Introduction to Security Onion

Security Onion is a Network Security Manager (NSM) platform that provides multiple Intrusion Detection Systems (IDS) including Host IDS (HIDS) and Network IDS (NIDS). Many types of data can be acquired using Security Onion for analysis. This includes data related to: Host, Network, Session, Asset, Alert and Protocols. Security Onion can be implemented as a standalone deployment with server and sensor included or with a master server and multiple sensors allowing for the system to be scaled as required. Many interfaces and tools are available for management of the system and analysis of data such as Sguil, Snorby, Squert and Enterprise Log Search and Archive (ELSA). These interfaces can be used for analysis of alerts and captured events and then can be further exported for analysis in Network Forensic Analysis Tools (NFAT) such as NetworkMiner, CapME or Xplico. The Security Onion platform also provides various methods of management such as Secure SHell (SSH) for management of server and sensors and Web client remote access. All of this with the ability to replay and analyse example malicious traffic makes the Security Onion a suitable low cost alternative for Network Security Management. In this paper, we have a feature and functionality review for the Security Onion in terms of: types of data, configuration, interface, tools and system management.

Método para reconhecimento de vogais e extração de parâmetros acústicos para analises forenses

Forensic speaker comparison exams have complex characteristics, demanding a long time for manual analysis. A method for automatic recognition of vowels, providing feature extraction for acoustic analysis is proposed, aiming to contribute as a support tool in these exams. The proposal is based in formant measurements by LPC (Linear Predictive Coding), selectively by fundamental frequency detection, zero crossing rate, bandwidth and continuity, with the clustering being done by the k-means method. Experiments using samples from three different databases have shown promising results, in which the regions corresponding to five of the Brasilian Portuguese vowels were successfully located, providing visualization of a speaker’s vocal tract behavior, as well as the detection of segments corresponding to target vowels.

Metodología de análisis forense orientada a incidentes en dispositivos móviles

En el presente artículo se tratan temas relacionados con el análisis forense aplicado a dispositivos móviles, así como la propuesta y prueba de una metodología que apoye efectivamente estas actividades. Se describen los objetivos a seguir en dicho estudio, y se plantea la búsqueda de evidencia almacenada en los dispositivos móviles bajo un escenario en el que se ha cometido un delito. Se hace énfasis en la evolución y multiplicidad de usos que poseen actualmente los dispositivos; y finalmente se aborda la necesidad de tener estándares que permitan garantizar la integridad de las evidencias encontradas, para ello se describe la metodología desarrollada, la cual permite realizar de manera adecuada el proceso forense sobre dispositivos móviles, por lo que se aspira a que se constituya en un estándar para realizar este tipo de investigaciones.

Spatial distribution patterns of the non-native European catfish, Silurus glanis, from multiple online sources - a case study for the River Tagus (Iberian Peninsula)

Effective management of invasive fishes depends on the availability of updated information about their distribution and spatial dispersion. Forensic analysis was performed using online and published data on the European catfish, Silurus glanis L., a recent invader in the Tagus catchment (Iberian Peninsula). Eighty records were obtained mainly from anglers’ fora and blogs, and more recently from www.youtube.com. Since the first record in 1998, S. glanis expanded its geographic range by 700 km of river network, occurring mainly in reservoirs and in high-order reaches. Human-mediated and natural dispersal events were identified, with the former occurring during the first years of invasion and involving movements of >50 km. Downstream dispersal directionality was predominant. The analysis of online data from anglers was found to provide useful information on the distribution and dispersal patterns of this non-native fish, and is potentially applicable as a preliminary, exploratory assessment tool for other non-native fishes.

Plagiarism in Academic Texts

The ethical and social responsibility of citing the sources in a scientific or artistic work is undeniable. This paper explores, in a preliminary way, academic plagiarism in its various forms. It includes findings based on a forensic analysis. The purpose of this paper is to raise awareness on the importance of considering these details when writing and publishing a text. Hopefully, this analysis may put the issue under discussion.

Performance analysis of unified enterprise application security framework

Unified Enterprise application security is a new emerging approach for providing protection against application level attacks. Conventional application security approach that consists of embedding security into each critical application leads towards scattered security mechanism that is not only difficult to manage but also creates security loopholes. According to the CSIIFBI computer crime survey report, almost 80% of the security breaches come from authorized users. In this paper, we have worked on the concept of unified security model, which manages all security aspect from a single security window. The basic idea is to keep business functionality separate from security components of the application. Our main focus was on the designing of frame work for unified layer which supports single point of policy control, centralize logging mechanism, granular, context aware access control, and independent from any underlying authentication technology and authorization policy.

