Experimental evaluation of select servers and firewalls under denial of service security attacks

Internet security requires newer prevention mechanisms to be implemented on web-servers and routers. Firewall/Intrusion Prevention mechanisms (IPS) can be deployed on host servers or routers as an added line of defense against Internet attacks. In this thesis, we evaluate performance of security mechanisms provided by these devices against Distributed Denial of Service (DDoS) attacks. The host based firewalls on Windows servers-2003 and 2008 were evaluated. In this thesis, we also evaluated Juniper Networks Netscreen-5GT firewall/IPS, and Cisco ASA-5510/IPS that are used in protecting web-servers against DDoS attacks. It was found that the host based firewalls and protection mechanisms on the windows servers were not capable of defending against the DDoS attacks. Our performance evaluation showed the computing resource of the servers to be completely exhausted under these attacks. The evaluation of firewalls and IPS under different loads of attack had varying performance in supporting the number of web connections

Security Vulnerability Evaluation of Popular Personal Firewalls and Operating Systems

In this thesis, experimental evaluation of security vulnerabilities has been performed under DoS attacks for popular personal firewalls from McAfee, Norton and Kaspersky; and for operating systems namely Apple’s Leopard and SnowLeopard, and Microsoft’s Windows XP and Windows 7. Our experimental results show that the firewalls and operating systems behave differently under a given DoS attack. Some of the firewalls crashed under certain DoS attacks especially when they were configured to prevent and block packets belonging to such attacks. Operating systems evaluated in this thesis were also found to have different built-in security capabilities, and some of them even crashed under certain DoS attacks requiring forced reboot of the system. Comparative performance of firewalls and operating systems under DoS attacks has been presented

Evaluation of Security Availability of Data Components for A Renewable Energy Micro Smart Grid System

In this thesis, we study the development and security testing of photovoltaic data collection system. With the introduction of the smart grid concept, a lot of research has been done on the communication aspect of energy production and distribution throughout the power network. For Smart Grid, Internet is used as the communication medium for specific required services and for data collection. Despite all the advantages of the Smart Grid infrastructure, there is also some security concern regarding the vulnerabilities associated with internet access. In this thesis, we consider security testing of the two most popular and globally deployed web server platforms Apache running on Red Had Linux 5 and IIS on Windows Server 2008, and their performance under Distributed Denial of Service Attacks. Furthermore we stress test the data collection services provided by MySQL running on both Windows and Linux Servers when it is also under DDoS attacks