Cloud computing can and does mean different things to different people. The common characteristics most interpretations share are on-demand scalability of highly available and reliable pooled computing resources, secure access to metered services from nearly anywhere, and displacement of data and services from inside to outside the organization. While aspects of these characteristics have been realized to a certain extent, cloud computing remains a work in progress. This publication provides an overview of the security and privacy challenges pertinent to public cloud computing and points out considerations organizations should take when outsourcing data, applications, and infrastructure to a public cloud environment.
Today’s information systems face sophisticated attackers who combine multiple vulnerabilities to penetrate networks with devastating impact. The overall security of an enterprise network cannot be determined by simply counting the number of vulnerabilities. To more accurately assess the security of enterprise systems, one must understand how vulnerabilities can be combined and exploited to stage an attack. Composition of vulnerabilities can be modeled using probabilistic attack graphs, which show all paths of attacks that allow incremental network penetration. Attack likelihoods are propagated through the attack graph, yielding a novel way to measure the security risk of enterprise systems. This metric for risk mitigation analysis is used to maximize the security of enterprise systems. This methodology based on probabilistic attack graphs can be used to evaluate and strengthen the overall security of enterprise networks.
At present, computer networks constitute the core component of information technology infrastructures in areas such as power grids, financial data systems, and emergency communication systems. Protection of these networks from malicious intrusions is critical to the economy and security of our nation. Vulnerabilities are regularly discovered in software applications which are exploited to stage cyber attacks. Currently, management of security risk of an enterprise network is more an art than a science.
Submitted by vgarramone on Fri, 08/27/2010 - 16:47
This lesson is used in the Network Forensics course at Regis University. It consists of three activities designed to acquaint the student with various network protocols using the tcpdump (http://www.tcpdump.org), wireshark (http://www.wireshark.org), and netdude (http://netdude.sourceforge.net/) programs on seven small packet capture files.
Activities 1 and 2 help the student get comfortable using tcpdump and to become familiar with its filtering options.
Activity 3 asks students to identify the protocols being used at various OSI model layers in each pcap file.
Submitted by vgarramone on Thu, 05/20/2010 - 23:34
This applet generates many random key pairs for RC4. The two keys are then each used to generate a stream of 256 bytes, and the two streams are subtracted. The statistics for the resulting list of differences are then stored and averaged over many runs.
Four representations are given, each showing a different aspect of the relationship between the RC4 key and cipher-text.
Click on the above image to start and stop the simulation. This applet generates many
random key pairs for RC4. The two keys are then each used to generate a stream of
256 bytes, and the two streams are subtracted. The statistics for the resulting list of
differences are then stored and averaged over many runs.
In the upper-left corner, the two keys are random and independent. The 256 differences
are listed from left to right, wrapping around to fill 16 rows. It is clear that
it is slightly nonuniform, meaning that there is a slight correllation between the
streams, especially at the beginning.
The upper-right shows pairs of keys where the first 8 bytes are the same.
Note that the first 8 bytes of the resulting stream has a strong correlation (a
low expected difference). This shows that there is a very strong relationship
of the first N bytes of the RC4 stream on the first N bytes of the key. This is
a known flaw in the algorithm, and it is usually addressed by discarding the first
256 bytes of the stream.
The two images on the bottom are identical to the top, except they show the NEXT 256 bytes
of stream after the first 256 bytes have been discarded. Note that they look far more
uniform, and show almost no relationship to the first few bytes of the key. This
shows that the standard fix works well. However, not that the graph on the right is
scaled to show very subtle differences that aren't immediately apparent in the color
coding. So even with the standard fix, there are slight imperfections in the
key stream distribution.
