32 resultados para firewall
Resumo:
Die zunehmende Vernetzung der Informations- und Kommunikationssysteme führt zu einer weiteren Erhöhung der Komplexität und damit auch zu einer weiteren Zunahme von Sicherheitslücken. Klassische Schutzmechanismen wie Firewall-Systeme und Anti-Malware-Lösungen bieten schon lange keinen Schutz mehr vor Eindringversuchen in IT-Infrastrukturen. Als ein sehr wirkungsvolles Instrument zum Schutz gegenüber Cyber-Attacken haben sich hierbei die Intrusion Detection Systeme (IDS) etabliert. Solche Systeme sammeln und analysieren Informationen von Netzwerkkomponenten und Rechnern, um ungewöhnliches Verhalten und Sicherheitsverletzungen automatisiert festzustellen. Während signatur-basierte Ansätze nur bereits bekannte Angriffsmuster detektieren können, sind anomalie-basierte IDS auch in der Lage, neue bisher unbekannte Angriffe (Zero-Day-Attacks) frühzeitig zu erkennen. Das Kernproblem von Intrusion Detection Systeme besteht jedoch in der optimalen Verarbeitung der gewaltigen Netzdaten und der Entwicklung eines in Echtzeit arbeitenden adaptiven Erkennungsmodells. Um diese Herausforderungen lösen zu können, stellt diese Dissertation ein Framework bereit, das aus zwei Hauptteilen besteht. Der erste Teil, OptiFilter genannt, verwendet ein dynamisches "Queuing Concept", um die zahlreich anfallenden Netzdaten weiter zu verarbeiten, baut fortlaufend Netzverbindungen auf, und exportiert strukturierte Input-Daten für das IDS. Den zweiten Teil stellt ein adaptiver Klassifikator dar, der ein Klassifikator-Modell basierend auf "Enhanced Growing Hierarchical Self Organizing Map" (EGHSOM), ein Modell für Netzwerk Normalzustand (NNB) und ein "Update Model" umfasst. In dem OptiFilter werden Tcpdump und SNMP traps benutzt, um die Netzwerkpakete und Hostereignisse fortlaufend zu aggregieren. Diese aggregierten Netzwerkpackete und Hostereignisse werden weiter analysiert und in Verbindungsvektoren umgewandelt. Zur Verbesserung der Erkennungsrate des adaptiven Klassifikators wird das künstliche neuronale Netz GHSOM intensiv untersucht und wesentlich weiterentwickelt. In dieser Dissertation werden unterschiedliche Ansätze vorgeschlagen und diskutiert. So wird eine classification-confidence margin threshold definiert, um die unbekannten bösartigen Verbindungen aufzudecken, die Stabilität der Wachstumstopologie durch neuartige Ansätze für die Initialisierung der Gewichtvektoren und durch die Stärkung der Winner Neuronen erhöht, und ein selbst-adaptives Verfahren eingeführt, um das Modell ständig aktualisieren zu können. Darüber hinaus besteht die Hauptaufgabe des NNB-Modells in der weiteren Untersuchung der erkannten unbekannten Verbindungen von der EGHSOM und der Überprüfung, ob sie normal sind. Jedoch, ändern sich die Netzverkehrsdaten wegen des Concept drif Phänomens ständig, was in Echtzeit zur Erzeugung nicht stationärer Netzdaten führt. Dieses Phänomen wird von dem Update-Modell besser kontrolliert. Das EGHSOM-Modell kann die neuen Anomalien effektiv erkennen und das NNB-Model passt die Änderungen in Netzdaten optimal an. Bei den experimentellen Untersuchungen hat das Framework erfolgversprechende Ergebnisse gezeigt. Im ersten Experiment wurde das Framework in Offline-Betriebsmodus evaluiert. Der OptiFilter wurde mit offline-, synthetischen- und realistischen Daten ausgewertet. Der adaptive Klassifikator wurde mit dem 10-Fold Cross Validation Verfahren evaluiert, um dessen Genauigkeit abzuschätzen. Im zweiten Experiment wurde das Framework auf einer 1 bis 10 GB Netzwerkstrecke installiert und im Online-Betriebsmodus in Echtzeit ausgewertet. Der OptiFilter hat erfolgreich die gewaltige Menge von Netzdaten in die strukturierten Verbindungsvektoren umgewandelt und der adaptive Klassifikator hat sie präzise klassifiziert. Die Vergleichsstudie zwischen dem entwickelten Framework und anderen bekannten IDS-Ansätzen zeigt, dass der vorgeschlagene IDSFramework alle anderen Ansätze übertrifft. Dies lässt sich auf folgende Kernpunkte zurückführen: Bearbeitung der gesammelten Netzdaten, Erreichung der besten Performanz (wie die Gesamtgenauigkeit), Detektieren unbekannter Verbindungen und Entwicklung des in Echtzeit arbeitenden Erkennungsmodells von Eindringversuchen.
