Mapping the location of 2.4 GHz transmitters to achieve optimal usage of an IEEE 802.11 network
- Wells, David D, Siebörger, Ingrid G, Irwin, Barry V W
- Authors: Wells, David D , Siebörger, Ingrid G , Irwin, Barry V W
- Date: 2008
- Language: English
- Type: Conference paper
- Identifier: vital:6605 , http://hdl.handle.net/10962/d1009325
- Description: This paper describes the use of a low cost 2.4 GHz spectrum analyser, the MetaGeek WiSpy device, in conjunction with custom developed client-server software for the accurate identification of 2.4 GHz transmitters within a given area. The WiSpy dongle together with the custom developed software allow for determination of the positions of Wi-Fi transmitters to within a few meters, which can be helpful in reducing the work load for physical searches in the process of surveying the Wi-Fi network and geographical area. This paper describes the tool and methodology for a site survey as a component that can be used in organisations wishing to audit their environments for Wi-Fi networks. The tool produced from this project, the WiSpy Signal Source Mapping Tool, is a three part application based on a client-server architecture. One part interfaces with a low cost 2.4 GHz spectrum analyser, another stores the data collected from all the spectrum analysers and the third part interprets the data to provide a graphical overview of the Wi-Fi network being analysed. The location of the spectrum analysers are entered as GPS points, and the tool can interface with a GPS device to automatically update its geographical location. The graphical representation of the 2.4 GHz spectrum populated with Wi-Fi devices (Wi-Fi network) provided a fairly accurate method in locating and tracking 2.4 GHz devices. Accuracy of the WiSpy Signal Source Mapping Tool is hindered by obstructions, interferences within the area or non line of sight.
- Full Text:
- Date Issued: 2008
- Authors: Wells, David D , Siebörger, Ingrid G , Irwin, Barry V W
- Date: 2008
- Language: English
- Type: Conference paper
- Identifier: vital:6605 , http://hdl.handle.net/10962/d1009325
- Description: This paper describes the use of a low cost 2.4 GHz spectrum analyser, the MetaGeek WiSpy device, in conjunction with custom developed client-server software for the accurate identification of 2.4 GHz transmitters within a given area. The WiSpy dongle together with the custom developed software allow for determination of the positions of Wi-Fi transmitters to within a few meters, which can be helpful in reducing the work load for physical searches in the process of surveying the Wi-Fi network and geographical area. This paper describes the tool and methodology for a site survey as a component that can be used in organisations wishing to audit their environments for Wi-Fi networks. The tool produced from this project, the WiSpy Signal Source Mapping Tool, is a three part application based on a client-server architecture. One part interfaces with a low cost 2.4 GHz spectrum analyser, another stores the data collected from all the spectrum analysers and the third part interprets the data to provide a graphical overview of the Wi-Fi network being analysed. The location of the spectrum analysers are entered as GPS points, and the tool can interface with a GPS device to automatically update its geographical location. The graphical representation of the 2.4 GHz spectrum populated with Wi-Fi devices (Wi-Fi network) provided a fairly accurate method in locating and tracking 2.4 GHz devices. Accuracy of the WiSpy Signal Source Mapping Tool is hindered by obstructions, interferences within the area or non line of sight.
- Full Text:
- Date Issued: 2008
Spam Construction Trends
- Irwin, Barry V W, Friedman, Blake
- Authors: Irwin, Barry V W , Friedman, Blake
- Date: 2008
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428762 , vital:72534 , https://www.researchgate.net/profile/Barry-Ir-win/publication/220803159_Spam_Construction_Trends/links/53fc76bd0cf2dca8ffff22fb/Spam-Construction-Trends.pdf
- Description: This paper replicates and extends Observed Trends in Spam Construction Tech-niques: A Case Study of Spam Evolution. A corpus of 169,274 spam email was col-lected over a period of five years. Each spam email was tested for construction techniques using SpamAssassin’s spamicity tests. The results of these tests were col-lected in a database. Formal definitions of Pu and Webb’s co-existence, extinction and complex trends were developed and applied to the results within the database. A comparison of the Spam Evolution Study and this paper’s results took place to de-termine the relevance of the trends. A geolocation analysis was conducted on the corpus, as an extension, to determine the major geographic sources of the corpus.
- Full Text:
- Date Issued: 2008
- Authors: Irwin, Barry V W , Friedman, Blake
- Date: 2008
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428762 , vital:72534 , https://www.researchgate.net/profile/Barry-Ir-win/publication/220803159_Spam_Construction_Trends/links/53fc76bd0cf2dca8ffff22fb/Spam-Construction-Trends.pdf
- Description: This paper replicates and extends Observed Trends in Spam Construction Tech-niques: A Case Study of Spam Evolution. A corpus of 169,274 spam email was col-lected over a period of five years. Each spam email was tested for construction techniques using SpamAssassin’s spamicity tests. The results of these tests were col-lected in a database. Formal definitions of Pu and Webb’s co-existence, extinction and complex trends were developed and applied to the results within the database. A comparison of the Spam Evolution Study and this paper’s results took place to de-termine the relevance of the trends. A geolocation analysis was conducted on the corpus, as an extension, to determine the major geographic sources of the corpus.
- Full Text:
- Date Issued: 2008
Towards a taxonomy of network scanning techniques
- Barnett, Richard J, Irwin, Barry V W
- Authors: Barnett, Richard J , Irwin, Barry V W
- Date: 2008
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/430310 , vital:72682 , https://doi.org/10.1145/1456659.1456660
- Description: Network scanning is a common reconnaissance activity in network in-trusion. Despite this, it's classification remains vague and detection sys-tems in current Network Intrusion Detection Systems are incapable of detecting many forms of scanning traffic. This paper presents a classi-fication of network scanning and illustrates how complex and varied this activity is. The presented classification extends previous, well known, definitions of scanning traffic in a manner which reflects this complexity.
- Full Text:
- Date Issued: 2008
- Authors: Barnett, Richard J , Irwin, Barry V W
- Date: 2008
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/430310 , vital:72682 , https://doi.org/10.1145/1456659.1456660
- Description: Network scanning is a common reconnaissance activity in network in-trusion. Despite this, it's classification remains vague and detection sys-tems in current Network Intrusion Detection Systems are incapable of detecting many forms of scanning traffic. This paper presents a classi-fication of network scanning and illustrates how complex and varied this activity is. The presented classification extends previous, well known, definitions of scanning traffic in a manner which reflects this complexity.
- Full Text:
- Date Issued: 2008
Using inetvis to evaluate snort and bro scan detection on a network telescope
- Irwin, Barry V W, van Riel, J P
- Authors: Irwin, Barry V W , van Riel, J P
- Date: 2008
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/429981 , vital:72656 , https://doi.org/10.1007/978-3-540-78243-8_17
- Description: This paper presents an investigative analysis of net-work scans and scan detection algorithms. Visualisa-tion is employed to review network telescope traffic and identify incidents of scan activity. Some of the identified phenomena appear to be novel forms of host discovery. Scan detection algorithms used by the Snort and Bro intrusion detection systems are cri-tiqued by comparing the visualised scans with alert output. Where human assessment disagrees with the alert output, explanations are sought by analysing the detection algorithms. The Snort and Bro algorithms are based on counting unique connection attempts to destination addresses and ports. For Snort, notable false positive and false negative cases result due to a grossly oversimplified method of counting unique destination addresses and ports.
