This document discusses security challenges in mobile networks and proposes solutions for fault-tolerant authentication. It introduces two schemes: 1) a virtual home agent scheme that uses a master home agent and backup home agents to provide uninterrupted service when failures occur. 2) A hierarchical authentication scheme that organizes home agents in a tree structure and assigns keys based on priority to select an alternative agent. It also discusses using clusters of front-end and back-end servers to scale authentication in a distributed manner. Future work involves quantifying priority factors and simulating the proposed approaches.
This presentation provides an overview of firewalls and their limitations. It discusses how firewalls are designed to control data flows but have hardware, memory, time, and logic constraints. The presentation then demonstrates common attack techniques like impersonation and session hijacking that can bypass firewalls. It shows how easily available hacking tools allow attacks to be performed with little skill or effort. The key point is that while firewalls provide some security, a holistic security program is needed to fully prevent, detect, and respond to threats.
This presentation provides an overview of firewalls and their limitations. It discusses how firewalls are designed to control data flows but have hardware, memory, time, and logic constraints. The presentation then demonstrates common attack techniques like impersonation and session hijacking that can bypass firewalls. It shows how easily available hacking tools allow attacks to be performed with little skill or effort. The key point is that while firewalls provide some security, a holistic security program is needed to fully prevent, detect, and respond to threats.
This presentation provides an overview of firewalls and their limitations. It discusses how firewalls are designed to control data flows but have hardware, memory, time, and logic constraints. The presentation then demonstrates common attack techniques like impersonation and session hijacking that can bypass firewalls. It shows how easily available hacking tools allow attacks to be performed with little skill or effort. The conclusion is that firewalls must be part of a comprehensive security program, as they cannot prevent, detect, or respond to attacks alone.
Firewall provides security for networks by controlling access between internal and external networks. There are different types of firewalls including packet filters, application-level gateways, and circuit-level gateways. A packet filter firewall applies rules to IP packets to determine whether to forward or discard them based on information like source/destination addresses and ports. An application-level gateway provides additional security over a packet filter by requiring traffic to go through a proxy for each application/protocol. A network-based firewall protects all computers on an internal network, while a host-based firewall protects only an individual computer.
This document discusses network security and firewalls. It provides an overview of different types of firewalls including packet filtering firewalls, stateful inspection firewalls, application-level gateways, and circuit-level gateways. It also discusses firewall configuration options such as bastion hosts, host-based firewalls, personal firewalls, demilitarized zone networks, and distributed firewall setups. The key purpose of firewalls is to control access and enforce a site's security policy by filtering network traffic based on security rules.
The document discusses the basics of IT security including the CIA triad of confidentiality, integrity and availability. It also covers common security concepts such as assets, vulnerabilities, threats, countermeasures and risks. Additionally, it summarizes authentication, authorization and accounting (AAA) protocols, common attacks and how to implement secure network architecture.
Firewalls and IDS document discusses different types of firewalls including packet filters, stateful inspection firewalls, and application proxy firewalls. Packet filters control access based on packet attributes like addresses and protocols, but don't track connection states. Stateful inspection firewalls examine packets in the context of connections and remember expected sequence numbers to block hijacking. Application proxy firewalls use proxy servers and clients to handle application layer requests, allowing deeper inspection of traffic contents and enforcing access policies for each application.
This presentation provides an overview of firewalls and their limitations. It discusses how firewalls are designed to control data flows but have hardware, memory, time, and logic constraints. The presentation then demonstrates common attack techniques like impersonation and session hijacking that can bypass firewalls. It shows how easily available hacking tools allow attacks to be performed with little skill or effort. The key point is that while firewalls provide some security, a holistic security program is needed to fully prevent, detect, and respond to threats.
This presentation provides an overview of firewalls and their limitations. It discusses how firewalls are designed to control data flows but have hardware, memory, time, and logic constraints. The presentation then demonstrates common attack techniques like impersonation and session hijacking that can bypass firewalls. It shows how easily available hacking tools allow attacks to be performed with little skill or effort. The key point is that while firewalls provide some security, a holistic security program is needed to fully prevent, detect, and respond to threats.
This presentation provides an overview of firewalls and their limitations. It discusses how firewalls are designed to control data flows but have hardware, memory, time, and logic constraints. The presentation then demonstrates common attack techniques like impersonation and session hijacking that can bypass firewalls. It shows how easily available hacking tools allow attacks to be performed with little skill or effort. The conclusion is that firewalls must be part of a comprehensive security program, as they cannot prevent, detect, or respond to attacks alone.
Firewall provides security for networks by controlling access between internal and external networks. There are different types of firewalls including packet filters, application-level gateways, and circuit-level gateways. A packet filter firewall applies rules to IP packets to determine whether to forward or discard them based on information like source/destination addresses and ports. An application-level gateway provides additional security over a packet filter by requiring traffic to go through a proxy for each application/protocol. A network-based firewall protects all computers on an internal network, while a host-based firewall protects only an individual computer.
This document discusses network security and firewalls. It provides an overview of different types of firewalls including packet filtering firewalls, stateful inspection firewalls, application-level gateways, and circuit-level gateways. It also discusses firewall configuration options such as bastion hosts, host-based firewalls, personal firewalls, demilitarized zone networks, and distributed firewall setups. The key purpose of firewalls is to control access and enforce a site's security policy by filtering network traffic based on security rules.
