32 resultados para firewall
Resumo:
Aquest projecte pretén ser una eina de gestió remota per a un servidor firewall, i un dels seus objectius bàsics és que sigui una eina de fàcil utilització, útil i còmoda, però alhora potent i altament configurable. Per a fer això, s’ha pensat que la millor manera era que es fes utilitzant una interfície web pels nombrosos avantatges que suposa, com ara per la seva fàcil administració remota, per la seva comoditat utilitzant tant sols un navegador, com també per exemple que no es necessita fer cap instal·lació a cap màquina remota perquè s’entén que gairebé tots els sistemes operatius moderns amb interfície gràfica, disposen de navegador.
Resumo:
Con este proyecto se quiere dotar al Instituto de Censores Jurados de Cuentas de España (ICJCE) de las actuales mejoras existentes en el entorno del software libre.
Resumo:
Pós-graduação em Ciência da Computação - IBILCE
Resumo:
As more reliance is placed on computing and networking systems, the need for redundancy increases. The Common Address Redundancy Protocol (CARP) protocol and OpenBSD’s pfsync utility provide a means by which to implement redundant routers and firewalls. This paper details how CARP and pfsync work together to provide this redundancy and explores the performance one can expect from the open source solutions. Two experiments were run: one showing the relationship between firewall state creation and state synchronization traffic and the other showing how TCP sessions are transparently maintained in the event of a router failure. Discussion of these simulations along with background information gives an overview of how OpenBSD, CARP, and pfsync can provide redundant routers and firewalls for today’s Internet.
Resumo:
File system security is fundamental to the security of UNIX and Linux systems since in these systems almost everything is in the form of a file. To protect the system files and other sensitive user files from unauthorized accesses, certain security schemes are chosen and used by different organizations in their computer systems. A file system security model provides a formal description of a protection system. Each security model is associated with specified security policies which focus on one or more of the security principles: confidentiality, integrity and availability. The security policy is not only about “who” can access an object, but also about “how” a subject can access an object. To enforce the security policies, each access request is checked against the specified policies to decide whether it is allowed or rejected. The current protection schemes in UNIX/Linux systems focus on the access control. Besides the basic access control scheme of the system itself, which includes permission bits, setuid and seteuid mechanism and the root, there are other protection models, such as Capabilities, Domain Type Enforcement (DTE) and Role-Based Access Control (RBAC), supported and used in certain organizations. These models protect the confidentiality of the data directly. The integrity of the data is protected indirectly by only allowing trusted users to operate on the objects. The access control decisions of these models depend on either the identity of the user or the attributes of the process the user can execute, and the attributes of the objects. Adoption of these sophisticated models has been slow; this is likely due to the enormous complexity of specifying controls over a large file system and the need for system administrators to learn a new paradigm for file protection. We propose a new security model: file system firewall. It is an adoption of the familiar network firewall protection model, used to control the data that flows between networked computers, toward file system protection. This model can support decisions of access control based on any system generated attributes about the access requests, e.g., time of day. The access control decisions are not on one entity, such as the account in traditional discretionary access control or the domain name in DTE. In file system firewall, the access decisions are made upon situations on multiple entities. A situation is programmable with predicates on the attributes of subject, object and the system. File system firewall specifies the appropriate actions on these situations. We implemented the prototype of file system firewall on SUSE Linux. Preliminary results of performance tests on the prototype indicate that the runtime overhead is acceptable. We compared file system firewall with TE in SELinux to show that firewall model can accommodate many other access control models. Finally, we show the ease of use of firewall model. When firewall system is restricted to specified part of the system, all the other resources are not affected. This enables a relatively smooth adoption. This fact and that it is a familiar model to system administrators will facilitate adoption and correct use. The user study we conducted on traditional UNIX access control, SELinux and file system firewall confirmed that. The beginner users found it easier to use and faster to learn then traditional UNIX access control scheme and SELinux.
Resumo:
A prerequisite for establishment of mutualism between the host and the microbial community that inhabits the large intestine is the stringent mucosal compartmentalization of microorganisms. Microbe-loaded dendritic cells trafficking through lymphatics are arrested at the mesenteric lymph nodes, which constitute the firewall of the intestinal lymphatic circulation. We show in different mouse models that the liver, which receives the intestinal venous blood circulation, forms a vascular firewall that captures gut commensal bacteria entering the bloodstream during intestinal pathology. Phagocytic Kupffer cells in the liver of mice clear commensals from the systemic vasculature independently of the spleen through the liver's own arterial supply. Damage to the liver firewall in mice impairs functional clearance of commensals from blood, despite heightened innate immunity, resulting in spontaneous priming of nonmucosal immune responses through increased systemic exposure to gut commensals. Systemic immune responses consistent with increased extraintestinal commensal exposure were found in humans with liver disease (nonalcoholic steatohepatitis). The liver may act as a functional vascular firewall that clears commensals that have penetrated either intestinal or systemic vascular circuits.
