Segurança da informação no correio eletrônico com base na ISO/IEC 17799 :um estudo de caso em uma instituição superior com foco no treinamento

The electronic mail service is one of the most Internet services that grow in the corporate environment. This evolution is bringing several problems for the organizations, especially to information that circulates inside of the corporate net. The lack of correct orientation to the people, about the usage and the security importance of these resources, is leaving breaches and causing misusage and overuse of service, for example. In recent literature, it starts to coming out several ideas, which has helped to rganizations how to plain and how to implement the information security system to the electronic mail in computer environment. However, these ideas are still not placed in practice in many companies, public or private. This dissertation tries to demonstrate the results of a research that has like goal, identify the importance that user training has over the information security policy, through a case study inside of private superior education institute in this state. Besides, this work had by basic orientation the ISO/IEC 17799, which talk about People Security. This study was developed over a proposed model to this research, which looked for offer conditions to guide the institution studied, how to plan better a information security policy to the electronic mail. Also, this research has an exploratory and descreptive nature and your type, qualitative. Firstly, it was applied na questionary to the information technology manager, as better way to get some general data and to deepen the contact which still then, it was being kept through e-mail. Thereupon this first contact, eleven interviews were done with the same manager, beside one interview with twenty-four users, among employees e students. After that to collect and transcript the interviews, were review with the manager all informations given, to correct any mistakes and to update that informations, to then, start the data analyze. The research suggests that the institution has a pro attitude about the information security policy and the electronic mail usage. However, it was clear that answers have their perception about information security under a very inexperient way, derived of a planning lack in relation to training program capable to solve the problem

Detecção e isolamento de falhas em sistemas dinâmicos baseados em redes neurais

This master dissertation presents the development of a fault detection and isolation system based in neural network. The system is composed of two parts: an identification subsystem and a classification subsystem. Both of the subsystems use neural network techniques with multilayer perceptron training algorithm. Two approaches for identifica-tion stage were analyzed. The fault classifier uses only residue signals from the identification subsystem. To validate the proposal we have done simulation and real experiments in a level system with two water reservoirs. Several faults were generated above this plant and the proposed fault detection system presented very acceptable behavior. In the end of this work we highlight the main difficulties found in real tests that do not exist when it works only with simulation environments

Proposta de um sistema de segurança eletrônica predial

This work presents a suggestion of a security system of land automation having as objective main the creation of a system capable from easy method, supervise the installations of a building with the goal to preserver security personal and patrimonial necessities, aim at portability low cost and use easiness. Was designed an alarms central and access controller that has digital and analogical inputs for sensors and outputs for buzzer, telephonic dialing and electronic lock. The system is supervised by software that makes solicitations of information to the alarms central through the one computer's serial port (RS-232). The supervisory software was developed in platform LabVIEW with displays the received data on a graphical interface informing the sensors' current states distributed in the building and system events as alarns occurrences. This system also can be viewed through the Internet for people registered by the land security's system administrator

Identificação remota de sistemas operacionais utilizando análise de processos aleatórios e redes neurais artificiais

A new method to perform TCP/IP fingerprinting is proposed. TCP/IP fingerprinting is the process of identify a remote machine through a TCP/IP based computer network. This method has many applications related to network security. Both intrusion and defence procedures may use this process to achieve their objectives. There are many known methods that perform this process in favorable conditions. However, nowadays there are many adversities that reduce the identification performance. This work aims the creation of a new OS fingerprinting tool that bypass these actual problems. The proposed method is based on the use of attractors reconstruction and neural networks to characterize and classify pseudo-random numbers generators

Uma ferramenta de manipulação de pacotes para análise de protocolos de redes industriais baseados em TCP/IP

This work presents a packet manipulation tool developed to realize tests in industrial devices that implements TCP/IP-based communication protocols. The tool was developed in Python programming language, as a Scapy extension. This tool, named IndPM- Industrial Packet Manipulator, can realize vulnerability tests in devices of industrial networks, industrial protocol compliance tests, receive server replies and utilize the Python interpreter to build tests. The Modbus/TCP protocol was implemented as proof-of-concept. The DNP3 over TCP protocol was also implemented but tests could not be realized because of the lack of resources. The IndPM results with Modbus/TCP protocol show some implementation faults in a Programmable Logic Controller communication module frequently utilized in automation companies