- Full Text:
- Date Issued: 2008
- Authors: Irwin, Barry V W , van Riel, J P
- Date: 2008
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/429981 , vital:72656 , https://doi.org/10.1007/978-3-540-78243-8_17
- Description: This paper presents an investigative analysis of net-work scans and scan detection algorithms. Visualisa-tion is employed to review network telescope traffic and identify incidents of scan activity. Some of the identified phenomena appear to be novel forms of host discovery. Scan detection algorithms used by the Snort and Bro intrusion detection systems are cri-tiqued by comparing the visualised scans with alert output. Where human assessment disagrees with the alert output, explanations are sought by analysing the detection algorithms. The Snort and Bro algorithms are based on counting unique connection attempts to destination addresses and ports. For Snort, notable false positive and false negative cases result due to a grossly oversimplified method of counting unique destination addresses and ports.
- Full Text:
- Date Issued: 2008
A Digital Forensic investigative model for business organisations
- Forrester, Jock, Irwin, Barry V W
- Authors: Forrester, Jock , Irwin, Barry V W
- Date: 2007
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/430078 , vital:72664 , https://www.researchgate.net/profile/Barry-Ir-win/publication/228783555_A_Digital_Forensic_investigative_model_for_business_organisations/links/53e9c5e80cf28f342f414987/A-Digital-Forensic-investigative-model-for-business-organisations.pdf
- Description: When a digital incident occurs there are generally three courses of ac-tions that are taken, generally dependant on the type of organisation within which the incident occurs, or which is responding the event. In the case of law enforcement the priority is to secure the crime scene, followed by the identification of evidentiary sources which should be dispatched to a specialist laboratory for analysis. In the case of an inci-dent military (or similar critical infrastructures) infrastructure the primary goal becomes one of risk identification and elimination, followed by re-covery and possible offensive measures. Where financial impact is caused by an incident, and revenue earning potential is adversely af-fected, as in the case of most commercial organisations), root cause analysis, and system remediation is of primary concern, with in-depth analysis of the how and why left until systems have been restored.
- Full Text:
- Date Issued: 2007
- Authors: Forrester, Jock , Irwin, Barry V W
- Date: 2007
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/430078 , vital:72664 , https://www.researchgate.net/profile/Barry-Ir-win/publication/228783555_A_Digital_Forensic_investigative_model_for_business_organisations/links/53e9c5e80cf28f342f414987/A-Digital-Forensic-investigative-model-for-business-organisations.pdf
- Description: When a digital incident occurs there are generally three courses of ac-tions that are taken, generally dependant on the type of organisation within which the incident occurs, or which is responding the event. In the case of law enforcement the priority is to secure the crime scene, followed by the identification of evidentiary sources which should be dispatched to a specialist laboratory for analysis. In the case of an inci-dent military (or similar critical infrastructures) infrastructure the primary goal becomes one of risk identification and elimination, followed by re-covery and possible offensive measures. Where financial impact is caused by an incident, and revenue earning potential is adversely af-fected, as in the case of most commercial organisations), root cause analysis, and system remediation is of primary concern, with in-depth analysis of the how and why left until systems have been restored.
- Full Text:
- Date Issued: 2007
A geopolitical analysis of long term internet network telescope traffic
- Irwin, Barry V W, Pilkington, Nik, Barnett, Richard J, Friedman, Blake
- Authors: Irwin, Barry V W , Pilkington, Nik , Barnett, Richard J , Friedman, Blake
- Date: 2007
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428142 , vital:72489 , https://www.researchgate.net/profile/Barry-Ir-win/publication/228848896_A_geopolitical_analysis_of_long_term_internet_network_telescope_traffic/links/53e9c5190cf2fb1b9b672aee/A-geopolitical-analysis-of-long-term-internet-network-telescope-traffic.pdf
- Description: This paper presents results form the analysis of twelve months of net-work telescope traffic spanning 2005 and 2006, and details some of the tools developed. The most significant results of the analysis are high-lighted. In particular the bulk of traffic analysed had its source in the China from a volume perspective, but Eastern United States, and North Western Europe were shown to be primary sources when the number of unique hosts were considered. Traffic from African states (South Af-rica in particular) was also found to be surprisingly high. This unex-pected result may be due to the network locality preference of many automated agents. Both statistical and graphical analysis are present-ed. It is found that a country with a high penetration of broadband con-nectivity is likley to feature highly in Network telescope traffic, as are networks logically close to the telescope network.
- Full Text:
- Date Issued: 2007
- Authors: Irwin, Barry V W , Pilkington, Nik , Barnett, Richard J , Friedman, Blake
- Date: 2007
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428142 , vital:72489 , https://www.researchgate.net/profile/Barry-Ir-win/publication/228848896_A_geopolitical_analysis_of_long_term_internet_network_telescope_traffic/links/53e9c5190cf2fb1b9b672aee/A-geopolitical-analysis-of-long-term-internet-network-telescope-traffic.pdf
- Description: This paper presents results form the analysis of twelve months of net-work telescope traffic spanning 2005 and 2006, and details some of the tools developed. The most significant results of the analysis are high-lighted. In particular the bulk of traffic analysed had its source in the China from a volume perspective, but Eastern United States, and North Western Europe were shown to be primary sources when the number of unique hosts were considered. Traffic from African states (South Af-rica in particular) was also found to be surprisingly high. This unex-pected result may be due to the network locality preference of many automated agents. Both statistical and graphical analysis are present-ed. It is found that a country with a high penetration of broadband con-nectivity is likley to feature highly in Network telescope traffic, as are networks logically close to the telescope network.
