc. of the IEEE International Conference on Communications (ICC 2008), Beijing, China, May 200

Governing cyber security through networks : an analysis of cyber security coordination in Belgium

While governments develop formal and informal structures or 'networks' to promote collaboration between governmental departments and agencies, there remains uncertainty on how to set up and develop cyber security networks. The latter is demonstrated when taking recent developments in the field of cyber security in Belgium into consideration. The 2012 decision to create the Belgian cyber security centre seems to entail a move towards a 'Weberian' hierarchical network coordination approach rather than the development of a cyber security network organisation. This article claims that - as the threats of cyber are becoming more complex - there is a growing need for governmental agencies to expand horizontal coordination mechanisms. From this follows, the growing demand for criminological research into the managerial aspects of cyber security networks. Generating knowledge on how to manage networks is required as the latter is not only decisive for the effectiveness and efficiency of cyber security networks but also contributes to the overall network cyber security governance

Effects of Degree Correlations in Interdependent Security: Good or Bad?

We study the influence of degree correlations or network mixing in interdependent security. We model the interdependence in security among agents using a dependence graph and employ a population game model to capture the interaction among many agents when they are strategic and have various security measures they can choose to defend themselves. The overall network security is measured by what we call the average risk exposure (ARE) from neighbors, which is proportional to the total (expected) number of attacks in the network. We first show that there exists a unique pure-strategy Nash equilibrium of a population game. Then, we prove that as the agents with larger degrees in the dependence graph see higher risks than those with smaller degrees, the overall network security deteriorates in that the ARE experienced by agents increases and there are more attacks in the network. Finally, using this finding, we demonstrate that the effects of network mixing on ARE depend on the (cost) effectiveness of security measures available to agents; if the security measures are not effective, increasing assortativity of dependence graph results in higher ARE. On the other hand, if the security measures are effective at fending off the damages and losses from attacks, increasing assortativity reduces the ARE experienced by agents.Comment: 14 pages, 3 figure