Resumo:
Resource, Poster and Reference for the coursework
Resumo:
INFO2009 2011/2012 Session, Group 20 (One Direction) resource on surveillance
Resumo:
One of the essential needs to implement a successful e-Government web application is security. Web application firewalls (WAF) are the most important tool to secure web applications against the increasing number of web application attacks nowadays. WAFs work in different modes depending on the web traffic filtering approach used, such as positive security mode, negative security mode, session-based mode, or mixed modes. The proposed WAF, which is called (HiWAF), is a web application firewall that works in three modes: positive, negative and session based security modes. The new approach that distinguishes this WAF among other WAFs is that it utilizes the concepts of Artificial Intelligence (AI) instead of regular expressions or other traditional pattern matching techniques as its filtering engine. Both artificial neural networks and fuzzy logic concepts will be used to implement a hybrid intelligent web application firewall that works in three security modes.
Resumo:
The increasing of the number of attacks in the computer networks has been treated with the increment of the resources that are applied directly in the active routers equip-ments of these networks. In this context, the firewalls had been consolidated as essential elements in the input and output control process of packets in a network. With the advent of intrusion detectors systems (IDS), efforts have been done in the direction to incorporate packets filtering based in standards of traditional firewalls. This integration incorporates the IDS functions (as filtering based on signatures, until then a passive element) with the already existing functions in firewall. In opposite of the efficiency due this incorporation in the blockage of signature known attacks, the filtering in the application level provokes a natural retard in the analyzed packets, and it can reduce the machine performance to filter the others packets because of machine resources demand by this level of filtering. This work presents models of treatment for this problem based in the packets re-routing for analysis by a sub-network with specific filterings. The suggestion of implementa- tion of this model aims reducing the performance problem and opening a space for the consolidation of scenes where others not conventional filtering solutions (spam blockage, P2P traffic control/blockage, etc.) can be inserted in the filtering sub-network, without inplying in overload of the main firewall in a corporative network
Resumo:
Pós-graduação em Engenharia Elétrica - FEIS
Resumo:
Un livello di sicurezza che prevede l’autenticazione e autorizzazione di un utente e che permette di tenere traccia di tutte le operazioni effettuate, non esclude una rete dall’essere soggetta a incidenti informatici, che possono derivare da tentativi di accesso agli host tramite innalzamento illecito di privilegi o dai classici programmi malevoli come virus, trojan e worm. Un rimedio per identificare eventuali minacce prevede l’utilizzo di un dispositivo IDS (Intrusion Detection System) con il compito di analizzare il traffico e confrontarlo con una serie d’impronte che fanno riferimento a scenari d’intrusioni conosciute. Anche con elevate capacità di elaborazione dell’hardware, le risorse potrebbero non essere sufficienti a garantire un corretto funzionamento del servizio sull’intero traffico che attraversa una rete. L'obiettivo di questa tesi consiste nella creazione di un’applicazione con lo scopo di eseguire un’analisi preventiva, in modo da alleggerire la mole di dati da sottoporre all’IDS nella fase di scansione vera e propria del traffico. Per fare questo vengono sfruttate le statistiche calcolate su dei dati forniti direttamente dagli apparati di rete, cercando di identificare del traffico che utilizza dei protocolli noti e quindi giudicabile non pericoloso con una buona probabilità.