- Full Text:
- Date Issued: 2007
Bridging the gap for Next Generation Services: Presence Services on Legacy Devices
- Moyo, Thamsanqa, Thinyane, Mamello, Wright, Madeleine, Irwin, Barry V W, Clayton, Peter G, Terzoli, Alfredo
- Authors: Moyo, Thamsanqa , Thinyane, Mamello , Wright, Madeleine , Irwin, Barry V W , Clayton, Peter G , Terzoli, Alfredo
- Date: 2007
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428177 , vital:72491 , https://d1wqtxts1xzle7.cloudfront.net/49665432/Paper_2063_20-_20Moyo-libre.pdf?1476717366=andresponse-content-disposi-tion=inline%3B+filename%3DBridging_the_gap_for_Next_Generation_Ser.pdfandEx-pires=1714737455andSignature=RRbr9pzIYSYX8v7FG6FzV4tu3dFXm9qmmqq5WirOhuYdt--mjOfcDHQNLPYZHCmtgYZWdVk6bVFxfGOVJxgXrvkTe2QN2AZV3XfFTZ3mi1s3A5gw2jIXOVHrYUnaf~POgdijdY85mqWhco3vL6Qk3sOZgYjIlTF5ZGAKg1S54W978Nom01cT2~oqRA0Et6mTNmydWfF5MhFxQIq~LNmYqEqmEESKkkWQFwg6xJJUu0uGffbaZXXBA6oDI2cpfkz1FleKyKaRDRJvdfnuTHPoJJ4TzfO6DDVCWKvJ45jaxIzaGmK-03Ai29I-DPyy-c557kZh~kF3rmDg3zrXVNaL8A__andKey-Pair-Id=APKAJLOHF5GGSLRBV4ZA
- Description: Next generation services are provided by applications that leverage packet-based domains. A challenge faced by such services is the support for multiple devices, including legacy devices. Our paper examines a strategy for the pro-vision of next generation services on legacy cellular network devices. We ad-vocate that the provision of next generation services via applications on the SIM card allows for the deployment of such services on legacy devices. We demonstrate this assertion through a proof of concept application, SIMPre, that resides on a SIM card. SIMPre implements a presence service by leveraging Java Card, the SIM Application Toolkit and the OMA IMPS standard. We show that it is possible to provide a next generation service on the SIM card such that it ubiquitously integrates with the functionality of a legacy device. We con-clude through this demonstration that the SIM card is a viable option for provid-ing backward compatibility to legacy devices in the implementation of next generation services.
- Full Text:
- Date Issued: 2007
- Authors: Moyo, Thamsanqa , Thinyane, Mamello , Wright, Madeleine , Irwin, Barry V W , Clayton, Peter G , Terzoli, Alfredo
- Date: 2007
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428177 , vital:72491 , https://d1wqtxts1xzle7.cloudfront.net/49665432/Paper_2063_20-_20Moyo-libre.pdf?1476717366=andresponse-content-disposi-tion=inline%3B+filename%3DBridging_the_gap_for_Next_Generation_Ser.pdfandEx-pires=1714737455andSignature=RRbr9pzIYSYX8v7FG6FzV4tu3dFXm9qmmqq5WirOhuYdt--mjOfcDHQNLPYZHCmtgYZWdVk6bVFxfGOVJxgXrvkTe2QN2AZV3XfFTZ3mi1s3A5gw2jIXOVHrYUnaf~POgdijdY85mqWhco3vL6Qk3sOZgYjIlTF5ZGAKg1S54W978Nom01cT2~oqRA0Et6mTNmydWfF5MhFxQIq~LNmYqEqmEESKkkWQFwg6xJJUu0uGffbaZXXBA6oDI2cpfkz1FleKyKaRDRJvdfnuTHPoJJ4TzfO6DDVCWKvJ45jaxIzaGmK-03Ai29I-DPyy-c557kZh~kF3rmDg3zrXVNaL8A__andKey-Pair-Id=APKAJLOHF5GGSLRBV4ZA
- Description: Next generation services are provided by applications that leverage packet-based domains. A challenge faced by such services is the support for multiple devices, including legacy devices. Our paper examines a strategy for the pro-vision of next generation services on legacy cellular network devices. We ad-vocate that the provision of next generation services via applications on the SIM card allows for the deployment of such services on legacy devices. We demonstrate this assertion through a proof of concept application, SIMPre, that resides on a SIM card. SIMPre implements a presence service by leveraging Java Card, the SIM Application Toolkit and the OMA IMPS standard. We show that it is possible to provide a next generation service on the SIM card such that it ubiquitously integrates with the functionality of a legacy device. We con-clude through this demonstration that the SIM card is a viable option for provid-ing backward compatibility to legacy devices in the implementation of next generation services.
- Full Text:
- Date Issued: 2007
Bridging the gap for Next Generation Services: Presence Services on Legacy Devices
- Moyo, Thamsanqa, Thinyane, Mamello, Wright, Madeleine, Irwin, Barry V W, Clayton, Peter G, Terzoli, Alfredo
- Authors: Moyo, Thamsanqa , Thinyane, Mamello , Wright, Madeleine , Irwin, Barry V W , Clayton, Peter G , Terzoli, Alfredo
- Date: 2007
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428176 , vital:72492 , https://d1wqtxts1xzle7.cloudfront.net/49665432/Paper_2063_20-_20Moyo-libre.pdf?1476717366=andresponse-content-disposi-tion=inline%3B+filename%3DBridging_the_gap_for_Next_Generation_Ser.pdfandEx-pires=1714737455andSignature=RRbr9pzIYSYX8v7FG6FzV4tu3dFXm9qmmqq5WirOhuYdt--mjOfcDHQNLPYZHCmtgYZWdVk6bVFxfGOVJxgXrvkTe2QN2AZV3XfFTZ3mi1s3A5gw2jIXOVHrYUnaf~POgdijdY85mqWhco3vL6Qk3sOZgYjIlTF5ZGAKg1S54W978Nom01cT2~oqRA0Et6mTNmydWfF5MhFxQIq~LNmYqEqmEESKkkWQFwg6xJJUu0uGffbaZXXBA6oDI2cpfkz1FleKyKaRDRJvdfnuTHPoJJ4TzfO6DDVCWKvJ45jaxIzaGmK-03Ai29I-DPyy-c557kZh~kF3rmDg3zrXVNaL8A__andKey-Pair-Id=APKAJLOHF5GGSLRBV4ZA
- Description: Next generation services are provided by applications that leverage packet-based domains. A challenge faced by such services is the support for multiple devices, including legacy devices. Our paper examines a strategy for the pro-vision of next generation services on legacy cellular network devices. We ad-vocate that the provision of next generation services via applications on the SIM card allows for the deployment of such services on legacy devices. We demonstrate this assertion through a proof of concept application, SIMPre, that resides on a SIM card. SIMPre implements a presence service by leveraging Java Card, the SIM Application Toolkit and the OMA IMPS standard. We show that it is possible to provide a next generation service on the SIM card such that it ubiquitously integrates with the functionality of a legacy device. We con-clude through this demonstration that the SIM card is a viable option for provid-ing backward compatibility to legacy devices in the implementation of next generation services.
