The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Today VoIP (Voice over IP) and video conference are very common in internet. But the other side, network security is more complicated than before, our network infrastructure set firewalls become a basic network security equipments. Not only enterprises will set up firewall system, most of SOHOs and individual users also set at least one firewall in their network. In order to allow video conference...
This paper surveys our ongoing work on the use of software-defined networking to simplify two acute policy problems in campus and enterprise network operations: access control and information flow control. We describe how the current coupling of high-level policy with low-level configuration makes these problems challenging today. We describe the specific policy problems faced by campus and enterprise...
In this paper, it is presented a solution that performs the alarm correlation based in the dependencies between the network devices using baseline or digital signature of network segment (DSNS). The main objective of this work is to provide a network-wide view, showing its global status instead of just presenting the various alarms generated individually for different network elements. A dependency...
Defending against DoS attacks is extremely difficult; effective solutions probably require significant changes to the Internet architecture. We present a series of architectural changes aimed at preventing most flooding DoS attacks, and making the remaining attacks easier to defend against. The goal is to stimulate a debate on tradeoffs between the flexibility needed for future Internet evolution...
It is well known that Internet is the largest network covering the whole world. The open protocol of the internet helps the development of the computer network. But the security was neglected in the earlier design of Internet protocol, at the same time the management of Internet was not belonged to the government. All these result in the threats to the Internet. Accidents related to security happen...
This paper first discusses the classic methods of covert communication to traverse the firewall devices which control the network communication. And based on the analysis of IPSec protocol architecture, that the worse of network compatibility of IPSec is got. So the new IPSec over HTTP protocol based on IPSec tunnel and HTTP tunnel is exposed including its structure and procedure. The soft structure...
Denial of service (DoS) attacks are very dangerous as they consume resources at the network and transport layers. Firewalls are considered as the first line of defense in any network. An attacker may use probing to learn a firewallpsilas policy, and then launch a DoS attack that floods the firewall with traffic targeting the rules at the bottom of this policy. In this paper, we propose a countermeasure...
During the last years, Internet facilities like email, the world-wide-web (WWW), and e-commerce have generated a boost of Internet growth, making offering services possible in fundamentally new ways. One of these services is Voice over IP (VoIP), also named Internet Telephony (IP telephony). With most major telecommunications carriers preparing for VoIP mass deployment, the security of service cannot...
Today network intrusion detection and intrusion prevention system (NIDS/IPS) are considered as one of the hottest topics in computer security. On the other side firewalls have optimized several times and different types have been introduced. Today by integrating NIDS and firewall a new product comes to the market, which is called IPS. IPSs protect information systems from unauthorized access, damage...
The version 6 of Internet Protocol (IPv6) is being gradually deployed worldwide. This paper analyzes the security of IPv6 protocol. is the analysis concludes that serious security vulnerabilities exist that are IPv6 specific. Therefore additional security measures are needed and more capable security management tools are required in IPv6 networks in order to achieve a security posture at parity with...
Firewalls are perimeter security solutions that are useful for addressing the unwanted traffic issue. However, designers must also appropriately address the network performance, availability, and complexity problems that firewalls introduce. The authors survey existing cluster-based fault-tolerant firewall architectures and discuss their trade-offs in these three areas. They present a preliminary...
Sharing of information and resources among different devices require networking. As networks are expanding day by day, IPv6 is gaining more and more popularity. Different transition mechanisms have been established and yet a lot of research is to be carried out. Network security is another very important area of research and needs special attention in the era of network expansions. In this paper,...
We propose a model for using firewall log entries of denied inbound Internet traffic for indirect discovery of local IP addresses that have security problems. This method is used successfully to discover two computers on the network of Southern Illinois University which were infected with malicious feral software, as well as two more IP addresses on the university network with other security problems.
To provide the reliable connectivity between two endpoints over the Internet, a firewall cluster for stateful high availability removes the single-point failure by replicating and maintaining TCP connection states to a backup firewall node, at the expense of the costs of network and system resources. In this paper, through trace-based simulations on a prototype implementation, we evaluate the overheads...
In this paper we propose a solution to strengthen the security of domain name system (DNS) servers associated with one or more top level domains (TLD). The proposed solution has been developed and tested at FCCN, the TLD manager for the .PT domain. Through the implementation of network probes that monitor the network in real-time, we are able to dynamically prevent, detect or limit the scope of attempted...
The 3 most important issues for anomaly detection based intrusion detection systems by using data mining methods are: feature selection, data value normalization, and the choice of data mining algorithms. In this paper, we study primarily the feature selection of network traffic and its impact on the detection rates. We use KDD CUP 1999 dataset as the sample for the study. We group the features of...
Security threats for voice-over IP (VoIP) networks are becoming a major concern as its popularity increases. New attacks are developed that target directly the underlying SIP protocol. To detect such kinds of attacks we present a specification-based detection framework to recognise deviation from its expected behaviour. We present an implementation and show with measurements that this method is capable...
Computer system security evaluation by using mean time-to-compromise criteria is presented in this paper. The outcome of the attack highly depends on the attacker skill level. The attacker skill level distribution must be estimated, normal skill level distribution in the skill group is suggested in the model. The article concludes with simulation results and evaluation of the chosen attacker skill...
This paper presents a large scale longitudinal study of the spatial and temporal features of malicious source addresses. The basis of our study is a 402-day trace of over 7 billion Internet intrusion attempts provided by DShield.org, which includes 160 million unique source addresses. Specifically, we focus on spatial distributions and temporal characteristics of malicious sources. First, we find...
Nowadays, most firewalls which are deployed in networks are not compatible with mobile IPv6. And to modify the configuration of firewall by using NSIS signaling is one of signaling solutions. In this paper, the purpose is to resolve the problems which are in mobile IPv6 network environment during the traversal process by using NSIS signaling. We introduce a new method that can reduce the complexity...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.