The document discusses the basics of IT security including the CIA triad of confidentiality, integrity and availability. It also covers common security concepts such as assets, vulnerabilities, threats, countermeasures and risks. Additionally, it summarizes authentication, authorization and accounting (AAA) protocols, common attacks and how to implement secure network architecture.
Firewalls and IDS document discusses different types of firewalls including packet filters, stateful inspection firewalls, and application proxy firewalls. Packet filters control access based on packet attributes like addresses and protocols, but don't track connection states. Stateful inspection firewalls examine packets in the context of connections and remember expected sequence numbers to block hijacking. Application proxy firewalls use proxy servers and clients to handle application layer requests, allowing deeper inspection of traffic contents and enforcing access policies for each application.
Piotr Kędra – network consultant. Since 2007 Piotr has been working as Systems Engineer in Polish entity of Juniper Networks. He is responsible for network solutions for enterprise sector and technical support for channel. Previously he work in Solidex and NextiraOne as presales enginner. He participated in number of audits and many projects in area of LAN, WAN and network security.
Topic of Presentation: The role of information in modern security systems
Language: Polish
Abstract: TBD
This document discusses distributed denial of service (DDoS) attacks. It begins with an introduction that defines DDoS attacks as attempts to make an online service unavailable by overwhelming it with traffic from multiple compromised sources. The document then covers the basics of DDoS attacks, common symptoms, how they work by exploiting vulnerabilities in systems to create botnets for launching attacks, and various methods like ICMP floods and SYN floods. It also discusses ways to handle DDoS attacks through defenses like firewalls, switches, and routers. The document concludes with preventative and reactive defense mechanisms to detect and respond to attacks.
This presentation covers Security Issues in Mobile Adhoc Network in brief, highlighting various attacks such as Sleep Deprivation, Wormhole, Blackhole and Eavesdropping in particulars.
This document provides information about the 60-467 Network Security course taught by Dr. Robert D. Kent at the University of Windsor. The 3-sentence summary is:
The course introduces advanced topics in network security including encryption, authentication, intrusion detection, and security of email and web access. Students must complete a midterm exam, individual research essay, presentation, and two projects (individual and group). The course website provides basic information, requirements are outlined, and the textbook for the course is Cryptography and Network Security by William Stallings which covers topics such as cryptography algorithms, network security services, and security attacks.
The document discusses security challenges in wireless ad-hoc networks and potential solutions. It outlines that ad-hoc networks have no infrastructure, are self-organizing, and use multi-hop wireless communication. This introduces security vulnerabilities like eavesdropping, fake messages, and dynamic topology changes. The document then covers common attacks, why security is needed, challenges, and proposes solutions like using a trusted third party, secure routing protocols, and packet leashes to address issues like black holes and wormholes.
This document provides an overview of security mechanisms like firewalls, proxy servers, intrusion detection systems, and intrusion prevention systems. It defines each technology and describes how they work to monitor network traffic and protect against threats. Firewalls filter incoming and outgoing traffic based on security rules. Proxy servers act as intermediaries between clients and external networks. Intrusion detection systems monitor networks for anomalous activity and alert administrators of potential threats, while intrusion prevention systems can actively block malicious traffic in real-time.
Firewalls act as barriers between internal networks and external networks like the internet. They inspect incoming and outgoing network traffic and allow or block it based on preset rules. Firewalls can be implemented as standalone hardware devices or as software installed on computers and servers. They operate at both the network and application layers, using techniques like packet filtering, network address translation, and proxy services to monitor traffic and secure networks. Well-configured firewalls help protect networks from threats like port scans, viruses, and unauthorized access.
This document discusses remote access security and virtual private networks. It covers authentication technologies like RADIUS, Diameter, TACACS, Kerberos and SESAME that secure remote access. It also describes firewalls, content filtering and the use of VPNs to securely extend private networks over public networks using encryption and authentication. VPNs can operate in transport mode, encrypting only data, or tunnel mode, encrypting the entire network traffic packet.
A joint presentation of Gary Williams of Schneider Electric and Michael Coden of NextNine at the 10th Annual Conference of the American Petroleum institute. The presentation discusses benefits, disadvantages, and architectures for allowing 3rd party access.
1. Vulnerability assessment and penetration testing (VAPT) involves identifying security vulnerabilities in an organization's network and systems through scanning and manual exploitation techniques.
2. The process includes information gathering, scanning to detect vulnerabilities, analysis of vulnerabilities found, and penetration testing to manually exploit vulnerabilities.
3. The final report documents the findings by risk level, technical details of vulnerabilities discovered, and recommendations for remediation.
From the Internet of Things to Intelligent Systems: A Developer's PrimerRick G. Garibay
This document provides an overview of moving from traditional Internet of Things (IoT) connectivity models to more intelligent systems using service-assisted communications. It discusses challenges with default connectivity models that rely on giving devices IP addresses and VPN access. It then introduces on-premise brokered models using message protocols like MQTT to address some challenges but still have issues at scale. Finally, it presents service-assisted communications as a better approach where devices connect outbound to a cloud gateway via open protocols and each has a dedicated inbox and outbox to receive commands and send data securely without inbound open ports. This minimizes attack surfaces and provides efficient management of large numbers of devices.