- Full Text:
- Date Issued: 2007
- Authors: Moyo, Thamsanqa , Thinyane, Mamello , Wright, Madeleine , Irwin, Barry V W , Clayton, Peter G , Terzoli, Alfredo
- Date: 2007
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428176 , vital:72492 , https://d1wqtxts1xzle7.cloudfront.net/49665432/Paper_2063_20-_20Moyo-libre.pdf?1476717366=andresponse-content-disposi-tion=inline%3B+filename%3DBridging_the_gap_for_Next_Generation_Ser.pdfandEx-pires=1714737455andSignature=RRbr9pzIYSYX8v7FG6FzV4tu3dFXm9qmmqq5WirOhuYdt--mjOfcDHQNLPYZHCmtgYZWdVk6bVFxfGOVJxgXrvkTe2QN2AZV3XfFTZ3mi1s3A5gw2jIXOVHrYUnaf~POgdijdY85mqWhco3vL6Qk3sOZgYjIlTF5ZGAKg1S54W978Nom01cT2~oqRA0Et6mTNmydWfF5MhFxQIq~LNmYqEqmEESKkkWQFwg6xJJUu0uGffbaZXXBA6oDI2cpfkz1FleKyKaRDRJvdfnuTHPoJJ4TzfO6DDVCWKvJ45jaxIzaGmK-03Ai29I-DPyy-c557kZh~kF3rmDg3zrXVNaL8A__andKey-Pair-Id=APKAJLOHF5GGSLRBV4ZA
- Description: Next generation services are provided by applications that leverage packet-based domains. A challenge faced by such services is the support for multiple devices, including legacy devices. Our paper examines a strategy for the pro-vision of next generation services on legacy cellular network devices. We ad-vocate that the provision of next generation services via applications on the SIM card allows for the deployment of such services on legacy devices. We demonstrate this assertion through a proof of concept application, SIMPre, that resides on a SIM card. SIMPre implements a presence service by leveraging Java Card, the SIM Application Toolkit and the OMA IMPS standard. We show that it is possible to provide a next generation service on the SIM card such that it ubiquitously integrates with the functionality of a legacy device. We con-clude through this demonstration that the SIM card is a viable option for provid-ing backward compatibility to legacy devices in the implementation of next generation services.
- Full Text:
- Date Issued: 2007
Evaluating compression as an enabler for centralised monitoring in a Next Generation Network
- Otten, Fred, Irwin, Barry V W, Slay, Hannah
- Authors: Otten, Fred , Irwin, Barry V W , Slay, Hannah
- Date: 2007
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428226 , vital:72495 , https://citeseerx.ist.psu.edu/document?repid=rep1andtype=pdfanddoi=f9ed69db7da44c168082934cd4ea5a413b2bf7f5
- Description: With the emergence of Next Generation Networks and a large number of next generation services, the volume and diversity of information is on the rise. These networks are often large, distributed and consist of het-erogeneous devices. In order to provide effective centralised monitoring and control we need to be able to assemble the relevant data at a cen-tral point. This becomes difficult because of the large quantity of data. We also would like to achieve this using the least amount of bandwidth, and minimise the latency. This paper investigates using compression to enable centralised monitoring and control. It presents the results of ex-periments showing that compression is an effective method of data re-duction, resulting in up to 93.3 percent reduction in bandwidth usage for point-to-point transmission. This paper also describes an architecture that incorporates compression and provides centralised monitoring and control.
- Full Text:
- Date Issued: 2007
- Authors: Otten, Fred , Irwin, Barry V W , Slay, Hannah
- Date: 2007
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428226 , vital:72495 , https://citeseerx.ist.psu.edu/document?repid=rep1andtype=pdfanddoi=f9ed69db7da44c168082934cd4ea5a413b2bf7f5
- Description: With the emergence of Next Generation Networks and a large number of next generation services, the volume and diversity of information is on the rise. These networks are often large, distributed and consist of het-erogeneous devices. In order to provide effective centralised monitoring and control we need to be able to assemble the relevant data at a cen-tral point. This becomes difficult because of the large quantity of data. We also would like to achieve this using the least amount of bandwidth, and minimise the latency. This paper investigates using compression to enable centralised monitoring and control. It presents the results of ex-periments showing that compression is an effective method of data re-duction, resulting in up to 93.3 percent reduction in bandwidth usage for point-to-point transmission. This paper also describes an architecture that incorporates compression and provides centralised monitoring and control.
- Full Text:
- Date Issued: 2007
Inetvis: a graphical aid for the detection and visualisation of network scans
- Irwin, Barry V W, van Riel, Jean-Pierre
- Authors: Irwin, Barry V W , van Riel, Jean-Pierre
- Date: 2007
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/430381 , vital:72687 , https://www.cs.ru.ac.za/research/g02V2468/publications/Irwin-VizSEC2007_draft.pdf
- Description: This paper presents an investigative analysis of network scans and scan detection algorithms. Visualisation is employed to review network telescope traffic and identify incidents of scan activity. Some of the identified phenomena appear to be novel forms of host discovery. The scan detection algorithms of Snort and Bro are critiqued by comparing the visualised scans with alert output. Where human assessment disa-grees with the alert output, explanations are sought after by analysing the detection algorithms. The algorithms of the Snort and Bro intrusion detection systems are based on counting unique connection attempts to destination addresses and ports. For Snort, notable false positive and false negative cases result due to a grossly oversimplified method of counting unique destination addresses and ports.
- Full Text:
- Date Issued: 2007
- Authors: Irwin, Barry V W , van Riel, Jean-Pierre
- Date: 2007
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/430381 , vital:72687 , https://www.cs.ru.ac.za/research/g02V2468/publications/Irwin-VizSEC2007_draft.pdf
- Description: This paper presents an investigative analysis of network scans and scan detection algorithms. Visualisation is employed to review network telescope traffic and identify incidents of scan activity. Some of the identified phenomena appear to be novel forms of host discovery. The scan detection algorithms of Snort and Bro are critiqued by comparing the visualised scans with alert output. Where human assessment disa-grees with the alert output, explanations are sought after by analysing the detection algorithms. The algorithms of the Snort and Bro intrusion detection systems are based on counting unique connection attempts to destination addresses and ports. For Snort, notable false positive and false negative cases result due to a grossly oversimplified method of counting unique destination addresses and ports.
- Full Text:
- Date Issued: 2007
A Discussion Of Wireless Security Technologies
- Janse van Rensburg, Johanna, Irwin, Barry V W
- Authors: Janse van Rensburg, Johanna , Irwin, Barry V W
- Date: 2006
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/429852 , vital:72645 , https://www.researchgate.net/profile/Barry-Ir-win/publication/228864029_A_DISCUSSION_OF_WIRELESS_SECURITY_TECHNOLOGIES/links/53e9c5190cf28f342f41492b/A-DISCUSSION-OF-WIRELESS-SECURITY-TECHNOLOGIES.pdf
- Description: The 802.11 standard contains a number of problems, ranging from in-terference, co-existence issues, exposed terminal problems and regula-tions to security. Despite all of these it has become a widely deployed technology as an extension of companies’ networks to provide mobility. In this paper the focus will be on the security issues of 802.11. Several solutions for the deployment of 802.11 security exists today, ranging from WEP, WPA, VPN and 802.11 i, each providing a different level of security. These technologies contain pros and cons which need to be understood in order to implement an appropriate solution suited to a specific scenario.
