Internet Security - Science topic

Zhu, R. (2015). An Initial Study of Customer Internet Banking Security Awareness and Behaviour in China. In PACIS (p. 87).

SCYTHER its preferable

Netsim simulator is the best, it's gathering all these features of all other simulators

This is an interesting topic and several approaches can be used. As Branko Džakula mentioned, normally long-running, complex and well-coordinated missions are required, but sometimes easily exploitable attack vectors are available, too.

While DDoS can be used to deny access to a website quite easily, typically that only works for a limited time. Especially with respect to illicit content, DoS'ing does not bring down the source or owner of a website.

Therefore, to permanently bring down a website in the dark web, an identification of the server resp. the real IP address is required to initiate law enforcement.

To de-anonymize a user, three basic approaches can be used: technical exploitation, exploiting indirect shortcomings, and human error.

- Technical attacks are executed on Tor itself by exploiting design or implementation errors of the Tor protocol or software; the "relay early traffic confirmation attack" is an example.

- A subcategory of technical attacks on Tor are attacks exploiting vulnerabilities of components involved, but not of the Tor network itself, e.g., attacking the Firefox Browser or Add-Ons used by the Tor Browser. A well-known example is the shutdown of the "Playpen" dark web child pornography website by the FBI in February 2015. The FBI used a so-called "Network Investigative Technique" to de-anonymize the users. This was, in fact, the "exploitation" of an Adobe Flash Plug-In feature (class Decloak) which was enabled in older versions of the Tor Browser. Based on that, the FBI collected the real IP addresses of several thousand visitors and hacked into 8700 computers in 120 countries. After the prosecutions, 548 people were sentenced (as of May 2017), while the creator of Playpen was sentenced to 30 years.

- The second category is indirect shortcomings which are not based on design or implementation vulnerabilities, e.g., default configurations of a webserver. An example is the popular Apache web server, which ships with the feature "mod_status" enabled, providing server details via the page "/server_status". For security reasons, the page is only accessible from localhost - but the Tor demon _is_ running on localhost, therefore, if enabled in standard configuration, the status page could be accessed via the dark web. In one example, all search queries of a dark web search engine were exposed as the could be looked up within the content of the status plugin. Clever utilization of uXDT (ultrasound cross-device tracking) is another example of indirect de-anonymization attacks.

- Last but not least, the often most prominent category when talking about security issues is also a common attack vector for de-anonymization in the dark web: human error and carelessness. For example, Ross Ulbricht (Dread Pirate Roberts, creator of the Silk Road) was caught because of a link of his dark web pseudonym to his Gmail address used in a public talk.

You can find more details about these attacks, additional examples, and other de-anonymization attacks in a paper of mine, which deals with the dark web, de-anonymization attacks and the often overrated role of the dark web: https://ccdcoe.org/uploads/2019/06/Art_15_Hidden-in-the-Shadow.pdf

check the website https://www.zscaler.com/products/zscaler-internet-access A secure Internet gateway is a security solution that delivers protection to the internet network by preventing unauthorized traffic to enter the organization’s internal network. It is deployed by enterprises to provide security to their users from getting infected by malicious internet traffic, suspicious websites or malware. It also enables to follow compliance of the organization's policies and regulations. A gateway is a router which is a halting point for data that comes in and goes out of the computer network. Gateway has made communication easy to send and receive data across networks. Gateway is the prime component and without it, internet would not have been of any use.

Importance of Secure Internet Gateway - A Secure Internet Gateway is predominently deployed to monitor, track and protect the internet network by preventing suspicious traffic and data from coming in and going out of the corporate network. A secure web gateway is primarily used to monitor and prevent malicious traffic and data from entering, or even leaving, an organization’s network. It is deployed through gateway device/hardware/application implementing on the borders of the network obstruct current and future threats over all ports and protocols. It terminates access to malicious domains, IPs, URLs, and files even before establishing a connection or downloading a file. Secure Internet Gateway features URL filtering, application level control, data leakage prevention, malware code detection. Best Secure Internet Gateway Software -

Comodo Dome Secure Internet Gateway offers a security suite with functionalities to detect and obstruct any kind of malware activity from entering the network without creating any impact on the user experience and other normal operations of the computer. Comodo Dome implements the Default Deny approach through auto-containment technology, and ensures prevention mechanism by analysing the unknown or suspicious files even before they are delivered to the users. It is comprehensive, flexible, end-user friendly and easy to set up.

Email is aces@usm.my

Following

Thanks a lot.

I am following answer

Thanks, this link is not working

A brief introduction to cryptography from the IBM website may also help you to understand: https://www.ibm.com/support/knowledgecenter/en/SSB23S_1.1.0.14/gtps7/seccon.html

This website will generate keys online:

I think that a simple read lock should fulfill your requirement of giving merely one process access to a certificate repository. I caught a glimpse of the existing literature and found a patent about a read and write lock management at https://www.google.com/patents/US6029190. I hope it helps you.

I can give u some advises if still not achieved the work...

You might also be interested in our paper talking about key cloud security considerations that we made at Intel when deploying and using applications tin the cloud.

Security of Internet of things is complex:

-First, some things may be small (so sensor network security and RFID security may come to mind as a model. So achieving secrecy may be a challenge.

-Second: some things need authentication since they represent sensitive control function. How to do it?

-Some things may be in the wild, so how can one assures they are not contaminated by the adversary.