The document provides information about Leo Lourdes and his foundation in cyber security. Leo Lourdes has extensive training and certifications in IT management, information security, project management and other related fields. The objective of his foundation is to prevent harm to computer networks, applications, devices and data through security awareness training, vulnerability assessments, penetration testing and other methods.
Firewalls and border routers are still the cornerstone for perimeter security
Always will be a place for VPNs
Attacks occur at the application layer
So ensure app security
This document discusses network security and protocols. It covers internal and external threats to networks like unauthorized access, data destruction, and hacking. It also discusses ways to protect networks from these threats, including passwords, firewalls, encryption, authentication protocols, and virtual local area networks (VLANs). The document outlines concepts like cryptography, digital signatures, and authentication protocols. It also discusses firewalls, storage technologies like RAID, NAS, and SAN for fault tolerance, and tape backups.
Unit 2.design mobile computing architectureSwapnali Pawar
This document contains a question bank on designing mobile computing architecture. It includes 57 multiple choice and theory questions covering topics like characteristics of mobile communication, security concerns, middleware, mobile IP, and satellite communication. The questions address layers of communication systems, features of mobile networks, advantages of mobility, and concepts such as user/device mobility, home/foreign agents, registration, tunneling, and route optimization in mobile IP.
The document defines different types of firewalls and their purposes. It discusses firewall design principles like establishing controlled links and protecting networks from internet attacks. There are four main types of firewalls: proxy, stateful multilayer inspection, packet filtering, and circuit level gateway. Proxy firewalls act as gateways for specific applications. Stateful multilayer inspection firewalls monitor active connections to determine which network packets to allow. Packet filtering firewalls work at the TCP/IP layers to filter packets. Circuit level gateway firewalls rely on packet headers to filter sessions. More complex firewall configurations beyond single systems are also possible.
This document provides information on network security fundamentals including cryptography and firewalls. It defines cryptography as a method of protecting information using codes that only intended recipients can read. It describes symmetric and asymmetric encryption techniques. Symmetric encryption requires secure key distribution while asymmetric encryption uses public/private key pairs to securely exchange messages. The document also defines firewalls as devices that control network traffic flow according to security policies, and describes common firewall types including packet filters, stateful filters, and application gateways.
Hacking involves identifying and exploiting weaknesses in computer systems to gain unauthorized access, while ethical hacking (also called penetration testing or white-hat hacking) involves using the same tools and techniques as hackers but legally and without causing damage. There are different types of hackers, including black hat hackers who use their skills maliciously, white hat hackers who use their skills defensively, and grey hat hackers whose behavior cannot be predicted. Ethical hacking is important for evaluating security and reporting vulnerabilities to owners.
VTU 8TH SEM INFORMATION AND NETWORK SECURITY SOLVED PAPERSvtunotesbysree
The document discusses different generations of firewalls and intrusion detection and prevention systems (IDPS). It describes the key characteristics of five generations of firewalls from static packet filtering to stateful inspection and kernel proxy firewalls. It also discusses the advantages of network-based IDPS (NIDPS) over host-based IDPS, and describes three common detection methods used by IDPS: signature-based, statistical anomaly-based, and stateful packet inspection. Wireless NIDPS and network behavior analysis systems are also introduced as two subtypes of NIDPS.
Lecture 1 - Introduction to Course & Course outline.pptxSameer Ali
This document provides an introduction and course outline for a Wireless Communications course. It outlines 5 sections that will be covered: Basics of Wireless Communications, Radiowave propagation characteristics, Fundamentals of Cellular Communication, Mobile Communication Systems (2G-4G), and Wireless Communications of the future. It discusses why wireless communication is important and provides an overview of the history and applications of wireless technologies. It also highlights the growth of mobile data usage and the increasing importance of wireless networks. Students will complete an independent study project on an application of wireless communications.
Piotr Kędra – network consultant. Since 2007 Piotr has been working as Systems Engineer in Polish entity of Juniper Networks. He is responsible for network solutions for enterprise sector and technical support for channel. Previously he work in Solidex and NextiraOne as presales enginner. He participated in number of audits and many projects in area of LAN, WAN and network security.
Topic of Presentation: The role of information in modern security systems
Language: Polish
Abstract: TBD
This document discusses distributed denial of service (DDoS) attacks. It begins with an introduction that defines DDoS attacks as attempts to make an online service unavailable by overwhelming it with traffic from multiple compromised sources. The document then covers the basics of DDoS attacks, common symptoms, how they work by exploiting vulnerabilities in systems to create botnets for launching attacks, and various methods like ICMP floods and SYN floods. It also discusses ways to handle DDoS attacks through defenses like firewalls, switches, and routers. The document concludes with preventative and reactive defense mechanisms to detect and respond to attacks.
This presentation covers Security Issues in Mobile Adhoc Network in brief, highlighting various attacks such as Sleep Deprivation, Wormhole, Blackhole and Eavesdropping in particulars.