- Full Text:
- Date Issued: 2006
- Authors: Janse van Rensburg, Johanna , Irwin, Barry V W
- Date: 2006
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/429852 , vital:72645 , https://www.researchgate.net/profile/Barry-Ir-win/publication/228864029_A_DISCUSSION_OF_WIRELESS_SECURITY_TECHNOLOGIES/links/53e9c5190cf28f342f41492b/A-DISCUSSION-OF-WIRELESS-SECURITY-TECHNOLOGIES.pdf
- Description: The 802.11 standard contains a number of problems, ranging from in-terference, co-existence issues, exposed terminal problems and regula-tions to security. Despite all of these it has become a widely deployed technology as an extension of companies’ networks to provide mobility. In this paper the focus will be on the security issues of 802.11. Several solutions for the deployment of 802.11 security exists today, ranging from WEP, WPA, VPN and 802.11 i, each providing a different level of security. These technologies contain pros and cons which need to be understood in order to implement an appropriate solution suited to a specific scenario.
- Full Text:
- Date Issued: 2006
Design considerations for a reliable and secure wireless network
- Janse van Rensburg, Johanna, Irwin, Barry V W, Zhao, X G
- Authors: Janse van Rensburg, Johanna , Irwin, Barry V W , Zhao, X G
- Date: 2006
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428199 , vital:72493 , https://www.researchgate.net/profile/Barry-Ir-win/publication/327622818_Design_considerations_for_a_reliable_and_secure_wireless_network/links/5b9a114792851c4ba81819fe/Design-considerations-for-a-reliable-and-secure-wireless-network.pdf
- Description: Wireless Networks have become widely accepted in enterprise net-works and can no longer be considered an experimental technology. However users often experience performance problems due to poor designs. These problems can be attributed to the physical nature of wireless networks, the electromagnetic wave. As a wave propagates through the air it is susceptible to interference, reflection or refraction, to name a few, that changes the wave and ultimately the received signal. However the effect of these can be mitigated with the proper design of a wireless network. In this paper these design consideration will be in-troduced through discussion of visualization packages that aid in the design process. Furthermore we will take a look at the security consid-erations of wireless networks; as, surprisingly even with the ratification of 802.11 i for almost two years now; security is still considered one of the biggest challenges against implementing a wireless local area net-work.
- Full Text:
- Date Issued: 2006
- Authors: Janse van Rensburg, Johanna , Irwin, Barry V W , Zhao, X G
- Date: 2006
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428199 , vital:72493 , https://www.researchgate.net/profile/Barry-Ir-win/publication/327622818_Design_considerations_for_a_reliable_and_secure_wireless_network/links/5b9a114792851c4ba81819fe/Design-considerations-for-a-reliable-and-secure-wireless-network.pdf
- Description: Wireless Networks have become widely accepted in enterprise net-works and can no longer be considered an experimental technology. However users often experience performance problems due to poor designs. These problems can be attributed to the physical nature of wireless networks, the electromagnetic wave. As a wave propagates through the air it is susceptible to interference, reflection or refraction, to name a few, that changes the wave and ultimately the received signal. However the effect of these can be mitigated with the proper design of a wireless network. In this paper these design consideration will be in-troduced through discussion of visualization packages that aid in the design process. Furthermore we will take a look at the security consid-erations of wireless networks; as, surprisingly even with the ratification of 802.11 i for almost two years now; security is still considered one of the biggest challenges against implementing a wireless local area net-work.
- Full Text:
- Date Issued: 2006
DRAPA-a flexible framework for evaluating the quality of VoIP components
- Clayton, Bradley, Terzoli, Alfredo, Irwin, Barry V W
- Authors: Clayton, Bradley , Terzoli, Alfredo , Irwin, Barry V W
- Date: 2006
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428213 , vital:72494 , https://d1wqtxts1xzle7.cloudfront.net/3456214/No_268_-_Clayton-libre.pdf?1390832682=andresponse-content-disposi-tion=inline%3B+filename%3DDRAPA_a_flexible_framework_for_evaluatin.pdfandExpires=1714742712andSignature=FTQ3UMH7w9KMXeuld-NbnboBP9kqza7jDnVI2AJMFrhV6fkW56bPgPZKVAY-bKJFqJP-jq4h4JwRhWVuCA-oIIA4ckbhKHA4OoL4X5DYtlujkhkombcp-B5fVR02AioXBazDtfnTGvZLE21wluH0BnkBL9OAQSen7YJDzDsYtNH2pFIn06Nmg9-kDaJoRmW9KWlQs8BwyaXml4-pG~FrpiGCRclANXBSpmsxYSdJyZAnHq2ZZNqx9pEHigaYHUUgllDq64dp8C8R84xAbbbRcvt-XNhuQ~fU2AkJILms4FUkJSjGI0E-TOKhh7vQiVIh5KzZX8MOiS~rEuBH6ekx8g__andKey-Pair-Id=APKAJLOHF5GGSLRBV4ZA
- Description: When adding to or altering a VoIP system, the overall performance and quality of the system is at risk. For example, adding confidentiality, in-tegrity and authentication (CIA) would incur an overhead for each addi-tional security method. A method of measuring the performance of a VoIP system after a change or addition is needed. This paper describes a framework and testbed (DRAPA) which provides a flexible base from which VoIP performance analysis systems can be built. DRAPA gener-ates and collects data from any part of a VoIP system within a real do-main. This paper also discusses the flexibility of DRAPA. While security is our primary focus, DRAPA allows the user to configure the testbed and change the type and nature of data to be collected.
- Full Text:
- Date Issued: 2006
- Authors: Clayton, Bradley , Terzoli, Alfredo , Irwin, Barry V W
- Date: 2006
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428213 , vital:72494 , https://d1wqtxts1xzle7.cloudfront.net/3456214/No_268_-_Clayton-libre.pdf?1390832682=andresponse-content-disposi-tion=inline%3B+filename%3DDRAPA_a_flexible_framework_for_evaluatin.pdfandExpires=1714742712andSignature=FTQ3UMH7w9KMXeuld-NbnboBP9kqza7jDnVI2AJMFrhV6fkW56bPgPZKVAY-bKJFqJP-jq4h4JwRhWVuCA-oIIA4ckbhKHA4OoL4X5DYtlujkhkombcp-B5fVR02AioXBazDtfnTGvZLE21wluH0BnkBL9OAQSen7YJDzDsYtNH2pFIn06Nmg9-kDaJoRmW9KWlQs8BwyaXml4-pG~FrpiGCRclANXBSpmsxYSdJyZAnHq2ZZNqx9pEHigaYHUUgllDq64dp8C8R84xAbbbRcvt-XNhuQ~fU2AkJILms4FUkJSjGI0E-TOKhh7vQiVIh5KzZX8MOiS~rEuBH6ekx8g__andKey-Pair-Id=APKAJLOHF5GGSLRBV4ZA
- Description: When adding to or altering a VoIP system, the overall performance and quality of the system is at risk. For example, adding confidentiality, in-tegrity and authentication (CIA) would incur an overhead for each addi-tional security method. A method of measuring the performance of a VoIP system after a change or addition is needed. This paper describes a framework and testbed (DRAPA) which provides a flexible base from which VoIP performance analysis systems can be built. DRAPA gener-ates and collects data from any part of a VoIP system within a real do-main. This paper also discusses the flexibility of DRAPA. While security is our primary focus, DRAPA allows the user to configure the testbed and change the type and nature of data to be collected.
