分类目录归档:Information Security

infomation and communication systems security

Intrusion detection technology based on log analysis

发表回复

Abstract

 With the popularity and the development of Internet all over the world, the global computer networks have connected people’s study and work together. However, network attacks and intrusions cause a great threat to national security, economic, and social life. Therefore, the information security problems have gradually become the focal point for the information industry, have become an important component of national security, and also are the keys to determine whether the national economy would develops rapidly and sustainably.

Intrusion detection is an important part of information security technology, involving log analysis, vulnerability detection, attack path detection, and other technologies, which rely heavily on data analysis technology. By the security log analysis, the characteristic of the packets for attack and the model of the attack sequence can be easily generated, so the intrusion model can also be obtained.

This report focuses on technology for connectedly analysing network security audit data, the security log to discover the characteristics of the packet of intrusion and the attack sequence model.

Table of Contents

1 Introduction……………………………………………………….. 2

1.1 Background ……………………………………………………….2

1.1.1 Threats to information systems…………………………. 2

2 Overview …………………………………………………………….3

2.1 Intrusion detection …………………………………………….3

2.1.1 Anomaly detection ………………………………………….4

2.1.2 Misuse detection …………………………………………….5

2.2 Security log ……………………………………………………..6

3 Use the web log to detect and analyse hacking ………….7

3.1 Invasion by SQL injection of security holes …………..7

3.2 Invasion with uploading vulnerability …………………8

4 Conclusions and discussion ………………………………….9

5 Literature references ………………………………………….9

Click here to download (NB: You should register first)

[download id=”5″]

E-Passport System

发表回复
Index  
Chapter 1 Introduction……………………………………………………………… 3
Chapter 2 Benefits……………………………………………………………………… 5
2.1   Problem with Paper Passport……………………………………………. 5
2.2   Benefits of ePassport…………………………………………………………. 5
Chapter 3 Mechanism……………………………………………………………….. 6
3.1   Characteristics of ePassport System………………………………… 7
Chapter 4 Issues………………………………………………………………………… 8
4.1   Performance issues……………………………………………………………. 8
4.2   Security issues………………………………………………………………….. 8
4.3   Privacy Issues…………………………………………………………………… 9
4.4   Cultural issues………………………………………………………………….. 9
Chapter 5 Applying System Theory……………………………………….. 10
5.1   ePassport under Churchman’s model……………………………… 10
        5.1.1 Objective…………………………………………………………………. 10
        5.1.2 Environment…………………………………………………………… 10
5.1.3 Resource………………………………………………………………………… 11
5.1.4 Component……………………………………………………………………. 11
5.1.5 Management…………………………………………………………………. 11
5.2   The Systemic Holistic Model…………………………………………….. 11
5.2.2 Content subject areas……………………………………………………. 12
5.2.2 Levels of abstraction……………………………………………………. 12
5.2.2 Context orientation………………………………………………………. 12
5.3   Cost and benefits of e-passport………………………………………… 13
5.4 Boulding’s classification……………………………………………………… 14
5.5   Shannon Weaver Model…………………………………………………. 15
Chapter 6 Security……………………………………………………………………. 16
6.1   Main attacks to ePassport…………………………………………….. 16
6.2   Main Solutions for ePassport……………………………………………. 17
6.3   Attacks and Solutions reciprocal diagram……………………… 18
6.4   security scheme for ePassport in different countries…….. 19
Chapter 7 Conclusion…………………………………………………………… 20
Chapter 8 References…………………………………………………………… 21

Abstract

In this era of Information Technology, we try to maintain information technically. The attempt which is made to maintain is not always efficient or effective. Information is always prone to some risk. Person’s identity, passwords, secrets are very tedious to maintain. Personal identity indicates a set of attributes which are related with a person e.g. Family name, Personal number, Birth Date etc… Now a day, one of the toughest tasks is to manage the identity of a human being because most of the time it needs person authentication, where the main purpose is to either verify or identify person’s identity claim. From the very beginning of the human history, we have seen many evidences where human tried to develop many techniques to serve the above purpose.

Click here to download (NB: You should register first)

[download id=”1″]

Covert channel and Pseudo-anonymous(pseudonymous) remailers

4条回复

Covert channel

 Covert channel is a concealed communication path which is against organizational security policy. It often appears when two or more users are sharing files. Covert channel and legitimate channel attacks are often mixed up. For example, Steganography, the name of combination of methods which are used to hide the existence of data and messages, can be viewed as misuse of legitimate channel and can be protected by high secure operating system. But covert channel can not be avoided completely because it is a system feature [1], but the explicit design and analysis strategies can be used to weaken it. The concealment system which is similar to Steganography is to hide the information to some uncorrelated data in order to implement confidentiality. These two can be used to implement the covert channel, but they are more concentrated on the data and messages rather than the communication channel perspective. Tunneling can skip over the function of system and the access control mechanisms when accessing to the bottom facilities directly, but a covert channel can be hidden from access control mechanisms in a high secure OS [2], because it doesn’t use the legitimate commands in data transformation. Any two IPS protocol layers are often related to tunneling. For example, a TCP connection can be taken above SMTP as a covert channel to keep away from access control mechanisms when the TCP layer is applied by a security gateway below SMTP [3]. Storage channel is one of the two kinds of covert channels which is used to communication by changing the stored entity. It keeps the confidentiality between two system entities’ communication by writing and reading process to the storage location.

 Pseudo-anonymous remailers

 Pseudo-anonymous remailer, also called pseudonymous remailer, is to hide the original mail address of sender by giving him a pseudonym address. Compared with anonymizer viewed as a proxy sever computer between user and internet which can protect user’s personal information by concealing information of client computer and the onion routing which is to provide confidentiality and anonymity for the source of packets, pseudonymous remailer is more like implementing the function of alias to replace the entity’s real name in order to conceal or masquerade. They all appear in communication process, act as intermediaries and can make the activities untraceable, but pseudonymous remailer is concentrated on implement in mail system with the anonymity of user address and received headers [4]. Unlike anonymous remailer, such as cypherpunk anonymous remailers, it assigns a mapping between alias and real user name, and there are instructions in the database about the transformation. Anonymizer cares about the privacy and anonymity for client’s information and behaviors, such as IP, so that anyone including the server can not gather client’s information. Onion routing mainly makes messages encrypted repeatedly rather than use alias in anonymity. Messages are encapsulated with encrypted layered packets. When being sent through multiple onion routers, each onion router will decrypt one layer to get instructions and send messages to next router. In this way, any router could not know where the messages come from and go to, and the content. Anonymity in communication is showed in these three methods, all of them are aimed at keeping the confidentiality and avoiding traceable actions in communication process.

  Reference

 [1] “Glossary of Computer Security Terms”, NCSC-TG-004, version 1, 21 October 1988.

 [2] http://en.wikipedia.org/wiki/Covert_channel

 [3] http://tools.ietf.org/html/rfc4949

 [4] Suranga Manage, ”iNet Guide”, smanage@yahoo.com, Jan 02, 1999