This document provides information about the 60-467 Network Security course taught by Dr. Robert D. Kent at the University of Windsor. The 3-sentence summary is:
The course introduces advanced topics in network security including encryption, authentication, intrusion detection, and security of email and web access. Students must complete a midterm exam, individual research essay, presentation, and two projects (individual and group). The course website provides basic information, requirements are outlined, and the textbook for the course is Cryptography and Network Security by William Stallings which covers topics such as cryptography algorithms, network security services, and security attacks.
The document discusses security challenges in wireless ad-hoc networks and potential solutions. It outlines that ad-hoc networks have no infrastructure, are self-organizing, and use multi-hop wireless communication. This introduces security vulnerabilities like eavesdropping, fake messages, and dynamic topology changes. The document then covers common attacks, why security is needed, challenges, and proposes solutions like using a trusted third party, secure routing protocols, and packet leashes to address issues like black holes and wormholes.
This document provides an overview of security mechanisms like firewalls, proxy servers, intrusion detection systems, and intrusion prevention systems. It defines each technology and describes how they work to monitor network traffic and protect against threats. Firewalls filter incoming and outgoing traffic based on security rules. Proxy servers act as intermediaries between clients and external networks. Intrusion detection systems monitor networks for anomalous activity and alert administrators of potential threats, while intrusion prevention systems can actively block malicious traffic in real-time.
Firewalls act as barriers between internal networks and external networks like the internet. They inspect incoming and outgoing network traffic and allow or block it based on preset rules. Firewalls can be implemented as standalone hardware devices or as software installed on computers and servers. They operate at both the network and application layers, using techniques like packet filtering, network address translation, and proxy services to monitor traffic and secure networks. Well-configured firewalls help protect networks from threats like port scans, viruses, and unauthorized access.
This document discusses remote access security and virtual private networks. It covers authentication technologies like RADIUS, Diameter, TACACS, Kerberos and SESAME that secure remote access. It also describes firewalls, content filtering and the use of VPNs to securely extend private networks over public networks using encryption and authentication. VPNs can operate in transport mode, encrypting only data, or tunnel mode, encrypting the entire network traffic packet.
A joint presentation of Gary Williams of Schneider Electric and Michael Coden of NextNine at the 10th Annual Conference of the American Petroleum institute. The presentation discusses benefits, disadvantages, and architectures for allowing 3rd party access.
1. Vulnerability assessment and penetration testing (VAPT) involves identifying security vulnerabilities in an organization's network and systems through scanning and manual exploitation techniques.
2. The process includes information gathering, scanning to detect vulnerabilities, analysis of vulnerabilities found, and penetration testing to manually exploit vulnerabilities.
3. The final report documents the findings by risk level, technical details of vulnerabilities discovered, and recommendations for remediation.
From the Internet of Things to Intelligent Systems: A Developer's PrimerRick G. Garibay
This document provides an overview of moving from traditional Internet of Things (IoT) connectivity models to more intelligent systems using service-assisted communications. It discusses challenges with default connectivity models that rely on giving devices IP addresses and VPN access. It then introduces on-premise brokered models using message protocols like MQTT to address some challenges but still have issues at scale. Finally, it presents service-assisted communications as a better approach where devices connect outbound to a cloud gateway via open protocols and each has a dedicated inbox and outbox to receive commands and send data securely without inbound open ports. This minimizes attack surfaces and provides efficient management of large numbers of devices.
The document provides information about Leo Lourdes and his foundation in cyber security. Leo Lourdes has extensive training and certifications in IT management, information security, project management and other related fields. The objective of his foundation is to prevent harm to computer networks, applications, devices and data through security awareness training, vulnerability assessments, penetration testing and other methods.
Firewalls and border routers are still the cornerstone for perimeter security
Always will be a place for VPNs
Attacks occur at the application layer
So ensure app security
This document discusses network security and protocols. It covers internal and external threats to networks like unauthorized access, data destruction, and hacking. It also discusses ways to protect networks from these threats, including passwords, firewalls, encryption, authentication protocols, and virtual local area networks (VLANs). The document outlines concepts like cryptography, digital signatures, and authentication protocols. It also discusses firewalls, storage technologies like RAID, NAS, and SAN for fault tolerance, and tape backups.
Unit 2.design mobile computing architectureSwapnali Pawar
This document contains a question bank on designing mobile computing architecture. It includes 57 multiple choice and theory questions covering topics like characteristics of mobile communication, security concerns, middleware, mobile IP, and satellite communication. The questions address layers of communication systems, features of mobile networks, advantages of mobility, and concepts such as user/device mobility, home/foreign agents, registration, tunneling, and route optimization in mobile IP.
The document defines different types of firewalls and their purposes. It discusses firewall design principles like establishing controlled links and protecting networks from internet attacks. There are four main types of firewalls: proxy, stateful multilayer inspection, packet filtering, and circuit level gateway. Proxy firewalls act as gateways for specific applications. Stateful multilayer inspection firewalls monitor active connections to determine which network packets to allow. Packet filtering firewalls work at the TCP/IP layers to filter packets. Circuit level gateway firewalls rely on packet headers to filter sessions. More complex firewall configurations beyond single systems are also possible.