- Full Text:
- Date Issued: 2006
Identifying and Investigating Intrusive Scanning Patterns by Visualizing Network Telescope Traffic in a 3-D Scatter-plot
- van Riel, Jean-Pierre, Irwin, Barry V W
- Authors: van Riel, Jean-Pierre , Irwin, Barry V W
- Date: 2006
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428719 , vital:72531 , https://citeseerx.ist.psu.edu/document?repid=rep1type=pdfanddoi=aeb0738f0e53a8c9f407fee7e55c852643f2644c
- Description: Detecting and investigating intrusive Internet activity is an ever-present challenge for network administrators and security researchers. Network monitoring can generate large, unmanageable amounts of log data, which further complicates distinguishing between illegitimate and legiti-mate traffic. Considering the above issue, this article has two aims. First, it describes an investigative methodology for network monitoring and traffic review; and second, it discusses results from applying this meth-od. The method entails a combination of network telescope traffic cap-ture and visualisation. Observing traffic from the perspective of a dedi-cated sensor network reduces the volume of data and alleviates the concern of confusing malicious traffic with legitimate traffic. Compliment-ing this, visual analysis facilitates the rapid review and correlation of events, thereby utilizing human intelligence in the identification of scan-ning patterns. To demonstrate the proposed method, several months of network telescope traffic is captured and analysed with a tailor made 3D scatter-plot visualisation. As the results show, the visualisation saliently conveys anomalous patterns, and further analysis reveals that these patterns are indicative of covert network probing activity. By incorporat-ing visual analysis with traditional approaches, such as textual log re-view and the use of an intrusion detection system, this research contrib-utes improved insight into network scanning incidents.
- Full Text:
- Date Issued: 2006
- Authors: van Riel, Jean-Pierre , Irwin, Barry V W
- Date: 2006
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428719 , vital:72531 , https://citeseerx.ist.psu.edu/document?repid=rep1type=pdfanddoi=aeb0738f0e53a8c9f407fee7e55c852643f2644c
- Description: Detecting and investigating intrusive Internet activity is an ever-present challenge for network administrators and security researchers. Network monitoring can generate large, unmanageable amounts of log data, which further complicates distinguishing between illegitimate and legiti-mate traffic. Considering the above issue, this article has two aims. First, it describes an investigative methodology for network monitoring and traffic review; and second, it discusses results from applying this meth-od. The method entails a combination of network telescope traffic cap-ture and visualisation. Observing traffic from the perspective of a dedi-cated sensor network reduces the volume of data and alleviates the concern of confusing malicious traffic with legitimate traffic. Compliment-ing this, visual analysis facilitates the rapid review and correlation of events, thereby utilizing human intelligence in the identification of scan-ning patterns. To demonstrate the proposed method, several months of network telescope traffic is captured and analysed with a tailor made 3D scatter-plot visualisation. As the results show, the visualisation saliently conveys anomalous patterns, and further analysis reveals that these patterns are indicative of covert network probing activity. By incorporat-ing visual analysis with traditional approaches, such as textual log re-view and the use of an intrusion detection system, this research contrib-utes improved insight into network scanning incidents.
- Full Text:
- Date Issued: 2006
Inetvis, a visual tool for network telescope traffic analysis
- van Riel, Jean-Pierre, Irwin, Barry V W
- Authors: van Riel, Jean-Pierre , Irwin, Barry V W
- Date: 2006
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/430176 , vital:72671 , https://doi.org/10.1145/1108590.1108604
- Description: This article illustrates the merits of visual analysis as it presents prelimi-nary findings using InetVis - an animated 3-D scatter plot visualization of network events. The concepts and features of InetVis are evaluated with reference to related work in the field. Tested against a network scanning tool, anticipated visual signs of port scanning and network mapping serve as a proof of concept. This research also unveils sub-stantial amounts of suspicious activity present in Internet traffic during August 2005, as captured by a class C network telescope. InetVis is found to have promising scalability whilst offering salient depictions of intrusive network activity.
- Full Text:
- Date Issued: 2006
- Authors: van Riel, Jean-Pierre , Irwin, Barry V W
- Date: 2006
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/430176 , vital:72671 , https://doi.org/10.1145/1108590.1108604
- Description: This article illustrates the merits of visual analysis as it presents prelimi-nary findings using InetVis - an animated 3-D scatter plot visualization of network events. The concepts and features of InetVis are evaluated with reference to related work in the field. Tested against a network scanning tool, anticipated visual signs of port scanning and network mapping serve as a proof of concept. This research also unveils sub-stantial amounts of suspicious activity present in Internet traffic during August 2005, as captured by a class C network telescope. InetVis is found to have promising scalability whilst offering salient depictions of intrusive network activity.
- Full Text:
- Date Issued: 2006
Integrating Secure RTP into the Open Source VoIP PBX Asterisk
- Clayton, Bradley, Irwin, Barry V W, Terzoli, Alfredo
- Authors: Clayton, Bradley , Irwin, Barry V W , Terzoli, Alfredo
- Date: 2006
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428735 , vital:72532 , https://d1wqtxts1xzle7.cloudfront.net/84872934/66_Paper-libre.pdf?1650920302=response-content-disposi-tion=inline%3B+filename%3DIntegrating_Secure_RTP_into_the_Open_Sou.pdfExpires=1714744382Signature=PijjCGW0qcvkqRe-2R55HocKLvz9Ljw8jmhQvRQEi9YqJl7eWSiYnvs9CogY4u4bmDTYTLpvkA-nlfbiszg-s7Cq2nbLn3PUdfJ5cA11ujboi~i7oSoem7smuN1YCVZlg7FnZRd6mOXdTry9UAh8TlWyndF6pY1RXtc7bgb5cWeK4ggJ7~bM0HUXEbUKKa-abCZnGNrAZ59JIdL6CNx1Sht3o5mZTcyRL3PNVSOz17lldXi4FsAOEUwsVV-uv04hzp6pe6Qv5WbAP6tqk7deyoLUwk58A9F-PaJlOLy2gDAVLnbKT8RrxYg8tqv8SuBhPWb32CefBxv486N3F6izZw__Key-Pair-Id=APKAJLOHF5GGSLRBV4ZA
- Description: Implementations of Voice over Internet Protocol (VoIP) have focused, up to now, mainly on the need to transport data in real-time, often at the expense of security. The neglect of secure VoIP is often intentional, as developers are striving to minimise overheads and delays. The Secure Real-Time Protocol (SRTP) has the potential to secure real-time streams without exacting too high a performance price. SRTP is the addition of security to the audio/video profile used in the Real-Time Transport Protocol (RTP). SRTP adds confidentiality, integrity and op-tionaly authenticity to RTP media streams. This paper focuses on the integration of SRTP into Asterisk, an open-source VoIP PBX. SRTP support has recently been added to Asterisk by Mikael Magnusson. This paper analyses Magnusson’s implementation, contrasting it to a proof-of-concept implementation developed independently at Rhodes University. The interoperability of SRTP implementations cannot be taken for granted, given the relatively recent standardization of the pro-tocol, and so Magnusson’s implementation is tested against another SRTP implementation. Finally, the paper highlights a major shortcoming in Magnusson’s implementation, namely that the exchange of encryp-tion keys is done in the clear. It concludes by proposing possible solu-tions, such as TLS, IPSec and MIkey.