Resumo:
Il lavoro è stato suddiviso in tre macro-aree. Una prima riguardante un'analisi teorica di come funzionano le intrusioni, di quali software vengono utilizzati per compierle, e di come proteggersi (usando i dispositivi che in termine generico si possono riconoscere come i firewall). Una seconda macro-area che analizza un'intrusione avvenuta dall'esterno verso dei server sensibili di una rete LAN. Questa analisi viene condotta sui file catturati dalle due interfacce di rete configurate in modalità promiscua su una sonda presente nella LAN. Le interfacce sono due per potersi interfacciare a due segmenti di LAN aventi due maschere di sotto-rete differenti. L'attacco viene analizzato mediante vari software. Si può infatti definire una terza parte del lavoro, la parte dove vengono analizzati i file catturati dalle due interfacce con i software che prima si occupano di analizzare i dati di contenuto completo, come Wireshark, poi dei software che si occupano di analizzare i dati di sessione che sono stati trattati con Argus, e infine i dati di tipo statistico che sono stati trattati con Ntop. Il penultimo capitolo, quello prima delle conclusioni, invece tratta l'installazione di Nagios, e la sua configurazione per il monitoraggio attraverso plugin dello spazio di disco rimanente su una macchina agent remota, e sui servizi MySql e DNS. Ovviamente Nagios può essere configurato per monitorare ogni tipo di servizio offerto sulla rete.
Resumo:
Il lavoro è incentrato sull'analisi del percorso storico delle riforme in CIna nel campo dell'informazione. Si presente in caso dell'attivismo online come strumento di partecipazione alla diffusione delle informazioni. Per ultimo, si è presentato il lavoro delle testate giornalistiche cinesi aperte all'informazione globale.
Resumo:
Immunoglobulin A (IgA) is the main secretory immunoglobulin of mucous membranes and is powerfully induced by the presence of commensal microbes in the intestine. B cells undergo class switch recombination to IgA in the mucosa-associated lymphoid tissues, particularly mesenteric lymph nodes (MLNs) and Peyer's patches, through both T-dependent and T-independent pathways. IgA B cells primed in the mucosa traffic from the intestinal lymphoid structures, initially through the lymphatics and then join the bloodstream, to home back to the intestinal mucosa as IgA-secreting plasma cells. Once induced, anti-bacterial IgA can be extremely long-lived but is replaced if there is induction of additional IgA specificities by other microbes. The mucosal immune system is anatomically separated from the systemic immune system by the MLNs, which act as a firewall to prevent penetration of live intestinal bacteria to systemic sites. Dendritic cells sample intestinal bacteria and induce B cells to switch to IgA. In contrast, intestinal macrophages are adept at killing extracellular bacteria and are able to clear bacteria that have crossed the mucus and epithelial barriers. There is both a continuum between innate and adaptive immune mechanisms and compartmentalization of the mucosal immune system from systemic immunity that function to preserve host microbial mutualism.
Resumo:
IgA is the most abundant immunoglobulin produced in mammals, and is mostly secreted across mucous membranes. At these frontiers, which are constantly assaulted by pathogenic and commensal microbes, IgA provides part of a layered system of immune protection. In this review, we describe how IgA induction occurs through both T-dependent and T-independent mechanisms, and how IgA is generated against the prodigious load of commensal microbes after mucosal dendritic cells (DCs) have sampled a tiny fraction of the microbial consortia in the intestinal lumen. To function in this hostile environment, IgA must be induced behind the 'firewall' of the mesenteric lymph nodes to generate responses that integrate microbial stimuli, rather than the classical prime-boost effects characteristic of systemic immunity.