This document provides information on network security fundamentals including cryptography and firewalls. It defines cryptography as a method of protecting information using codes that only intended recipients can read. It describes symmetric and asymmetric encryption techniques. Symmetric encryption requires secure key distribution while asymmetric encryption uses public/private key pairs to securely exchange messages. The document also defines firewalls as devices that control network traffic flow according to security policies, and describes common firewall types including packet filters, stateful filters, and application gateways.
Hacking involves identifying and exploiting weaknesses in computer systems to gain unauthorized access, while ethical hacking (also called penetration testing or white-hat hacking) involves using the same tools and techniques as hackers but legally and without causing damage. There are different types of hackers, including black hat hackers who use their skills maliciously, white hat hackers who use their skills defensively, and grey hat hackers whose behavior cannot be predicted. Ethical hacking is important for evaluating security and reporting vulnerabilities to owners.
VTU 8TH SEM INFORMATION AND NETWORK SECURITY SOLVED PAPERSvtunotesbysree
The document discusses different generations of firewalls and intrusion detection and prevention systems (IDPS). It describes the key characteristics of five generations of firewalls from static packet filtering to stateful inspection and kernel proxy firewalls. It also discusses the advantages of network-based IDPS (NIDPS) over host-based IDPS, and describes three common detection methods used by IDPS: signature-based, statistical anomaly-based, and stateful packet inspection. Wireless NIDPS and network behavior analysis systems are also introduced as two subtypes of NIDPS.
Lecture 1 - Introduction to Course & Course outline.pptxSameer Ali
This document provides an introduction and course outline for a Wireless Communications course. It outlines 5 sections that will be covered: Basics of Wireless Communications, Radiowave propagation characteristics, Fundamentals of Cellular Communication, Mobile Communication Systems (2G-4G), and Wireless Communications of the future. It discusses why wireless communication is important and provides an overview of the history and applications of wireless technologies. It also highlights the growth of mobile data usage and the increasing importance of wireless networks. Students will complete an independent study project on an application of wireless communications.
This document discusses security and privacy challenges in cloud computing. It begins with an introduction to cloud computing models and background. It then outlines some of the core security issues like loss of control over data, lack of trust in third party providers, and risks from multi-tenancy. The document proposes a threat model approach and taxonomy of fears related to confidentiality, integrity, availability and privacy. Overall, the core issue discussed is the difficulty of trusting other customers and providers in a shared cloud infrastructure.
This document provides an overview of an introductory computer security class. It outlines administrative details such as staff, grading, and communication. It then discusses key topics that will be covered including the components of computer security, threats, vulnerabilities, attacks, controls, security policy, and assurance. Example topics that will be covered in lectures are also listed.
Data centers are large physical facilities that house servers, networking equipment, and other infrastructure to deliver computing resources and services. They provide utilities like power, cooling, security and shelter. Typical data centers range from 500-5000 square meters and consume 1-20 MW of power on average. Modern cloud-based data centers are designed with multiple regions and availability zones to provide redundancy and prevent failures across entire regions. They use software-defined infrastructure to dynamically allocate resources based on workload demands and improve utilization of servers. Managing the scale and complexity of data centers remains an ongoing challenge due to their growth and the massive amounts of data generated each day.
The document provides an introduction to computer security concepts including examples of security breaches from an FBI report, definitions of key security pillars like confidentiality, integrity and availability, and descriptions of vulnerabilities, threats and controls. It discusses different types of threats like interception, interruption and modification of assets, and levels of vulnerabilities from hardware to software to data to people. Examples of software threats include trojan horses, viruses, logic bombs and trapdoors.
This document provides an overview of a course on Software Defined Networking (SDN). It discusses:
1. The course format which includes assignments on using SDN environments and writing controller applications, as well as a course project.
2. An introduction to SDN which describes how SDN decouples the network control and forwarding planes using a southbound API. This allows for a global view of the network and programmatic control.
3. Some of the key sections that will be covered in the course, including OpenFlow, network virtualization use cases, and SDN challenges related to controller availability.
- SDN is defined as separating the network control plane from the forwarding plane, allowing a single control plane to control multiple forwarding devices. (Paragraph 1)
- Key dimensions of SDN include disaggregating the control and data planes, having a centralized vs decentralized control plane, and using fixed-function vs programmable data planes. SDN has progressed through phases of network operators taking more control. (Paragraph 2)
- SDN enables use cases like network virtualization, SD-WAN, traffic engineering, bare metal switching, and in-band network telemetry. (Paragraph 3)
SINDH SALES TAX ON SERVICES ACT 2011.pdfSameer Ali
This document outlines the Sindh Sales Tax on Services Act of 2011 which establishes a tax on services provided in Sindh province, Pakistan.
The Act defines key terms related to taxable services and establishes a scope of tax that applies to both residents and non-residents providing taxable services in Sindh. It exempts certain services and allows the Board to amend schedules of tax rates.
The Act requires registration of service providers, establishes rules for record keeping, audits, and tax returns. It appoints authorities to administer the tax and establishes offenses and penalties for non-compliance. The Act also outlines procedures for appeals, recovery of tax arrears, and holds agents responsible for collection and payment
Securing BGP: Operational Strategies and Best Practices for Network Defenders...APNIC
Md. Zobair Khan,
Network Analyst and Technical Trainer at APNIC, presented 'Securing BGP: Operational Strategies and Best Practices for Network Defenders' at the Phoenix Summit held in Dhaka, Bangladesh from 23 to 24 May 2024.