- Full Text:
- Date Issued: 2006
- Authors: Clayton, Bradley , Irwin, Barry V W , Terzoli, Alfredo
- Date: 2006
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428735 , vital:72532 , https://d1wqtxts1xzle7.cloudfront.net/84872934/66_Paper-libre.pdf?1650920302=response-content-disposi-tion=inline%3B+filename%3DIntegrating_Secure_RTP_into_the_Open_Sou.pdfExpires=1714744382Signature=PijjCGW0qcvkqRe-2R55HocKLvz9Ljw8jmhQvRQEi9YqJl7eWSiYnvs9CogY4u4bmDTYTLpvkA-nlfbiszg-s7Cq2nbLn3PUdfJ5cA11ujboi~i7oSoem7smuN1YCVZlg7FnZRd6mOXdTry9UAh8TlWyndF6pY1RXtc7bgb5cWeK4ggJ7~bM0HUXEbUKKa-abCZnGNrAZ59JIdL6CNx1Sht3o5mZTcyRL3PNVSOz17lldXi4FsAOEUwsVV-uv04hzp6pe6Qv5WbAP6tqk7deyoLUwk58A9F-PaJlOLy2gDAVLnbKT8RrxYg8tqv8SuBhPWb32CefBxv486N3F6izZw__Key-Pair-Id=APKAJLOHF5GGSLRBV4ZA
- Description: Implementations of Voice over Internet Protocol (VoIP) have focused, up to now, mainly on the need to transport data in real-time, often at the expense of security. The neglect of secure VoIP is often intentional, as developers are striving to minimise overheads and delays. The Secure Real-Time Protocol (SRTP) has the potential to secure real-time streams without exacting too high a performance price. SRTP is the addition of security to the audio/video profile used in the Real-Time Transport Protocol (RTP). SRTP adds confidentiality, integrity and op-tionaly authenticity to RTP media streams. This paper focuses on the integration of SRTP into Asterisk, an open-source VoIP PBX. SRTP support has recently been added to Asterisk by Mikael Magnusson. This paper analyses Magnusson’s implementation, contrasting it to a proof-of-concept implementation developed independently at Rhodes University. The interoperability of SRTP implementations cannot be taken for granted, given the relatively recent standardization of the pro-tocol, and so Magnusson’s implementation is tested against another SRTP implementation. Finally, the paper highlights a major shortcoming in Magnusson’s implementation, namely that the exchange of encryp-tion keys is done in the clear. It concludes by proposing possible solu-tions, such as TLS, IPSec and MIkey.
- Full Text:
- Date Issued: 2006
Monthly Patch Release Schedules: Do the Benefits Outweigh the Risks?
- White, Dominic, Irwin, Barry V W
- Authors: White, Dominic , Irwin, Barry V W
- Date: 2006
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428749 , vital:72533 , https://www.academia.edu/29214940/A_Unified_Patch_Management_Architecture
- Description: This paper attempts to address the issue of hardening the internal security of an or-ganisation’s network by easing its patch management. A unified architecture to aid with this process is proposed, with the view towards the implementation of an open source, cross platform tool to solve this problem.
- Full Text:
- Date Issued: 2006
- Authors: White, Dominic , Irwin, Barry V W
- Date: 2006
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428749 , vital:72533 , https://www.academia.edu/29214940/A_Unified_Patch_Management_Architecture
- Description: This paper attempts to address the issue of hardening the internal security of an or-ganisation’s network by easing its patch management. A unified architecture to aid with this process is proposed, with the view towards the implementation of an open source, cross platform tool to solve this problem.
- Full Text:
- Date Issued: 2006
The Need for Centralised, Cross Platform Information Aggregation
- Otten, Fred, Irwin, Barry V W, Slay, Hannah
- Authors: Otten, Fred , Irwin, Barry V W , Slay, Hannah
- Date: 2006
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428773 , vital:72535 , https://d1wqtxts1xzle7.cloudfront.net/2355475/8jlt6v8tz4wmhs6.pdf?1425084143=response-content-disposi-tion=inline%3B+filename%3DThe_need_for_centralised_cross_platform.pdfExpires=1714743760Signature=fsImuFaOfYc2FtUC88DqRrK1Anh84~rvBsZt2j46BfPyKMbbmswGZN5E2ajRJ7tZi5SZ4zQJvI5U6L47nmoXlNA0~Vo3pON-sYEo6Kn3TiTLvxwUpPQALnP7IvL-EEhgh11T-OuNZf0Q8QArxk6iqi4zjiOYbHUb~FDWw8MJ7ekH~frNS75mDrjpZ4xL8MqPNRHctaR3E5m~4i71SYO8hfbZw4vu7AhNNNvrRoIhbtLCEUsg-j7TkBDgVHts8LCsM5knmEKwgQTSBQTkLoRuNmXngqYikjvL7jUuHXibjSVaMSD78WRqXE~LDDkT7KXU7EbkPXzjRYJyamQ5qDXa3A__ey-Pair-Id=APKAJLOHF5GGSLRBV4ZA
- Description: With the move towards global and multi-national companies, information technology infrastructure requirements are increasing. As the size of these computer networks increases, it becomes more and more difficult to moni-tor, control, and secure them. Network security involves the creation of large amounts of information in the form of logs and messages from a number of diverse devices, sensors, and gateways which are often spread over large geographical areas. This makes the monitoring and control difficult, and hence poses security problems. The aggregation of information is necessary in information audits, intrusion detection, network monitoring and management. The use of different platforms and devices complicates the problem, and makes aggregation more difficult. Network security administrators and security researchers require aggregation to simplify the analysis and comprehension of activity across the entire net-work. Centralised information aggregation will help deal with redundancy, analysis, monitoring and control. This aids the detection of wide spread attacks on global organisational networks, improving intrusion detection and mitigation. This paper discusses and motivates the need for central-ised, cross platform information aggregation in greater detail. It also sug-gests methods which may be used, discusses the security issues, and gives the advantages and disadvantages of aggregation.
