| Title | Date Added | Company | |
|---|---|---|---|
 |
City of Helsinki Enhances Network Security by Ensuring Security Policy Compliance | 2008-01-01 | Microsoft |
| The City Council of the City of Helsinki provides a variety of governmental services for the approximately 500,000 inhabitants of Helsinki, Finland. To protect its network from security threats such as malware and intruders, the City of Helsinki needed a way to ensure that all computers accessing the network met security policies. To meet this need, the city deployed Network Access Protection (NAP), a feature of Windows Server 2008. As a result of testing NAP, the city expects to increase network security, improve integration, and make its IT administration processes more efficient.
Tags: Security Standards, Windows Server 2008 |
|||
 |
Applying Fast String Matching to Intrusion Detection | 2008-01-01 | University of California |
| The performance of signature-based network intrusion detection tools is dominated by the string matching of packets against many signatures. This paper studies how the popular intrusion detection system Snort can be best optimized to utilize different string matching algorithms. The paper analyzes the performance of Snort's current string matching algorithm, Boyer-Moore, and several alternate algorithms. The paper shows that no single algorithm is fastest in the context of a real Snort rule set. Instead, the paper develops a hybrid system that utilizes three different search algorithms, including one new algorithm presented in this paper. The result is a system that matches many common packets 5 times faster with an average speedup of 50%.
Tags: Security Tools, Intrusion Detection Systems |
|||
|
Enriching Intrusion Alerts Through Multi-Host Causality | 2008-01-01 | University of Michigan |
| Current intrusion detection systems point out suspicious states or events but do not show how the suspicious state or events relate to other states or events in the system. This paper shows how to enrich an IDS alert with information about how those alerts causally lead to or result from other events in the system. By enriching IDS alerts with this type of causal information, one can leverage existing IDS alerts to learn more about the suspected attack. Backward causal graphs can be used to find which host allowed a multi-hop attack (such as a worm) to enter a local network; forward causal graphs can be used to find the other hosts that were affected by the multi-hop attack.
Tags: Security Tools, Intrusion Detection Systems |
|||
|
Honeycomb - Creating Intrusion Detection Signatures Using Honeypots | 2008-01-01 | University of Cambridge |
| This paper describes a system for automated generation of attack signatures for network intrusion detection systems. The system applies pattern-matching techniques and protocol conformance checks on multiple levels in the protocol hierarchy to network traffic captured a honeypot system. This paper presents results of running the system on an unprotected cable modem connection for 24 hours. The system successfully created precise traffic signatures that otherwise would have required the skills and time of a security officer to inspect the traffic manually.
Tags: Security Tools, Intrusion Detection Systems |
|||
|
A Cooperative Intrusion Detection System for Ad Hoc Networks | 2008-01-01 | Georgia Institute of Technology |
| Mobile Ad hoc NETworking (MANET) has become an exciting and important technology in recent years because of the rapid proliferation of wireless devices. MANETs are highly vulnerable to attacks due to the open medium, dynamically changing network topology, cooperative algorithms, lack of centralized monitoring and management point, and lack of a clear line of defense. This paper reports the progress in developing Intrusion Detection (ID) capabilities for MANET. Building on the prior work on anomaly detection, the paper investigates how to improve the anomaly detection approach to provide more details on attack types and sources. For several well-known attacks, one can apply a simple rule to identify the attack type when an anomaly is reported. In some cases, these rules can also help identify the attackers.
Tags: Security Tools, Intrusion Detection Systems |
|||
|
MINDS - Minnesota Intrusion Detection System | 2008-01-01 | University of Minnesota |
| This paper introduces the Minnesota Intrusion Detection System (MINDS), which uses a suite of data mining techniques to automatically detect attacks against computer networks and systems. While the long-term objective of MINDS is to address all aspects of intrusion detection, this paper focuses on two specific contributions: an unsupervised anomaly detection technique that assigns a score to each network connection that reflects how anomalous the connection is, and an association pattern analysis based module that summarizes those network connections that are ranked highly anomalous by the anomaly detection module.