Discover the benefits of outsourcing SEO to Indiadavidjhones387
"Discover the benefits of outsourcing SEO to India! From cost-effective services and expert professionals to round-the-clock work advantages, learn how your business can achieve digital success with Indian SEO solutions.
HijackLoader Evolution: Interactive Process HollowingDonato Onofri
CrowdStrike researchers have identified a HijackLoader (aka IDAT Loader) sample that employs sophisticated evasion techniques to enhance the complexity of the threat. HijackLoader, an increasingly popular tool among adversaries for deploying additional payloads and tooling, continues to evolve as its developers experiment and enhance its capabilities.
In their analysis of a recent HijackLoader sample, CrowdStrike researchers discovered new techniques designed to increase the defense evasion capabilities of the loader. The malware developer used a standard process hollowing technique coupled with an additional trigger that was activated by the parent process writing to a pipe. This new approach, called "Interactive Process Hollowing", has the potential to make defense evasion stealthier.
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...APNIC
Adli Wahid, Senior Internet Security Specialist at APNIC, delivered a presentation titled 'Honeypots Unveiled: Proactive Defense Tactics for Cyber Security' at the Phoenix Summit held in Dhaka, Bangladesh from 23 to 24 May 2024.
1. 1
SECURITY IN MOBILE NETWORKS
Bharat Bhargava
CERIAS and Computer Sciences Departments
Purdue University, W. Lafayette, IN 47907
bb@cs.purdue.edu
Supported by CERIAS & NSF grants CCR-0001788 and CCR-9901712.
2. 2
Mobile Computing Environment
• Vulnerable to failures, intrusion, and
eavesdropping.
• Adhoc mobile systems has everything moving
(hosts, base-stations, routers/agents, subnets,
intranet).
• Need survivability from intentional and
unintentional attacks.
3. 3
Research Ideas
• Integrate ideas from Science and Engineering of security
and fault-tolerance.
Examples:
• Need to provide access to information during failures
need to disallow access for unauthorized users.
– Duplicate routers & functions, duplicate authentication functions,
duplicate secrete session key database, secure database that provides
public keys.
– Auditing, logging, check-pointing, monitoring, intrusion detection,
denial of service.
• Adaptability:
– Adapt to timing, duration, severity, type of attack.
• Election Protocols – selection of back-up base station.
4. 4
Deficiency in Mobile IPAuthentication
• Authentication is through a home agent (HA).
– If HA is out of service, mobile host will be
homeless and not be able to communicate.
5. 5
Deficiency in Mobile IP Key
Management
• Data packets are encrypted before sending, and
decrypted after receiving.
• Requires exchange of secret keys and public
keys between sender and receiver.
• Mobile IP does not provide multi-cast session
key management. Manual distribution implies
N(N–1)/2 pairs of keys. Does not scale well.
6. 6
Research Questions
• Difficulty in initial authentication.
– How quickly a public key can be established without any prior
knowledge between communicating parties?
• Maintaining authentication.
– The session key and its life-time have to be made available to all
other base stations in case MH moves across cells. Further
complicates the problem of key distribution. Note session key
information is not completely replicated in the database of base
stations.
• Hierarchical authentication of mobile base stations.
– Mobile base stations must authenticate one another. Need another
centralized certificate authority. Both MH and base stations must
trust the same security hierarchy.
7. 7
• Key agility
– Difficult to come up with a measure for how
long the key can be retained.
• Adaptive intrusion defection systems
– Detect possible break-ins of base station and fire
wall reconfigurations.
8. 8
Fault Tolerant Authentication in
Mobile Computing
Bharat Bhargava
Sarat Babu Kamisetty
Sanjay Kumar Madria
CERIAS and Computer Sciences Department
Purdue University, W. Lafayette, IN 47907
bb@cs.purdue.edu
9. 9
Objective
• To provide uninterrupted secure service to the
mobile hosts when base station moves or fails.
11. 11
Mobile IP Entities
• Mobile Host (MH) – which can change its point of
attachment to the internet from one link to another.
• Home Agent (HA) – router on MH’s home network
which tunnels datagrams (packets of data) to MH when
it is away from home.
• Foreign Agent (FA) – router on MH’s visited network
which provides routing services to the MH while
registered.
12. 12
Hardware Characteristics
• Media – Wireless media are inherently less
secure.
• Low power and limited computing resource
– motivation for making security an optional
feature.
• Bandwidth – typically orders of magnitude
less than wired bandwidth (motivation for
reducing the overhead of the security scheme).
13. 13
System Characteristics
• Autonomy – WAN, base stations and mobile
hosts are governed by different entities.
• Network Partitions – Authentication
requires communication with the home
agent, which could be across the globe.
• Clock Synchronization – mobile hosts may
travel across multiple time zones.
14. 14
Application Characteristics
• Location Privacy – protecting the identity of
the communicating entities (ex: Military
Networks)
• Mobility – implies frequent upon handoffs
• Secure Multicast – one transmitter and many
listeners (ex: Classrooms)
15. 15
Fundamental Security Services
• Authentication
– Provides assurance of a host’s identity.
