The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Mobile IPv6 has been developed for quite a few years now, but it has yet to bring its constant connectivity and global reachability benefits to mobile devices in real world scenarios, mainly due to lack of trouble-free and secure network access and data transmission for devices as they roam. In this paper we propose a Unified Architecture that combines the strengths of Mobile IPv6 and AAA services...
This paper conducts a comprehensive analysis of the security of LAN-based Educational Management Information System (EMIS), and proposes security policies and methods required by the system. Meanwhile, it adopts system permission allocation, user authentication, record tracking, protocol auditing, data backup, disaster recovery, warning system and other technologies to design a multi-layered database...
Aiming at the security requirement of the Intranet that is different from Internet, an security architecture for Intranet is proposed. In physical layer and data link layer, based on network switch the intranet is divided into several parts separated from each other as required. In network layer, making use of the NAT gateway integrated in virtual server the intranet or its part is hidden to ensure...
In this paper, the network security and traditional firewall technology were introduced, pointing out that the problems faced by traditional firewall. Then the structure of the distributed firewall, key technology and advantages of an in-depth study. The various parts of the text on the design and implementation of a detailed introduction. Then, the analysis of the control of several now distributed...
IP multicast can be used for one-to-many or many-to-many communications providing efficient resource consumption. When providing IP services to passengers on a plane via a satellite, IP multicasting techniques can be very useful in saving resources over the satellite. A novel framework (MSECAAA) presented in, combines the IETF multicast security architecture with efficient AAA techniques enabling...
During the last years, Internet facilities like email, the world-wide-web (WWW), and e-commerce have generated a boost of Internet growth, making offering services possible in fundamentally new ways. One of these services is Voice over IP (VoIP), also named Internet Telephony (IP telephony). With most major telecommunications carriers preparing for VoIP mass deployment, the security of service cannot...
To secure communication in Grids many efforts have been made regarding authentication and authorization. Due to some application requirements it is up to now recommended to open wide port ranges on firewalls. This configuration is commonly accepted as insecure. We present an approach to enhance the security of firewalled Grid components by a new method to dynamically authorize TCP connections on firewalls...
RADIUS (remote authentication dial in user service) is an authentication, authorization and accounting protocol being widely used in network environments. However, it has a set of vulnerabilities that are either caused by the protocol, or caused by poor implementation and exacerbated by the protocol. First the overview of RADIUS protocol including basic operation of RADIUS protocol is studied. Then...
Today network intrusion detection and intrusion prevention system (NIDS/IPS) are considered as one of the hottest topics in computer security. On the other side firewalls have optimized several times and different types have been introduced. Today by integrating NIDS and firewall a new product comes to the market, which is called IPS. IPSs protect information systems from unauthorized access, damage...
Electronic business or on-line cooperation transactions happen regularly over the internet. Such a transaction usually involves a service provider who provides a certain service (i.e., perform an on-line purchase) and a service requester who requests the service. In order to decide whether a service requester can access a service, a distributed access control system can be used. Traditional identity-based...
Because of the growing complexity of networks and the difficult task of security policy enforcement, system administrators need simple and powerful security management tools. This paper presents a network security management tool that allows policy specification and administration of network security components such as firewall. The tool consists of four main modules. First module is considered the...
This paper discusses that there is significant benefit in providing stronger security at lower layers of network stack for network servers. It claims to reduce the attack vulnerability of a networked host by providing security mechanisms in a Network Interface Card (NIC). Dynamic access control mechanisms are implemented in hardware to limit access to the services only to authenticated hosts. To this...
The extensible authentication protocol (EAP), which is typically used over wireless LANs and point-to-point links, allows a server to request authentication information from a client. The protocol for carrying authentication for network access (PANA) is designed to transport EAP messages over IP networks. This paper presents a formal coloured Petri net model and analysis of PANA, focusing on the initial...
The Apache server combining with MySQL and PHP has becoming a new platform, the LAMP for Web based applications. The platform level security had been dealt with by the security improvement of the OS, firewall and HTTP server. Yet the application level security problems seemed to be overlooked. In this paper an application level security mechanism using once-only URL is proposed. Also an Apache plug-in...
Current prevention techniques provide restrictive responses that may take a local reaction in a limited information system infrastructure. In this paper, an in depth and comprehensive approach is introduced for responding to intrusions in an efficient way. This approach considers not only the threat and the architecture of the monitored information system, but also the security policy. The proposed...
This paper presents TNC-UTM, a holistic solution to secure enterprise networks from gateway to endpoints. Just as its name suggested, the TNC-UTM solution combines two popular techniques TNC and UTM together by defining an interface between them that integrates their security capacity to provide efficiently network access control and security protection for enterprise network. Not only TNC-UTM provides...
In a very high-speed network environment such as gigabit Ethernet network, firewalls that have to inspect and filter all flowing packets are reaching their limits. A firewall running on a single machine is potential bottleneck and cannot scale over certain thresholds, even if it has particular hardware built-in. Hence, parallel system appears as an alternative approach under this circumstance. This...
With the advent of various access technologies and increasing number of applications, a set of challenges concerning efficient delivery of ubiquitous services to heterogeneous users and devices have been posed. One of the important challenges is to integrate quality of service (QoS), security and mobility support in heterogeneous networks. To facilitate the interworking of these mechanisms we propose...
The trusted network connect (TNC) is based on the double concepts of integrity and identity. The policy enforcement point (PEP) in TNC architecture is deeply studied and powerful broadband remote access server (BRAS) is also applied into the architecture. The new BRAS model is able to set up access control rules in accordance with the level of trust, filter traffic according to filtering rules and...
Internet protocol television (IPTV), becoming a popular business model, provides interactive and personalized service. IPTV provides identification, authentication and personalized services though Set-top box (STB) by a unique hardware identifier. This is based on box-level identification, which is inconsistent with IPTV's main intention of providing personalized services. The goal of the proposed...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.