Tags: Security Tools, Intrusion Detection Systems |
|||
|
Attribution and Aggregation of Network Flows for Security Analysis | 2008-01-01 | Dartmouth College |
| This paper describes a network flow analyzer that is capable of attribution and aggregation of different flows into single activity events for the purposes of identifying suspicious and illegitimate behaviors. Flows are correlated with security events using the Process Query System (PQS) infrastructure. This paper shows results from initial experiments and describes plans for extending the effort. The correlation of networks flows with security events appears to have high potential for aggregating disparate network and host activity and for classifying network activity as either benign or suspicious.
Tags: Security Management, Security Tools |
|||
|
A High-Performance Network Intrusion Detection System | 2008-01-01 | Iowa State University |
| This paper presents a new approach for network intrusion detection based on concise specifications that characterize normal and abnormal network packet sequences. The specification language is geared for robust network intrusion detection by enforcing a strict type discipline via a combination of static and dynamic type checking. Unlike most previous approaches in network intrusion detection, the authors approach can easily support new network protocols as information relating to the protocols are not hard-coded into the system. Instead, suitable type definitions are added in the specifications and define intrusion patterns on these types. These specifications are compiled into a high-performance network intrusion detection system.
Tags: Security Tools, Intrusion Detection Systems |
|||
|
Using JXTA for Firewall Traversal in Distributed CORBA Applications | 2008-01-01 | University of Sao Paulo |
| JacORB is a free Java ORB that is ETF-compliant, that is, it supports the substitution of its transport layer in a standard way. JXTA is a peer-to-peer protocol stack, also implemented as free software, which can traverse firewalls and NAT gateways. This paper describes an extended version of JacORB that runs GIOP over JXTA. Binding CORBA and JXTA technologies together allows components of distributed CORBA applications to be deployed in complex network environments, which may contain firewalls or IP address translators.
Tags: Network Security, Security Tools |
|||
|
Design and Implementation of Personal Firewalls for Handheld Devices | 2008-01-01 | University of Wollongong |
| Personal Digital Assistants (PDAs) have become one of the important tools in the life. Their popularity is due to their small size and mobility which enables them to be carried anywhere. Along with their popularity, handheld devices are starting to become the target for the attackers, who are mainly interested in gaining the data stored in handheld de-vices. Therefore, security of handheld devices has attracted a lot of attention in an effort to protect the sensitive information stored in handheld devices. Securing handheld de- vices is a daunting task. It requires a careful design since the devices have very limited computational power and battery life. This paper aims to review the security threats to handheld computers and propose several possible solutions.
Tags: Network Security, Security Tools |
What's important from our sponsors
Webcast: Maximizing Data Protection with Disk-Based Backup
Receive a complimentary copy of the IDC Analyst Connection when you sign up
Sponsored by
Cutting-edge technology from premium sponsors
HP Simply StorageWorks D2D Backup System
Explore this disk-to-disk backup system that is fully automated and provides reliable data protection for your business.
- ZDNet.com |
- ZDNet Japan |
- ZDNet.de |
- CNET UK |
- CNET.de |
- Tech Republic |
- BNET |
- MP3.com |
- activeTechPros |
- ZDNet UK |
- ZDNet Korea |
- ZDNet France |
- CNET Australia |
- CNET France |
- Download.com |
- Builder |
- GameSpot
- ZDNet Australia |
- ZDNet Taiwan |
- CNET |
- CNET Taiwan |
- News.com |
- Silicon.com |
- TV.com |
- GameSpot Korea
News |
Insight |
Reviews |
TechGuides |
Jobs |
Blogs |
Videos |
Community |
Downloads |
IT Library |
Copyright © 2008 CNET Networks, Inc. All rights reserved. Privacy Policy.