– Provides a means to counter masquerade and
replay attacks.
– Can be applied to several aspects of multicast (ex:
registration process).
16. 16
Fundamental Security Services
• Integrity
– Provides assurance that traffic is not altered during
the transmission.
– Lack of integrity services in IP can lead to
spoofing attacks.
– More crucial for applications involving key
management than voice applications (easily
detected).
17. 17
Fundamental Security Services
• Confidentiality
– Provides assurance that only authorized entities
can decode and read the data.
– Typically, encryption is used to achieve this.
– Encryption can be applied at several layers of the
protocol stack (ex: inherent in RTP, ESP for IP
datagrams).
18. 18
Fundamental Security Services
• Other Services
• Non-repudiation – recipient can prove that
sender did sent the message in case sender
denies it.
• Access Control – ensures that only authorized
parties can access the resources.
19. 19
Problem Description
• To ensure security and theft of resources (like
bandwidth), all the packets originating inside
the network should be authenticated.
• Typically, a Mobile Host sends a packet to its
Home Agent along with the authentication
information.
20. 20
Problem Description (continued)
• If the Authentication is successful, Home Agent
forwards the packet. Otherwise, packet is dropped.
Internet
Authentication and
Forwarding Services
Mobile Node
Home Agent
21. 21
Disadvantages of Typical Setup
• Home Agent becomes a single point of failure.
• Home agent becomes an attractive spot for
attackers.
• Not scalable – large number of hosts overload
the Home agent.
22. 22
Research Goals
• Eliminate the single point of failure.
• Distribute the load and enhance scalability
and survivability of the system.
• Failures – transparent to applications.
• Easy to implement, no manual setup.
23. 23
Traditional Approaches
• Using a Proxy Server (or Backup) that takes
up the responsibilities of the Base Station
Disadvantages
• Manual updating of the routing tables of the
hosts necessary.
• Time consuming and hence smooth
provision of service is not possible.
24. 24
Traditional Approaches (continued)
• Using a Second Base Station that forwards the
packets to the actual Home Agent, using Mobile IP,
which is now at a Foreign Network.
Disadvantages
• Communication Delays introduced makes this
solution impractical.
• Introduces additional security threats as the packets
now traverse long paths through Internet.
27. 27
Proposed Schemes
• We propose two schemes to solve the
problem.
– Virtual Home Agent
– Hierarchical Authentication
• They differ in the architecture and the
responsibilities that the Mobile Hosts and
Base Stations (Agents) hold.
28. 28
Authentication Using Virtual
Home Agent
Entities in the proposed scheme
• Virtual Home Agent (VHA) is an abstract
entity identified by a network address.
• Master Home Agent (MHA) is the physical
entity that carries out the responsibilities of
the VHA.
29. 29
Authentication Using Virtual
Home Agent
• Backup Home Agent (BHA) is the entity that
backs up a VHA. When MHA fails, BHA
having the highest priority becomes MHA.
• Shared Secrets Database Server is the entity
that manages and processes the queries on
the secret database.
30. 30
Virtual Home Agent Scheme
VHA ID = IPADDRI
Master Home Agent (MHA) Database Server
Shared Secrets
Database
Backup Home Agents Other hosts in the network
31. 31
Protocol Description
• All the MHAs and BHAs join a pre-
configured multicast group.
• MHA and each BHA is assigned a priority
that indicates its preference to become a
MHA, when the current MHA fails.
• MHA has the highest priority at any given
point of time
32. 32
Protocol Description
• Periodically, MHA sends an advertisement
packet to the configured multicast group.
• Purpose of this advertisement packet is to let
the BHAs know that MHA is still alive.
• Time-to-live is set to 1 in each advertisement
as they never have to be transmitted outside
the network.
33. 33
Protocol Description
• Advertisement Packet Format
• VHA’s ID indicates the VHA that this Agent is the
Master for.
• MHA’s priority is the priority of this MHA.
• Authentication Information is necessary to void the
masquerading attacks (I.e., anybody posing as a
Master after comprising it).
VHA’s ID MHA’s priority Authentication Information
34. 34
Protocol Description
• BHAs only listen for advertisements, they do not
send the advertisements.
• If a BHA did not receive any advertisements for
some period, it starts the Down Interval Timer,
computed as follows:
Down Time Interval = 5*Advertisement Interval +
((MHA’s priority-BHA’s priority)/MHA’s priority)
35. 35
Protocol Description
• Down Interval Time takes care of packet losses (as
it is at least 5 advertisement intervals).
• Down Interval Time is a function of BHA’s
configured priority (if the priority is more, Down
Interval Time is less).
36. 36
Protocol Description
• It is guaranteed that the Down Interval Timer of
the BHA having the highest priority will expire
first and that BHA transitions from BHA to MHA.
• This new MHA sends advertisements from now
onwards.
37. 37
Protocol Description
Advantages of this Election Protocol
• No communication between the BHAs is
required.
• There is no confusion about which BHA
becomes MHA (only the one whose timer
expires first).
• No additional security threats (like manipulating
priorities of BHAs).
