Serwis Infona wykorzystuje pliki cookies (ciasteczka). Są to wartości tekstowe, zapamiętywane przez przeglądarkę na urządzeniu użytkownika. Nasz serwis ma dostęp do tych wartości oraz wykorzystuje je do zapamiętania danych dotyczących użytkownika, takich jak np. ustawienia (typu widok ekranu, wybór języka interfejsu), zapamiętanie zalogowania. Korzystanie z serwisu Infona oznacza zgodę na zapis informacji i ich wykorzystanie dla celów korzytania z serwisu. Więcej informacji można znaleźć w Polityce prywatności oraz Regulaminie serwisu. Zamknięcie tego okienka potwierdza zapoznanie się z informacją o plikach cookies, akceptację polityki prywatności i regulaminu oraz sposobu wykorzystywania plików cookies w serwisie. Możesz zmienić ustawienia obsługi cookies w swojej przeglądarce.
A heuristic approximation algorithm that can optimise the order of firewall rules to minimise packet matching is presented. It has been noted that firewall operators tend to make use of the fact that some firewall rules match most of the traffic, and conversely that others match little of the traffic. Consequently, ordering the rules such that the highest matched rules are as high in the table as...
Security constitutes a crucial concern in modern information systems. Several aspects are involved, such as user authentication (establishing and verifying users' identity), cryptology (changing secrets into unintelligible messages and back to the original secrets after transmission) and security policies (preventing illicit or forbidden accesses from users to information). Firewalls are a core element...
Fire, one severe disaster of the coal mine, threatens miners lives seriously and hampers the sustainable development of the mine. Current fire disaster evaluation with a strong subjectivity hasn't a perfect evaluation index system. This paper uses grey relational evaluation mode of the grey theory to analyze many non-linear, dynamic factors influenced fire disasters quantitatively and determine the...
Drive-by-download attacks have become the method of choice for cyber-criminals to infect machines with malware. Previous research has focused on developing techniques to detect web sites involved in drive-by-download attacks, and on measuring their prevalence by crawling large portions of the Internet. In this paper, we take a different approach at analyzing and understanding drive-by-download attacks...
In this paper, we investigate the problem of improving the performance and scalability of large firewall policies that comprise thousands of rules by detecting and resolving any potential conflicts among them. We present a novel, highly scalable data structure that requires O(n) space where n is the number of rules in the policy to represent the dependency among rules. After that, we describe a practical...
Policy deployment is the process by which policy editing commands are issued on firewall, so that the target policy becomes the running policy. The size and complexity of firewall policies require automated tools providing an adequate environment to specify, configure and deploy a target policy. In this paper, we make some contributions to the correctness of Firewall Policy Deployment. We show that...
Firewalls are no longer just perimeter devices for the data center, but should be weaved into the fabric of the network from edge to edge such as to offer security layered in-depth and ubiquitous. The next evolution of the firewall has to combine dynamic policy-based security with performance, rapid scaling, high availability and application intelligence. Today, increasing attention is paid to network...
With the urbanized development, large-scale commercial complexes emerge rapidly in which many constructive shapes and formats distribution exist. However, the current design of fire protection code is unable to stipulate them. Although it really resolved many difficulties in the engineering practice using the performance of fire protection design, it has also brought many problems like circumventing...
Security-functionality tradeoffs are well-known fact. In general boosting IT system functionality may lead to depleting security (confidentiality and integrity) and vice-versa. Furthermore there is a tradeoff between different basic security aspects: confidentiality and availability. Increasing confidentiality level may cause decrease in availability level. The problems should be carefully analyzed,...
Natural language processing (NLP) of clinical text offers great potential to expand secondary use of high-value electronic health record (EHR) data, but a barrier to adopting NLP is the high total cost of operation, driven mainly by the costs and limited availability of technical personnel in applied health research settings. To overcome this barrier we propose a cloud-based service systems model...
This paper is concerned with the problem of applying BP neural network in high-rising buildings fire risk assessment. By using the back propagation (BP) neural network, a smart fire risk estimation model is developed. Based on this model, we can obtain the building's fire rating, and by analysis the estimation results, we can develop a scheme to guide the decision-makers to improve the building's...
Firewalls are the most deployed security devices in computer networks. Nevertheless, designing and configuring distributed firewalls, which include determining access control rules and device placement in the network, is still a significantly complex task as it requires balancing between connectivity requirements and the inherent risk and cost. Formal approaches that allow for investigating distributed...
In this paper we propose a solution to strengthen the security of Domain Name System (DNS) servers associated with one or more Top Level Domains (TLD). In this way we intend to be able to reduce the security risk when using major internet services, based on DNS. The proposed solution has been developed and tested at FCCN, the TLD manager for the. PT domain. Through the implementation of network sensors...
Computer networks are inevitably attacked as a result of their openness, while network attack usually actualized by exploiting vulnerability existing in network environment. Attack graph, consisted of lots of related atomic attacks, can fully display the exploitation and dependence relations among all of the vulnerabilities existed in network. Thus, it is a very useful tool for network vulnerability...
Attack graph increasingly becomes a key technique for network security analysis, however, the prevalent Attacker's Ability Monotonic Assumption (AAMA) constraint for attack graph generation could not make full use of the direction of network attack and the hierarchy of defence. As a result, using AAMA is not efficient enough in the process of attack graph generation, especially for large-scale complicated...
Firewalls play an important role in the security of communication systems. They are widely adopted for protecting private networks by filtering out undesired network traffic in and out of the secured network. The verification of firewalls is a great challenge because of the dynamic characteristics of their operation, their configuration is highly error prone, and finally, they are considered the first...
Poor usability of IT security present a serious security vulnerability which can be exploited to compromise systems that are otherwise secure. This is of particular concern when considering that the majority of people connecting to the Internet are not experts in IT security. Personal firewalls represent the most important security mechanisms for protecting users against Internet security threats...
Network attack and defense experiments have always been the important practices in courses of network security. As the Internet is not a target of network attack and defense in experiments, a virtual network environment for attack and defense is needed. In this paper, we propose a network attack and defense experimental platform based on the virtual honey net. Network attacker is formed by a number...
Shoulder-surfing, phishing and keylogging are widely used by attackers to obtain users' sensitive credentials. In this paper, we propose a framework to strengthen password authentication using mobile devices and browser extensions. This approach provides a relatively high resilience against shoulder-surfing, phishing and keylogging attacks while requires no change on the server side. A prototype implementation...
Security policy is the core to ensure the system operating safely, security policy conflict will cause the system to suffer a security threaten, which even make system crash, therefore security policy conflict detection is particularly important. This paper researches the type of intra-node security policy conflict detection, analyses the complexity of algorithm of security policy conflict detection,...
Podaj zakres dat dla filtrowania wyświetlonych wyników. Możesz podać datę początkową, końcową lub obie daty. Daty możesz wpisać ręcznie lub wybrać za pomocą kalendarza.