2,052 research outputs found
Intrusion detection mechanisms for VoIP applications
VoIP applications are emerging today as an important component in business
and communication industry. In this paper, we address the intrusion detection
and prevention in VoIP networks and describe how a conceptual solution based on
the Bayes inference approach can be used to reinforce the existent security
mechanisms. Our approach is based on network monitoring and analyzing of the
VoIP-specific traffic. We give a detailed example on attack detection using the
SIP signaling protocol
Forgery in Cyberspace: The Spoof Could Be on You!
Spoofing is one of the newest forms of cyber-attack, a technological methodology adapted to mask the identity of spammers who have faced hostile reaction in response to bulk, unsolicited, electronic mail messages.[1] Sending Spam, however, is no longer the only reason for deception, as crackers have taken pleasure in the challenge of manipulating computer systems and, additionally, find recreational enjoyment in doing so. In this legal Note, the author’s intent is to show that criminal, rather than civil liability is the best way to effectively deter and punish the spoofer. The injury that results when a computer system’s technological safety measures fail to adequately safeguard the system affects not only the owner of the hijacked e-mail address, but also the Internet Service Provider, and the Network as a whole. Current Anti-Spam Legislation is arguably ineffective at targeting these particular types of malicious attacks, and a different legal approach is suggested
Balancing Network Security and Privacy: One Organization\u27s Effort
An organization with internet access runs a high risk of compromising their computer network. Data can be corrupted, confidential information can be stolen, and viruses can paralyze an entire network. Monitoring employee activity involves questionable legal issues and risk of violating the employees’ privacy. An organization must balance the need for monitoring against possible damage to morale, because even an innocent employee may feel spied on. According to American Management Association’s annual survey on workplace monitoring released in April 2001, 78% of large firms in the U.S. are monitoring their employees, but 10% do not notify their employees of this. Monitoring is most common in the for-profit organizations, however 62% of public administrative organizations monitor their employees, and it may have increased since then. Of the 78% of monitoring organizations, 2/3 have disciplined employees for abusing their internet privileges, and more than 1/3 have dismissed employees for these abuses (Skelton)
Online Privacy, Vulnerabilities, and Threats: A Manager’s Perspective
There are many potential threats that come with conducting business in an online environment. Management must find a way to neutralize or at least reduce these threats if the organization is going to maintain viability. This chapter is designed to give managers an understanding, as well as the vocabulary needed to have a working knowledge of online privacy, vulnerabilities, and threats. The chapter also highlights techniques that are commonly used to impede attacks and protect the privacy of the organization, its customers, and employees. With the advancements in computing technology, any and all conceivable steps should be taken to protect an organization’s data from outside and inside threats
Promoting global Internet freedom: policy and technology
This report provides information about US government and private sector efforts to promote and support global Internet freedom and a description of Internet freedom legislation and hearings from the 112th Congress.
Modern communication tools such as the Internet provide a relatively inexpensive, accessible, easy-entry means of sharing ideas, information, and pictures around the world. In a political and human rights context, in closed societies when the more established, formal news media is denied access to or does not report on specified news events, the Internet has become an alternative source of media, and sometimes a means to organize politically.
The openness and the freedom of expression allowed through social networking sites, as well as the blogs, video sharing sites, and other tools of today’s communications technology, have proven to be an unprecedented and often disruptive force in some closed societies. Governments that seek to maintain their authority and control the ideas and information their citizens receive are often caught in a dilemma: they feel that they need access to the Internet to participate in commerce in the global market and for economic growth and technological development, but fear that allowing open access to the Internet potentially weakens their control over their citizens.
Internet freedom can be promoted in two ways, through legislation that mandates or prohibits certain activities, or through industry self regulation. Current legislation under consideration by Congress, the Global Online Freedom Act of 2011 (H.R. 3605), would prohibit or require reporting of the sale of Internet technologies and provision of Internet services to “Internetrestricting countries” (as determined by the State Department). Some believe, however, that technology can offer a complementary and, in some cases, better and more easily implemented solution to ensuring Internet freedom. They argue that hardware and Internet services, in and of themselves, are neutral elements of the Internet; it is how they are implemented by various countries that is repressive. Also, Internet services are often tailored for deployment to specific countries; however, such tailoring is done to bring the company in line with the laws of that country, not with the intention of allowing the country to repress and censor its citizenry. In many cases, that tailoring would not raise many questions about free speech and political repression.
This report provides information about federal and private sector efforts to promote and support global Internet freedom and a description of Internet freedom legislation and hearings from the 112th Congress. Three appendixes suggest further reading on this topic and describe censorship and circumvention technologies
Sharing Computer Network Logs for Security and Privacy: A Motivation for New Methodologies of Anonymization
Logs are one of the most fundamental resources to any security professional.
It is widely recognized by the government and industry that it is both
beneficial and desirable to share logs for the purpose of security research.
However, the sharing is not happening or not to the degree or magnitude that is
desired. Organizations are reluctant to share logs because of the risk of
exposing sensitive information to potential attackers. We believe this
reluctance remains high because current anonymization techniques are weak and
one-size-fits-all--or better put, one size tries to fit all. We must develop
standards and make anonymization available at varying levels, striking a
balance between privacy and utility. Organizations have different needs and
trust other organizations to different degrees. They must be able to map
multiple anonymization levels with defined risks to the trust levels they share
with (would-be) receivers. It is not until there are industry standards for
multiple levels of anonymization that we will be able to move forward and
achieve the goal of widespread sharing of logs for security researchers.Comment: 17 pages, 1 figur
- …