39. 39
Advantages of the Proposed Scheme
• Has only 3 states and hence the overhead of
state maintenance is negligible.
• Very few tasks need to be performed in each
state (outlined in the tech report).
• Flexible – there could be multiple VHAs in
the same LAN and a MHA could be a BHA
for another VHA, a BHA could be a BHA for
more than one VHA at the same time.
40. 40
Disadvantages of Virtual
HA Solution
• Not scalable if every packet has to be
authenticated
– Ex: huge audio or video data
• BHA (Backup Home Agents) are idle most of
the time (they just listen to MHA’s
advertisements.
• Central Database is still a single point of
failure.
41. 41
Hierarchical Authentication Scheme
• Multiple Home Agents in a LAN are
organized in a hierarchy (like a tree data
structure).
• A Mobile Host shares a key with each of the
Agents above it in the tree (Multiple Keys).
• At any time, highest priority key is used for
sending packets or obtaining any other kind of
service.
43. 43
Tree-Based Scheme
7
1 2 3 4 5 6 10 11 12 13 14 15 16
9
8
Key A Key B Key C Key D Key E Key F Key G Key H
Key I Key J Key K Key L
Key M Key N
Key O
44. 44
Hierarchical Authentication Scheme
Key Priority depends on several factors and
computed as cumulative sum of weighted
priorities of each factors:
Example Factors:
• Communication Delays
• Processing Speed of the Agents
• Key Usage
• Life Time of the Key
45. 45
Hierarchical Authentication Scheme
• Hosts detect the Home Agent’s failure or
mobility when the Home Agent does not send
an acknowledgement for a request.
• When the failure is detected, host reduces the
priority of the current key and picks up the
highest priority key to be used from now
onwards.
46. 46
VHA Scheme
• Flat structure
• Host has only one key
• Failure is transparent to the
user
Hierarchical Scheme
• Tree structure
• Number of keys depend on
height of the tree.
• Hosts should be aware of
the failure of BS as which
key to be used depends on
the base station serving it.
• No Priority is assigned to
the keys
• Each key has priority, the
key with the highest
priority is used for
authentication.
47. 47
Clusters to Achieve Scalable Fault
Tolerant Authentication
• Front-End is the MHA.
• Back-Ends are BHAs.
• Each packet is digitally signed by the Mobile
Host.
• Packets are forwarded to the MHA.
• Back-Ends verify the signatures.
48. 48
Scalability Using Clusters
• Cluster
– A group of servers.
– Act as a single node (i.e., identified by a single IP
address).
– Gives the effect of parallel processor with a large
main memory and secondary storage.
– Largely scalable and efficient.
– Deployed in service provider networks.
49. 49
Cluster Architecture
• Client contacts the Front-End for a service.
• Front-End forwards the requests to a Back-
End.
• Back-Ends serve/process the request.
50. 50
Front-End’s Responsibilities
• Acts as a Request dispatcher or redirector.
• Does load balancing based on various factors.
• Keeps track of which Back-Ends are active.
55. 55
Disadvantages of Redirection
• Introduces additional delays.
• Identities (i.e., addresses) of the Back-ends are
exposed and thus poses a security risk.
• Poses an additional burden on clients or they
might not handle redirects.
56. 56
Request Distribution
• Content Based Distribution
– Front-End takes into account the service requested
to decide which Back-End is good (Ex: audio,
video, text, etc.).
– Increased performance.
– Gives the flexibility of having different types of
Back-End servers for different contents (Ex:
audio, servers, video servers).
57. 57
Request Distribution
• Load Based Distribution
– Front-End does load balancing.
– Front-End distributes the requests based on the
current load of the Back-Ends.
– Back-Ends report about their load periodically.
– Front-End prefers minimally loaded Back-End.
– Useful when all the Back-Ends server similar
requests (like only audio, only text).
58. 58
Request Distribution
• Locality Aware Distribution
– Front-End keeps a mapping of the Back-Ends and
their cache contents.
– When a request arrives, it maps the request to the
cache contents.
– Request if forwarded to that Back-End whose
cache contents match the request.
• Useful for retrieving HTTP documents.
59. 59
Conclusions and Future Work
• Flat-model and tree based schemes for fault-
tolerant authentication in mobile environment.
• Cluster based enhancement.
60. 60
Future Work
• Quantifying the priorities for each factor and
computing the overall key priority as a weighted
function of all these factors.
• Designing a adaptable database replication and
partitioning scheme for secret key database that
increases the system performance.
• Simulation of these approaches and obtaining
performance statistics.
61. 61
Experimental Evaluation
• Conducting experiments using ns2 to:
– study the performance of the proposed schemes
– assess their reliability
– devise suitable values for the parameters:
• VHA: priority, ad interval, …
• Hierarchical: priority, #of levels, tree structure, ….
• Both: key distribution, key size, re-keying, replicating
secret DB, ...
62. 62
Experiments setup
• Different mobile environments by varying:
• number of mobile hosts, number of home agents
• number of groups/sub networks
• mobility models
• frequency of authentication requests
• failure probability and movement behavior of home agents (base
stations)
• authentication scheme with different parameters
• Evaluate:
• comm. overhead of each scheme
• response time in case of failure
• best parameters’ values of each scheme