-Some things have identity and some need privacy perhaps as to not reveal too much info for tracking.

-A big new issue is that "things" may have real-world function so safety of their operation under malicious possible attack is to be considered.

I would start with possibly the literature/ software on what works in sensor networks as a possible reference point for physical security, confidentiality, and authentication issues, and with digital control networks for safety.

Hi Bo Sun, 

Are you referring to Virtual machine interfaces or Virtual machine introspection ( the host IDS that exploits virtual machine introspection to check the integrity of a kernel running inside a virtual machine)? I am assuming the later, in case here are a list of articles:

A Virtual Machine Introspection Based Architecture for Intrusion Detection

Virtual machine introspection: Observation or interference?

Virtual Machine Introspection:

A formal model for virtual machine introspection:

Virtuoso: Narrowing the Semantic Gap in Virtual Machine Introspection:

For VMI, as defined above, then yes this sounds like a useful approach - in fact a combination of VMI and Network monitoring is likely to provide a more "semantic" observation of VM escaping. Contextually speaking that is, for example where you capture a correlation between VMI and network activities to build a picture of anomalous resource access and network activity.

An interesting subject!

You may want to read our work on the matter.

Take a look at Legal requirements as mentioned above, and privacy policy statements from organizations to derive privacy requirements which then you can transform for applications. 

Your IDS is supposed to check the intrusions of a real-world data set, just recently released or just launch it by yourself. When we are doing real-time detection then we are supposed to launch the attacks or whatever you are interested in. After that run your algorithm and if it results well than you can surely use it for real time evaluation. KDD is no more. You can use Snort or other alternatives of Snort for doing so. 

I assume you are referring to web app security assessment.

Try starting with http://www.openvas.org/ http://sqlmap.org/ and http://sectools.org/tool/nikto/. 

Beside all technical countermeasures to detect and antagonize phishing, it can also be prevented by improving the online users' phishing awareness. Just catch a glimpse at https://www.researchgate.net/profile/Curtis_Carver/publication/222730836_Phishing_for_user_security_awareness/links/0deec5161aaaf78130000000.pdf for example!

Hello, 

A review of the cloud computing is mentioned in the following paper and a solution is mentioned for secure instance migration in the cloud. "Towards secure instance migration in the cloud". You can find this on my profile.

The terms “dependability”‎ and “security”‎ have been used interchangeably to describe the properties of secure and trusted software.

However, the extant literature shows that dependability attributes are considered as the cure for security threats, abnormal behavior and untrustworthy issues in a software system.

A system is considered dependable when it can be depended on to produce the consequences for which it was designed, with no adverse effect in its intended environment. Dependability comprises several attributes that imply availability, confidentiality, integrity, reliability, safety, and maintainability.

Methods and tools to attain the dependability attributes have been discussed in details in my previous publications.

I hope this can help you. Good luck.

 One of my undergraduate students did a project that consisted of the following:

A multi threaded port knocker which used the following measures:

1) each message was sent with an RSA key for validation

2) the user used the key to encrypt the AES key

3) the AES key was used to encode the next port knocking sequence. this would protect the protocol from replay attacks.

One feature that was otu of scope but could serve as future work is cycling the AES key and RSA keys.

Hope this helps

Thank you khoula for your reply

thanks

Ultimately it  depends on the scenario you wish to apply either. With cryptography there are obvious visual clues, obfuscated data or merely a password entry screen. However, with Steganography the user can send the image to multiple recipients without them even realising that the image contains hidden data, and only the intended recipient can be made aware of this contents and the means of how to extract said data.

Could you be more specific on the type of advise you are searching for? So that we can better address your inquiry

That really depends with whom you wish to communicate. As a general-purpose, long-standing, trusted solution I'd recommend the PGP web of trust. You can still use Gmail with it, for example by using Thunderbird with the Enigmail plugin, because you don't have to share your key with Google. The problem is of course key management - if it's lost, it has to be revoked.

For more tailored uses I'd go with starting a Tor hidden service, to run a hidden portal. For general-purpose web traffic one could use the HTTPS Anywhere plugin along with adblockers and tracker-disablers that are available for all major browsers. Since we're on the topic of browser plugins I should also mention Crypto.Cat, which starts up an encrypted chatroom (which anyone can join if they know the chatroom name).

These things so far deal with use-cases and not with theory. The biggest threat (since you mention wireless networks) is a man-in-the-middle attack, and that's why the WoT recommends only trusting keys you've received in person. I hope I've answered the "meat" of the question; please add a comment if I've left something out.

My opinion is that KDD CUP 99 data are obsolete and i believe the academic community should give researchers the opportunity to try new datasets and not asking them all the time to compare there results with this obsolete dataset. If you check the internet for example in Wireshark website you will find many pcap files from newer attacks. You can combine them and try make them as one dataset and test them with your IDS. If you manage to create a good dataset is good to publish it in the internet so that other researchers can test them also.

Now about your question is how you are going to use this data. I mean what IDS you are going to use. Most IDS like Snort are signature based. Anomaly based it need sensor across the network training etc. Check this article is very good http://www.scmagazine.com/signature-based-or-anomaly-based-intrusion-detection-the-practice-and-pitfalls/article/30471/

I hope i helped you.

you can refer to a newly published paper in IEEE Communications Surveys & Tutorials entitled "Security and Privacy in Cloud Computing".