Transmission Media Security
In this paper I will discuss the various types of media commonly used to connect computers into networks and analyze the many vulnerabilities of the different media types. Although my research did not uncover any new vulnerabilities (other than a newly discovered problem with WPA) it will nonetheless reiterate the importance of considering the media when planning for a secure network.
Read the Article
|
Security Measures to couple mixed IPv4/IPv6 Networks over a pure IPv6 Infrastructure by making Use of NAT-PT
The next generation of the Internet Protocol (IPv6) was developed to improve the within the Internet widespread deployed Internet Protocol (IPv4). Among other things it enlarges the available addressing space and improves security. Due to lack of unique IPv4 address space one strategy to couple existing IPv4 networks that uses private IPv4 addresses is to define a unique IPv6 network on top of the coupled IPv4 networks.
Read the Article
|
Attacking the DNS Protocol
This paper whilst containing nothing new on DNS security brings together in one document many strands of DNS security which has been published and reported in many separate publications before. As such this document intends to act as a single point of reference for DNS security.
Read the Article
|
Applying the OSI Seven Layer Network Model To Information Security
Data networking is a critical area of focus in the study of information security. This paper focuses on reviewing a key area of data networking theory - The Open Systems Interconnect (OSI) Seven Layer Network Model. This paper demonstrates the application of the model's concepts into the context of information security. This paper overall presents the perspective that common information security problems map directly to the logical constructs presented in the OSI Seven Layer Network Model, and seeks to demonstrate the Seven Layer Model's usefulness in evaluating information security problems and solutions. The OSI Model is presented by way of both formal definition and practical terms that affect information security on a layer-by-layer basis. For each layer, examples of common information security threats and controls are evaluated by how they fit into the OSI Seven Layer Model's layers of classification, with notes on exceptions and special cases.
Read the Article
|
Architecting, Designing and Building a Secure Information Technology Infrastructure, a case study
This case study follows the building of an Information Technology Infrastructure with an integrated Security Architecture. Describing this project as a case study indicates that this is a practical discussion not a theoretically one. This paper follows the process from concept to implementation. It shows the results of a pre-project analysis, follows the project through completion, examining the steps along the way. It concludes with a discussion of the post-project analysis and a comparison of the results from the two analyses. The paper will discuss what was done, why it was done and how it was accomplished. Conclusions are drawn on the relative success of the project. Although the project involves building an entire ITI this paper focuses on the security aspects. It will cover the high-level architecture and some of the low-level implementation details. The paper is written from the perspective of a System Administrator who has an intense interest in information security.
Read the Article
|
Implementing a Secure Internal Network
This paper presents how-to options and suggestions for designing and securing an internal network. Scenarios are provided concerning designs that may currently be in place and discussions and analysis on the risks involved and the vulnerabilities presented are included. Figures 1 through 5 illustrate a phased approach that can be used to migrate to a more secure environment through the use of a combination of router and switch configurations.
Read the Article
|
IPv4 Multicast Security: A Network Perspective
Multicast holds great promise in reducing the network bandwidth required for simultaneous communication between multiple hosts. Documented routing protocols and distribution methods are now enabling multicast implementations to move out of the LAN arena and into the larger world of the internet. Multicast's methods of operation pose new and extended demands on security models developed primarily for unicast data transmission. This paper examines the security implications of multicast communications as they relate to network management. It begins with a general description of multicast communications and then progresses to discussing multicast methods of operation within the Internet Protocol (IPv4) framework while contrasting them against the more familiar unicast operations. Security issues specific to multicast communications are identified and discussed. Possible solutions including the extension of IPsec to MIPsec are examined.
Read the Article
|
Secure Access of Network Resources by Remote Clients
This paper will identify the threats that remote access poses to corporate network security including those involving hackers, malicious applications and the use of weak access and physical controls. Solutions for these security problems will be proposed using three paradigms; remote-based safeguards that are client managed, remote-based safeguards that are centrally managed and network-based safeguards that are centrally managed. Both Host-based paradigms focus on protecting the remote client from security threats, which in turn, prevents the network from being compromised. The network-based paradigm does not attempt to safeguard the remote host, considering it to be unmanageable and untrustworthy.
Read the Article
|
Securing Extranet Connections
This paper will present one solution to securing a large number of extranet connections. In particular, the focus will be on the corporation who is the extranet network provider, or at the hub of a large extranet. The extranet network provider's responsibility for security is not only between it and its business partners and customers, but also making sure that partner A can't access systems at customer B (unless specifically requested).
Read the Article
|
Issues in Protecting Our Critical Infrastructure
Critical infrastructure is composed of the basic services that we have come to depend on, and are necessary to support our society and ensure national stability. It includes transportation, communications, power distribution systems, banking and financial institutions, and basic government operations, including law enforcement, fire services and the military. Loss of, or damage to, one of these services can have significant consequences, such as an event that shuts down our communications systems. Communications is a valuable part of all infrastructure components, and loss of this one piece can hamper the operation of the rest. It can have grave consequences if emergency services cannot be reached in a life-threatening situation. In a daily-life situation, we might not be able to make a phone call to order pizza because the telephone service is out, while at the same time we're missing the latest episode of CSI because the television transmission facilities are down.
Read the Article
|