Performance analysis of secure unified communications in the VMware-based cloud

Unified communications as a service (UCaaS) can be regarded as a cost-effective model for on-demand delivery of unified communications services in the cloud. However, addressing security concerns has been seen as the biggest challenge to the adoption of IT services in the cloud. This study set up a cloud system via VMware suite to emulate hosting unified communications (UC), the integration of two or more real time communication systems, services in the cloud in a laboratory environment. An Internet Protocol Security (IPSec) gateway was also set up to support network-level security for UCaaS against possible security exposures. This study was aimed at analysis of an implementation of UCaaS over IPSec and evaluation of the latency of encrypted UC traffic while protecting that traffic. Our test results show no latency while IPSec is implemented with a G.711 audio codec. However, the performance of the G.722 audio codec with an IPSec implementation affects the overall performance of the UC server. These results give technical advice and guidance to those involved in security controls in UC security on premises as well as in the cloud.

Splitting Algorithms for Fast Relay Selection: Generalizations, Analysis, and a Unified View

Relay selection for cooperative communications promises significant performance improvements, and is, therefore, attracting considerable attention. While several criteria have been proposed for selecting one or more relays, distributed mechanisms that perform the selection have received relatively less attention. In this paper, we develop a novel, yet simple, asymptotic analysis of a splitting-based multiple access selection algorithm to find the single best relay. The analysis leads to simpler and alternate expressions for the average number of slots required to find the best user. By introducing a new contention load' parameter, the analysis shows that the parameter settings used in the existing literature can be improved upon. New and simple bounds are also derived. Furthermore, we propose a new algorithm that addresses the general problem of selecting the best Q >= 1 relays, and analyze and optimize it. Even for a large number of relays, the scalable algorithm selects the best two relays within 4.406 slots and the best three within 6.491 slots, on average. We also propose a new and simple scheme for the practically relevant case of discrete metrics. Altogether, our results develop a unifying perspective about the general problem of distributed selection in cooperative systems and several other multi-node systems.

Unified Spectral Efficiency Analysis of Cellular Systems with Channel-Aware Schedulers

Spectral efficiency is a key characteristic of cellular communications systems, as it quantifies how well the scarce spectrum resource is utilized. It is influenced by the scheduling algorithm as well as the signal and interference statistics, which, in turn, depend on the propagation characteristics. In this paper we derive analytical expressions for the short-term and long-term channel-averaged spectral efficiencies of the round robin, greedy Max-SINR, and proportional fair schedulers, which are popular and cover a wide range of system performance and fairness trade-offs. A unified spectral efficiency analysis is developed to highlight the differences among these schedulers. The analysis is different from previous work in the literature in the following aspects: (i) it does not assume the co-channel interferers to be identically distributed, as is typical in realistic cellular layouts, (ii) it avoids the loose spectral efficiency bounds used in the literature, which only considered the worst case and best case locations of identical co-channel interferers, (iii) it explicitly includes the effect of multi-tier interferers in the cellular layout and uses a more accurate model for handling the total co-channel interference, and (iv) it captures the impact of using small modulation constellation sizes, which are typical of cellular standards. The analytical results are verified using extensive Monte Carlo simulations.

Elemental analysis of soil samples for forensic purposes by inductively coupled plasma spectrometry - precision considerations

Major and trace elemental composition provides a powerful basis for forensic comparison of soils, sediments and rocks. However, it is important that the potential 'errors' associated with the procedures are fully understood and quantified, and that standard protocols are applied for sample preparation and analysis. This paper describes such a standard procedure and reports results both for instrumental measurement precision (repeatability) and overall 'method' precision (reproducibility). Results obtained both for certified reference materials and example soils show that the instrumental measurement precision (defined by the coefficient of variation, CV) for most elements is better than 2-3%. When different solutions were prepared from the same sample powder, and from different sub-sample powders prepared from the same parent sample, the CV increased to c. 5-6% for many elements. The largest variation was found in results for certified reference materials generated from 23 instrument runs over an 18 month period (mean CV=c. 11%). Some elements were more variable than others. W was found to be the most variable and the elements V, Cr, Co, Cu, Ni and Pb also showed higher than average variability. SiO2, CaO, Al2O3 and Fe2O3, Rb, Sr, La, Ce, Nd and Sm generally showed lower than average variability, and therefore provided the most reliable basis for inter-sample comparison. It is recommended that, whenever possible, samples relating to the same investigation should be analysed in the same sample run, or at least sequential runs.