| Title | Date Added | Company | |
|---|---|---|---|
 |
Path-Coupled Signaling for NAT/Firewall Traversal | 2008-01-01 | NEC Europe |
| Complex protocols tend to negotiate secondary flows on the application layer. This, in the general case, prevents Firewalls and NATs from allowing or routing them, and communication becomes impossible. This paper describes the requirements and design of an end-application triggered, path-coupled signaling protocol for NAT/Firewall traversal. Finally, the paper shows and discusses a performance evaluation, based on the implementation of the protocol.
Tags: Network Security, Security Tools |
|||
|
Subtle Issues in the Design of a Database Tier Firewall | 2008-01-01 | Indian Institute of Technology Bombay |
| Applications such as centralized Supply Chain Management permit multiple business partners to host their own customized components at the same site with selective access to a common shared database. If the application software providers are not all trusting of each other, a Database Tier Firewall is necessary. This model assumes that the vocabulary of relational names from the perspective of application developers and users is limited to an abstract schema. Users have views but the view names are unknown to them. Indeed the user may not be aware of the view definitions which change dynamically and reflect access constraints defined and updated by the owner of the data.
Tags: Network Security, Security Tools |
|||
|
A Target-Centric Ontology for Intrusion Detection | 2008-01-01 | university of maryland |
| This paper has produced an ontology specifying a model of computer attacks. The ontology is based upon an analysis of over 4,000 classes of computer intrusions and their corresponding attack strategies and is categorized according to: system component targeted, means of attack, consequence of attack and location of attacker. The author argues that any taxonomic characteristics used to define a computer attack be limited in scope to those features that are observable and measurable at the target of the attack. The paper presents the model as a target-centric ontology that is to be refined and expanded over time. The benefits of forgoing dependence are stated upon taxonomies, in favor of ontologies, for the classification of computer attacks and intrusions.
Tags: Security Tools, Intrusion Detection Systems |
|||
|
Secure "Selecticast" for Collaborative Intrusion Detection Systems | 2008-01-01 | Columbia University |
| The problem domain of Collaborative Intrusion Detection Systems (CIDS) introduces distinctive data routing challenges, which the paper shows are solvable through a sufficiently flexible publish-subscribe system. CIDS share intrusion detection data among organizations, usually to predict impending attacks earlier and more accurately, e.g., from Internet worms that tend to attack many sites at once. CIDS participants collect lists of suspect IP addresses, and want to be notified if others are suspicious of the same addresses. The matching must be done efficiently and anonymously, as most organizations are reluctant to share potentially revealing information about their networks. Alerts regarding external probes should only be visible to other CIDS participants experiencing probes from the same source(s).
Tags: Security Tools, Intrusion Detection Systems |
|||
|
Towards a High-Speed Router-Based Anomaly/Intrusion Detection System | 2008-01-01 | Northwestern University |
| Traffic anomalies and attacks are commonplace in today's networks, and identifying them rapidly and accurately is critical for large networks. With the rapid growth of network bandwidth and fast emergence of new attacks/worms, existing network Intrusion Detection Systems (IDS) are insufficient for the following two reasons. First, they are mostly host-based or located on low-end routers, and not scalable to high-speed networks. However, it is crucial to identify fast propagation of worms in their early phases, which can only possibly be achieved by detection at high speed edge/backbone routers instead of at end hosts. Unfortunately, the existing schemes are not scalable to the link speeds and number of flows for high-speed networks.
Tags: Security Tools, Intrusion Detection Systems |
|||
|
An EFSM-Based Intrusion Detection System for Ad Hoc Networks | 2008-01-01 | Institut National des Telecommunications |
| Mobile ad hoc networks offer very interesting perspectives in wireless communications due to their easy deployment and their growing performances. However, due to their inherent characteristics of open medium, very dynamic topology, lack of infrastructure and lack of centralized management authority, MANET present serious vulnerabilities to security attacks. This paper proposes an intrusion detection scheme based on Extended Finite State Machines (EFSM). A formal specification of the correct behavior of the routing protocol is provided and by the means of a backward checking algorithm, detects run-time violations of the implementation. The paper chooses the standard proactive routing protocol OLSR as a case study and show that the approach allows to detect several kinds of attacks as well as conformance anomalies.