- Full Text:
- Date Issued: 2006
- Authors: Otten, Fred , Irwin, Barry V W , Slay, Hannah
- Date: 2006
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428773 , vital:72535 , https://d1wqtxts1xzle7.cloudfront.net/2355475/8jlt6v8tz4wmhs6.pdf?1425084143=response-content-disposi-tion=inline%3B+filename%3DThe_need_for_centralised_cross_platform.pdfExpires=1714743760Signature=fsImuFaOfYc2FtUC88DqRrK1Anh84~rvBsZt2j46BfPyKMbbmswGZN5E2ajRJ7tZi5SZ4zQJvI5U6L47nmoXlNA0~Vo3pON-sYEo6Kn3TiTLvxwUpPQALnP7IvL-EEhgh11T-OuNZf0Q8QArxk6iqi4zjiOYbHUb~FDWw8MJ7ekH~frNS75mDrjpZ4xL8MqPNRHctaR3E5m~4i71SYO8hfbZw4vu7AhNNNvrRoIhbtLCEUsg-j7TkBDgVHts8LCsM5knmEKwgQTSBQTkLoRuNmXngqYikjvL7jUuHXibjSVaMSD78WRqXE~LDDkT7KXU7EbkPXzjRYJyamQ5qDXa3A__ey-Pair-Id=APKAJLOHF5GGSLRBV4ZA
- Description: With the move towards global and multi-national companies, information technology infrastructure requirements are increasing. As the size of these computer networks increases, it becomes more and more difficult to moni-tor, control, and secure them. Network security involves the creation of large amounts of information in the form of logs and messages from a number of diverse devices, sensors, and gateways which are often spread over large geographical areas. This makes the monitoring and control difficult, and hence poses security problems. The aggregation of information is necessary in information audits, intrusion detection, network monitoring and management. The use of different platforms and devices complicates the problem, and makes aggregation more difficult. Network security administrators and security researchers require aggregation to simplify the analysis and comprehension of activity across the entire net-work. Centralised information aggregation will help deal with redundancy, analysis, monitoring and control. This aids the detection of wide spread attacks on global organisational networks, improving intrusion detection and mitigation. This paper discusses and motivates the need for central-ised, cross platform information aggregation in greater detail. It also sug-gests methods which may be used, discusses the security issues, and gives the advantages and disadvantages of aggregation.
- Full Text:
- Date Issued: 2006
Toward visualised network intrusion detection
- van Riel, J.P, Irwin, Barry V W
- Authors: van Riel, J.P , Irwin, Barry V W
- Date: 2006
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428238 , vital:72496 , https://www.cs.ru.ac.za/research/g02v2468/publications/vanRiel-SATNAC2006.pdf
- Description: To deal with the large volume of network data, contemporary solutions seek to automate the process of detecting intrusive activity. However, intrusion detection systems can produce an overwhelming number of alerts, and many false alarms can obscure serious intrusion attempts. To overcome these difficulties, this paper suggests combining dedicat-ed sensor network monitoring with visualisation. With the aim of evaluat-ing intrusion detection systems, we introduce the idea of using graph-ical representations to superimpose alert information over raw network traffic.
- Full Text:
- Date Issued: 2006
- Authors: van Riel, J.P , Irwin, Barry V W
- Date: 2006
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428238 , vital:72496 , https://www.cs.ru.ac.za/research/g02v2468/publications/vanRiel-SATNAC2006.pdf
- Description: To deal with the large volume of network data, contemporary solutions seek to automate the process of detecting intrusive activity. However, intrusion detection systems can produce an overwhelming number of alerts, and many false alarms can obscure serious intrusion attempts. To overcome these difficulties, this paper suggests combining dedicat-ed sensor network monitoring with visualisation. With the aim of evaluat-ing intrusion detection systems, we introduce the idea of using graph-ical representations to superimpose alert information over raw network traffic.
- Full Text:
- Date Issued: 2006
Towards Central Vulnerability Management By Mobile Phone Operators
- Moyo, Thamsanqa, Irwin, Barry V W, Wright, Madeleine
- Authors: Moyo, Thamsanqa , Irwin, Barry V W , Wright, Madeleine
- Date: 2006
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428787 , vital:72536 , https://www.researchgate.net/profile/Barry-Ir-win/publication/237107512_Securing_mobile_commerce_interactions_through_secure_mobile_web_services/links/5b9a5898a6fdccd3cb4ff6cf/Securing-mobile-commerce-interactions-through-secure-mobile-web-services.pdf
- Description: The application of XML-based approaches in passing vulnerability in-formation between vulnerability management devices or software resid-ing on wired networks has been demonstrated. We propose a proof of concept framework for mobile operators that extends this use of XML into the area of vulnerability management on public land mobile net-works. Our proposed framework allows for a pro-active central man-agement of vulnerabilities found on mobile stations such as mobile phones. Despite the relatively limited number of reported vulnerabilities on mobile stations, such a pre-emptive approach from mobile operators is necessary to acquire the confidence of early adopters in Mobile Commerce. Given the diverse collection of devices and software that exist on a public land mobile network, XML-based approaches are best able to providing the inter-operability required for vulnerability manage-ment on such a network. Our proposed framework leverages web ser-vices by using the Open Vulnerability Assessment Language (OVAL) to provide vulnerability descriptions, and by securing these descriptions in SOAP messages conforming to the OASIS Web Services Security (WSS) standard. We contribute in three areas: firstly, through this framework we show that mobile operators can carry out centralized vul-nerability management on their public land mobile networks comprising of a wide variety of devices and software. Secondly, the assurance of integrity, confidentiality and non-repudiation inherently lacking in OVAL vulnerability descriptions is achieved through their encapsulation in SOAP messages conforming to the OASIS WSS standard. Thirdly, SOAP-based web service implementations allow for integration with vulnerability management tools and devices that do not conform to OVAL.
- Full Text:
- Date Issued: 2006
- Authors: Moyo, Thamsanqa , Irwin, Barry V W , Wright, Madeleine
- Date: 2006
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428787 , vital:72536 , https://www.researchgate.net/profile/Barry-Ir-win/publication/237107512_Securing_mobile_commerce_interactions_through_secure_mobile_web_services/links/5b9a5898a6fdccd3cb4ff6cf/Securing-mobile-commerce-interactions-through-secure-mobile-web-services.pdf
- Description: The application of XML-based approaches in passing vulnerability in-formation between vulnerability management devices or software resid-ing on wired networks has been demonstrated. We propose a proof of concept framework for mobile operators that extends this use of XML into the area of vulnerability management on public land mobile net-works. Our proposed framework allows for a pro-active central man-agement of vulnerabilities found on mobile stations such as mobile phones. Despite the relatively limited number of reported vulnerabilities on mobile stations, such a pre-emptive approach from mobile operators is necessary to acquire the confidence of early adopters in Mobile Commerce. Given the diverse collection of devices and software that exist on a public land mobile network, XML-based approaches are best able to providing the inter-operability required for vulnerability manage-ment on such a network. Our proposed framework leverages web ser-vices by using the Open Vulnerability Assessment Language (OVAL) to provide vulnerability descriptions, and by securing these descriptions in SOAP messages conforming to the OASIS Web Services Security (WSS) standard. We contribute in three areas: firstly, through this framework we show that mobile operators can carry out centralized vul-nerability management on their public land mobile networks comprising of a wide variety of devices and software. Secondly, the assurance of integrity, confidentiality and non-repudiation inherently lacking in OVAL vulnerability descriptions is achieved through their encapsulation in SOAP messages conforming to the OASIS WSS standard. Thirdly, SOAP-based web service implementations allow for integration with vulnerability management tools and devices that do not conform to OVAL.
- Full Text:
- Date Issued: 2006