Resumo:
BACKGROUND Eosinophilic esophagitis (EoE) exhibits esophageal dysfunction owing to an eosinophil-predominant inflammation. Activated eosinophils generate eosinophil extracellular traps (EETs) able to kill bacteria. There is evidence of an impaired barrier function in EoE that might allow pathogens to invade the esophagus. This study aimed to investigate the presence and distribution of EETs in esophageal tissues from EoE patients and their association with possible epithelial barrier defects. METHODS Anonymized tissue samples from 18 patients with active EoE were analyzed. The presence of DNA nets associated with eosinophil granule proteins forming EETs and the expression of filaggrin, the protease inhibitor lympho-epithelial Kazal-type-related inhibitor (LEKTI), antimicrobial peptides, and cytokines were evaluated by confocal microscopy following immune fluorescence staining techniques. RESULTS Eosinophil extracellular trap formation occurred frequently and was detected in all EoE samples correlating with the numbers of infiltrating eosinophils. While the expression of both filaggrin and LEKTI was reduced, epithelial antimicrobial peptides (human beta-defensin-2, human beta-defensin-3, cathelicidin LL-37, psoriasin) and cytokines (TSLP, IL-25, IL-32, IL-33) were elevated in EoE as compared to normal esophageal tissues. There was a significant correlation between EET formation and TSLP expression (P = 0.02) as well as psoriasin expression (P = 0.016). On the other hand, a significant negative correlation was found between EET formation and LEKTI expression (P = 0.016). CONCLUSION Active EoE exhibits the presence of EETs. Indications of epithelial barrier defects in association with epithelial cytokines are also present which may have contributed to the activation of eosinophils. The formation of EETs could serve as a firewall against the invasion of pathogens.
Resumo:
AIM Virtual patients (VPs) are a one-of-a-kind e-learning resource, fostering clinical reasoning skills through clinical case examples. The combination with face-to-face teaching is important for their successful integration, which is referred to as "blended learning". So far little is known about the use of VPs in the field of continuing medical education and residency training. The pilot study presented here inquired the application of VPs in the framework of a pediatric residency revision course. METHODS Around 200 participants of a pediatric nephology lecture ('nephrotic and nephritic syndrome in children') were offered two VPs as a wrap-up session at the revision course of the German Society for Pediatrics and Adolescent Medicine (DGKJ) 2009 in Heidelberg, Germany. Using a web-based survey form, different aspects were evaluated concerning the learning experiences with VPs, the combination with the lecture, and the use of VPs for residency training in general. RESULTS N=40 evaluable survey forms were returned (approximately 21%). The return rate was impaired by a technical problem with the local Wi-Fi firewall. The participants perceived the work-up of the VPs as a worthwhile learning experience, with proper preparation for diagnosing and treating real patients with similar complaints. Case presentations, interactivity, and locally and timely independent repetitive practices were, in particular, pointed out. On being asked about the use of VPs in general for residency training, there was a distinct demand for more such offers. CONCLUSION VPs may reasonably complement existing learning activities in residency training.
Resumo:
El presente trabajo está enfocado a facilitar la realización de prácticas con equipamiento de laboratorio físico, permitiendo que se tenga acceso a diferentes escenarios virtuales (topologías de ejercicios) sin necesidad de variar la configuración física (conexionado) de dos kits de laboratorio oficial para CCNA Routing & Switching[1] y CCNA Security[2]. Para ello se plantea la creación de diferentes escenarios o topologías virtuales que puedan montarse sobre el mismo escenario de conexionado físico. Es necesario revisar y seleccionar los ejercicios prácticos más destacados en términos de importancia de las curriculas de CCNA Routing & Switching y CCNA Security. Naturalmente, estos ejercicios han de variar en sus interfaces, nomenclatura y documentación para que cuadren con las especificaciones disponibles del laboratorio físico, todo ello sin perder nada de su fundamento. Los escenarios físicos deben de ser lo más versátiles posibles para dar soporte a las topologías requeridas en los ejercicios prácticos de los cursos oficiales de CISCO CCNA Routing & Switching y CCNA Security, con el objetivo de realizar los mínimos cambios de configuración física posibles, y poder simultanear la realización de diferentes prácticas y entre alumnos de diferentes asignaturas. También se pretende posibilitar que los profesores desarrollen sus propios ejercicios prácticos compatibles con el conexionado físico escogido. Para ello se utilizará un servidor de acceso (Access Server) para que los alumnos puedan configurar de forma remota los diferentes equipos sin necesidad de acudir en persona al laboratorio, aunque esta también sea una opción más que viable. Los