Tags: Security Tools, Intrusion Detection Systems |
|||
|
Cisco TrustSec and NAC Security Services Built on a Common Identity Framework | 2008-01-01 | Cisco Systems |
| Securing corporate networks is an ongoing challenge. Employees have become more mobile and connect to corporate networks via a variety of access mechanisms. Collaboration between employees, partners, and vendors, brings more users onto the network with a different mix of roles and privileges. Add in the growing regulatory compliance needs and one has a much more complex policy-management problem. Cisco has helped customers deal with these issues since its inception starting with Access Control Lists (ACLs) and subsequently through Cisco Identity Based Network Services (IBNS; the next phase of which is called Cisco Identity Based Privilege Networking [IBPN]). More recently, Cisco Network Admission Control (NAC) was developed to allow customers to authenticate on the basis of device "Posture" as well as Identity. | |||
|
Unauthorized applications: Taking back control | 2007-12-11 | Sophos |
| Employees installing and using unauthorized applications like Instant Messaging, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. This paper looks at why it is important to control such applications, discusses the various approaches, and highlights how integrating this functionality into malware protection is the simplest and most cost-effective solution.
Tags: Network Security, Security Applications, Security Standards, Intrusion Detection Systems |
|||
|
Safe and productive browsing in a dangerous Web world: The challenge for business | 2008-02-14 | Sophos |
| With a brand new infected Web page discovered every 14 seconds, the Web has now become the key vector for online hacking attacks, as well as representing a drain on productivity for many businesses. Yet the vast majority of businesses are unprotected against today's modern Web-based malware. Few organizations have deployed proactive protection to combat the dangers and ensure that both network security and employee efficiency remain uncompromised. This paper highlights the six top tricks used by hackers and describes the three pillars of protection organizations need to safeguard their systems and resources.
Tags: Network Security, Security Management, Security Tools, Spam - E-mail Fraud - Phishing |
|||
|
Who's Got the NAC? Best Practices in Protecting Network Access | 2007-10-01 | Sophos |
| For many would-be network access control (NAC) adopters, what NAC is or is supposed to be is unclear. However, the companies who are successfully protecting their network aren't confused - they also have more demanding views as to what they think a NAC solution should provide. This report from Aberdeen aims to further the market's understanding of NAC - its function and capabilities - as seen through the eyes of those organizations that are getting the best results in protecting their network access. This report is brought to you by Sophos.
Tags: Security Standards, Security Tools, Intrusion Detection Systems, Network Administration |
What's important from our sponsors
Webcast: Maximizing Data Protection with Disk-Based Backup
Receive a complimentary copy of the IDC Analyst Connection when you sign up
Sponsored by
Cutting-edge technology from premium sponsors
HP Simply StorageWorks D2D Backup System
Explore this disk-to-disk backup system that is fully automated and provides reliable data protection for your business.
- ZDNet.com |
- ZDNet Japan |
- ZDNet.de |
- CNET UK |
- CNET.de |
- Tech Republic |
- BNET |
- MP3.com |
- activeTechPros |
- ZDNet UK |
- ZDNet Korea |
- ZDNet France |
- CNET Australia |
- CNET France |
- Download.com |
- Builder |
- GameSpot
- ZDNet Australia |
- ZDNet Taiwan |
- CNET |
- CNET Taiwan |
- News.com |
- Silicon.com |
- TV.com |
- GameSpot Korea
News |
Insight |
Reviews |
TechGuides |
Jobs |
Blogs |
Videos |
Community |
Downloads |
IT Library |
Copyright © 2008 CNET Networks, Inc. All rights reserved. Privacy Policy.
