Intrusion detection mechanisms for VoIP applications

VoIP applications are emerging today as an important component in business and communication industry. In this paper, we address the intrusion detection and prevention in VoIP networks and describe how a conceptual solution based on the Bayes inference approach can be used to reinforce the existent security mechanisms. Our approach is based on network monitoring and analyzing of the VoIP-specific traffic. We give a detailed example on attack detection using the SIP signaling protocol

Forgery in Cyberspace: The Spoof Could Be on You!

Spoofing is one of the newest forms of cyber-attack, a technological methodology adapted to mask the identity of spammers who have faced hostile reaction in response to bulk, unsolicited, electronic mail messages.[1] Sending Spam, however, is no longer the only reason for deception, as crackers have taken pleasure in the challenge of manipulating computer systems and, additionally, find recreational enjoyment in doing so. In this legal Note, the author’s intent is to show that criminal, rather than civil liability is the best way to effectively deter and punish the spoofer. The injury that results when a computer system’s technological safety measures fail to adequately safeguard the system affects not only the owner of the hijacked e-mail address, but also the Internet Service Provider, and the Network as a whole. Current Anti-Spam Legislation is arguably ineffective at targeting these particular types of malicious attacks, and a different legal approach is suggested

Balancing Network Security and Privacy: One Organization\u27s Effort

An organization with internet access runs a high risk of compromising their computer network. Data can be corrupted, confidential information can be stolen, and viruses can paralyze an entire network. Monitoring employee activity involves questionable legal issues and risk of violating the employees’ privacy. An organization must balance the need for monitoring against possible damage to morale, because even an innocent employee may feel spied on. According to American Management Association’s annual survey on workplace monitoring released in April 2001, 78% of large firms in the U.S. are monitoring their employees, but 10% do not notify their employees of this. Monitoring is most common in the for-profit organizations, however 62% of public administrative organizations monitor their employees, and it may have increased since then. Of the 78% of monitoring organizations, 2/3 have disciplined employees for abusing their internet privileges, and more than 1/3 have dismissed employees for these abuses (Skelton)

Online Privacy, Vulnerabilities, and Threats: A Manager’s Perspective

There are many potential threats that come with conducting business in an online environment. Management must find a way to neutralize or at least reduce these threats if the organization is going to maintain viability. This chapter is designed to give managers an understanding, as well as the vocabulary needed to have a working knowledge of online privacy, vulnerabilities, and threats. The chapter also highlights techniques that are commonly used to impede attacks and protect the privacy of the organization, its customers, and employees. With the advancements in computing technology, any and all conceivable steps should be taken to protect an organization’s data from outside and inside threats

Promoting global Internet freedom: policy and technology

This report provides information about US government and private sector efforts to promote and support global Internet freedom and a description of Internet freedom legislation and hearings from the 112th Congress. Modern communication tools such as the Internet provide a relatively inexpensive, accessible, easy-entry means of sharing ideas, information, and pictures around the world. In a political and human rights context, in closed societies when the more established, formal news media is denied access to or does not report on specified news events, the Internet has become an alternative source of media, and sometimes a means to organize politically. The openness and the freedom of expression allowed through social networking sites, as well as the blogs, video sharing sites, and other tools of today’s communications technology, have proven to be an unprecedented and often disruptive force in some closed societies. Governments that seek to maintain their authority and control the ideas and information their citizens receive are often caught in a dilemma: they feel that they need access to the Internet to participate in commerce in the global market and for economic growth and technological development, but fear that allowing open access to the Internet potentially weakens their control over their citizens. Internet freedom can be promoted in two ways, through legislation that mandates or prohibits certain activities, or through industry self regulation. Current legislation under consideration by Congress, the Global Online Freedom Act of 2011 (H.R. 3605), would prohibit or require reporting of the sale of Internet technologies and provision of Internet services to “Internetrestricting countries” (as determined by the State Department). Some believe, however, that technology can offer a complementary and, in some cases, better and more easily implemented solution to ensuring Internet freedom. They argue that hardware and Internet services, in and of themselves, are neutral elements of the Internet; it is how they are implemented by various countries that is repressive. Also, Internet services are often tailored for deployment to specific countries; however, such tailoring is done to bring the company in line with the laws of that country, not with the intention of allowing the country to repress and censor its citizenry. In many cases, that tailoring would not raise many questions about free speech and political repression. This report provides information about federal and private sector efforts to promote and support global Internet freedom and a description of Internet freedom legislation and hearings from the 112th Congress. Three appendixes suggest further reading on this topic and describe censorship and circumvention technologies

Sharing Computer Network Logs for Security and Privacy: A Motivation for New Methodologies of Anonymization

Logs are one of the most fundamental resources to any security professional. It is widely recognized by the government and industry that it is both beneficial and desirable to share logs for the purpose of security research. However, the sharing is not happening or not to the degree or magnitude that is desired. Organizations are reluctant to share logs because of the risk of exposing sensitive information to potential attackers. We believe this reluctance remains high because current anonymization techniques are weak and one-size-fits-all--or better put, one size tries to fit all. We must develop standards and make anonymization available at varying levels, striking a balance between privacy and utility. Organizations have different needs and trust other organizations to different degrees. They must be able to map multiple anonymization levels with defined risks to the trust levels they share with (would-be) receivers. It is not until there are industry standards for multiple levels of anonymization that we will be able to move forward and achieve the goal of widespread sharing of logs for security researchers.Comment: 17 pages, 1 figur