dos escenarios contarán con tres routers, tres switches y un firewall, de forma que han sido montados en su respectivo armario, al igual que sus conexiones y cableado. La deshabilitación de puertos en los diferentes equipos de red que forman el kit de laboratorio (routers, switches y firewalls) dará lugar a los diferentes escenarios virtuales. Se crearán VLANs en los switches para establecer diferentes conexiones. Estos escenarios deberán ofrecer la variedad necesaria para realizar las diferentes prácticas necesarias en las asignaturas “Tecnologías de Red CISCO: CCNA” [3], “Redes y Comunicaciones” [4] y “Diseño y Seguridad de Redes” [5]. Además, para facilitar y agilizar el cambio entre topologías, se debe automatizar la configuración básica de cada escenario virtual (activación/desactivación de puertos) en base a la topología deseada, y el establecimiento de una configuración inicial. De forma que los alumnos puedan comenzar los ejercicios de igual forma a lo que ven en los documentos explicativos, y en el caso de terminar su sesión (o cerrarla voluntariamente) que sus progresos en el mismo se guarden para posteriores sesiones de forma que puedan proseguir su tarea cuando deseen.---ABSTRACT---The present work is aimed at facilitating the experiments with equipment Physical Laboratory, allowing access to different virtual scenarios (topologies exercises) without changing the physical configuration (connection) with two kits of official laboratory for CCNA Routing & Switching[1] and CCNA Security[2]. This requires the creation of different scenarios or virtual topologies that can be mounted on the same physical connection scenario arises. It is necessary to review and select the most prominent practical exercises in terms of importance of curricula of CCNA Routing and Switching, and CCNA Security. Naturally, these exercises must vary in their interfaces, nomenclature and documentation available that fit the specifications of the physical laboratory, all without losing any of its foundation. The physical setting should be as versatile as possible to support topologies required in the practical exercises of official courses CISCO Routing and Switching CCNA, and CCNA Security, in order to make the minimum possible changes in physical configuration, and can simultaneous realization of different practices, and between students of different subjects. It also aims to enable teachers to develop their own practical exercises compatible with the physical connection chosen. For this, we will use an Access Server will be used by the students to access remotely to configure different computers without having to go in person to the laboratory, but this is also an other viable option. The two scenarios have three routers, three switches and a firewall, so that have been mounted in their respective rack, as well as their connections and wiring. Disabling ports on different network equipment that make up the lab kit (routers, switches and firewalls) will lead to different virtual scenarios. These scenarios should provide the variety needed to perform the necessary practices in different subjects "Network Technologies CISCO: CCNA"[3], "Networking and Communications"[4] and "Design and Network Security." [5] Moreover, to facilitate and expedite the exchange topologies, it was necessary to automate the basic configuration of each virtual setting (on/off ports) based on the desired topology, and the establishment of an initial configuration. So that, the students can begin the exercises equally to what they see on explanatory documents, and if they finish their session (or close voluntarily) their progress on the exercise will be saved for future sessions so that they can continue their work when they want.
Resumo:
El presente trabajo tiene por objeto precisar los conceptos jurídicos doctrinarios sobre documento, documento electrónico y título valor electrónico, fundamentándonos en la ley modelo de comercio electrónico aprobada por la ONU, la legislación de la Unión Económica Europea, la Ley 527 de l999, el decreto reglamentario No 1.747 del 11 de septiembre de 2000, la legislación complementaria sobre protección de derechos fundamentales, la doctrina y la jurisprudencia. Para ello, diremos que el comercio electrónico se enmarca dentro de la preceptiva del artículo 2 de la Constitución Política que consagra como principios del Estado social de Derecho la libertad de empresa, la intervención del Estado para regular la economía, y la protección de los derechos fundamentales de la persona humana y propiciar el bienestar de todos los ciudadanos. Por ello esta actividad puede ser desarrollada libremente por cualquier persona, siempre que respete los derechos fundamentales, como el derecho a la intimidad, la dignidad, la información, la salud pública, el habeas data, el sistema penal, la seguridad nacional y el interés general. Nos dedicaremos entonces a analizar qué se entiende por documento, características, requisitos de validez, prueba y eficacia de los documentos electrónicos y aplicación en las transacciones de bolsa y similares, el documento electrónico, el título valor electrónico y el tratamiento legal que al documento se le da en nuestra legislación.