Otimização de Algoritmos Criptográficos para Redes de Sensores e Atuadores Sem-fio para Poços do Tipo Plunger Lift

Wireless sensors and actuators Networks specified by IEEE 802.15.4, are becoming increasingly being applied to instrumentation, as in instrumentation of oil wells with completion Plunger Lift type. Due to specific characteristics of the environment being installed, it s find the risk of compromising network security, and presenting several attack scenarios and the potential damage from them. It`s found the need for a more detailed security study of these networks, which calls for use of encryption algorithms, like AES-128 bits and RC6. So then it was implement the algorithms RC6 and AES-128, in an 8 bits microcontroller, and study its performance characteristics, critical for embedded applications. From these results it was developed a Hybrid Algorithm Cryptographic, ACH, which showed intermediate characteristics between the AES and RC6, more appropriate for use in applications with limitations of power consumption and memory. Also was present a comparative study of quality of security among the three algorithms, proving ACH cryptographic capability.

Superando os riscos da segurança baseada em perímetro - Uma abordagem com identificação federada através de certificados digitais A3/ICP-Brasil e SAML

The traditional perimeter-based approach for computer network security (the castle and the moat model) hinders the progress of enterprise systems and promotes, both in administrators and users, the delusion that systems are protected. To deal with the new range of threats, a new data-safety oriented paradigm, called de-perimeterisation , began to be studied in the last decade. One of the requirements for the implementation of the de-perimeterised model of security is the definition of a safe and effective mechanism for federated identity. This work seeks to fill this gap by presenting the specification, modelling and implementation of a mechanism for federated identity, based on the combination of SAML and X.509 digital certificates stored in smart-cards, following the A3 standard of ICP-Brasil (Brazilian official certificate authority and PKI)

Indústria informal de confecções e mercado de trabalho :um estudo sobre a grande Natal (1977-2003)

The process of globalization which has characterized today s Brazilian economic development is determining in the restructuring of productive capital, influencing the development of an economic model, founded on greater competition and use of technology. As a consequence of that, there has been a certain disorganization of the economy, the growth of social inequalities and the lack of structuring of the labor market and the social security system. This has favored a rapid growth of the urban informal economy in Brazil. In Rio Grande do Norte state, the Greater Natal area is the main production center. This is where this study found 58 informal textile industries. In the research, the organizational structure of these industries, characterized by intensive use of labor vis-à-vis the use of capital, problems with putting production in the market place, although links with the formal sector were evident, is analysed. The research also focuses on the relationship labor x capital, the nature and volume of the industrial activity in the 58 industries, their proprietors and 120 employees

A constituição desmilitarizada: democratização e reforma do sistema constitucional de segurança pública

The normative construction of the public security system in the Constituent Assembly of 1987-1988 preserved paradoxical normative space, the military police linked to the Army with a restrictive legal statute of the police offices citizenship through a hierarchical and disciplinary model that is anachronistic. This research originates from the following problem: How is it possible to tailor the constitutional system of public safety, specifically the Military Police, according to the democratic paradigms constructed by the Constituent from 1988 and carry the right to public safety under these molds? The militarists limitations of the Constitution allowed the growing militarization of police departments, organizational culture and authoritarian institutional practices. Underlying this, the problems related to difficulties in realization of Right to Public Safety, the strikes of the military police, the incomplete policy cycle started demanding from the constitutional-legal system appropriate responses. Utilizing the dialogical method and an interdisciplinary approach to the subject, and theoretically grounded in overcoming of the constitutional normativist juspositivism.It was found that the constructed infraconstitutional legislation was insufficient to supply the systemic shortcomings of constitutional law, when looking to create a single system of public security without giving due scope to the federal principle and expand the autonomy the Federated States, and even grant democratic legal status to the military police. Formal legal limits imposed by the Constitution constructed a legal anachronism, the military police. Thus, a democratic reading of military police institutions becomes inconceivable its existence in the constitutional regulatory environment. Thus, reform the Constitution in order to demilitarize the police and conduct a normative redesign of the public security system is fundamental to Brazilian constitutional democracy