Resumo:
Este documento apresenta uma introdução ao pfSense, um sistema de firewall que contempla todas estas características, sendo de grande importância para a melhoria da segurança no fornecimento de conectividade com a internet.
Resumo:
Mestrado em Engenharia Electrotécnica e de Computadores
Resumo:
Um dos temas mais debatidos na sociedade actual é a segurança. Os níveis de segurança e as ferramentas para os alcançar entram em contraponto com os métodos usados para os quebrar. Como no passado, a razão qualidade/serviço mantém-se hoje, e manter-se-á no futuro, assegurando maior segurança àqueles que melhor se protejam. Problemas simples da vida real como furtos ou uso de falsa identidade assumem no meio informático uma forma rápida e por vezes indetectável de crime organizado. Neste estudo são investigados métodos sociais e aplicações informáticas comuns para quebrar a segurança de um sistema informático genérico. Desta forma, e havendo um entendimento sobre o Modus Operandi das entidades mal-intencionadas, poderá comprovar-se a instabilidade e insegurança de um sistema informático, e, posteriormente, actuar sobre o mesmo de tal forma que fique colocado numa posição da segurança que, podendo não ser infalível, poderá estar muito melhorada. Um dos objectivos fulcrais deste trabalho é conseguir implementar e configurar um sistema completo através de um estudo de soluções de mercado, gratuitas ou comerciais, a nível da implementação de um sistema em rede com todos os serviços comuns instalados, i.e., um pacote “chave na mão” com serviços de máquinas, sistema operativo, aplicações, funcionamento em rede com serviços de correio electrónico, gestão empresarial, anti-vírus, firewall, entre outros. Será possível então evidenciar uma instância de um sistema funcional, seguro e com os serviços necessários a um sistema actual, sem recurso a terceiros, e sujeito a um conjunto de testes que contribuem para o reforço da segurança.
Resumo:
L'empresa Desenvolupaments Intel·ligents es dedica a la creació del software financer i borsari. Tot el sistema informàtic esta basat en màquines amb plataformes Microsoft Windows. S'ha decidit implementar un nou sistema informàtic basat en GNU/Linux. Aquest és l'objecte d'aquest treball. El nou sistema informàtic basat en GNU/Linux ha de incloure tots els equips clients (que seran els ordinadors nous) i els servidors (es reaprofitaran els ordinadors antics) cobrint tots els serveis que abans donava el servidors antics mitjançant aquest sistema operatiu i software lliure.
Resumo:
Viri is a system for automatic distribution and execution of Python code on remote machines. This is especially useful when dealing with a large group of hosts.With Viri, Sysadmins can write their own scripts, and easily distribute and execute them on any number of remote machines. Depending on the number of computers to administrate, Viri can save thousands of hours, that Sysadmins would spend transferring files, logging into remote hosts, and waiting for the scripts to finish. Viri automates the whole process.Viri can also be useful for remotely managing host settings. It should work together with an application where the information about hosts would be maintained. This information can include cron tasks, firewall rules, backup settings,... After a simple Integration of this application with your Viri infrastructure, you can change any settings in the application, and see how it gets applied on the target host automatically.
Resumo:
Unified Threat Management or UTM-devices have created a new way to implement security solutions for different customer needs and segments. Customer and business traffic is more and more Web and application based when security is needed to that level as well. Thesis focuses to explore what opportunities UTM-devices provides for operator acting as a managed security service provider and how to succeed better in the markets. Markets are explored both in the customer interface what customers are expecting form the managed service provides and from technology provider interface what kind of products and services they have for different implementations. Theoretical background is taken from product strategy, networking and product development. These are taken into account when developed and explored opportunities an operator has in managed security business with UTM-devices. In the thesis four main recognized technology vendors and their product and services are compared against operator managed security services needs. Based on the explorations of theory, customer needs and technology a product strategy is proposed for operator acting as a managed security provider.
Resumo:
Analysis of firewall and antivirus log files without any kind of log analysis tool could be very difficult for normal computer user. In log files every event is organized according to time, but reading those with understanding without any kind of log analysis tool requires expert knowledge. In this Bachelor’s Thesis I put together a software packet for normal private computer user and this software packet allows user to analyze log files in Windows environment without any additional effort. Most of the private computer users don’t have much of experience about computers and data security so this Bachelor’s Thesis can be also used as a manual for analysis tool used in this work.
