Cyber Vulnerability Assessment: Case Study of Malawi and Tanzania
- Chindipha, Stones D, Irwin, Barry V W
- Authors: Chindipha, Stones D , Irwin, Barry V W
- Date: 2015
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428558 , vital:72520 , https://accconference.mandela.ac.za/ACCConference/media/Store/images/Proceedings-2015.pdf#page=105
- Description: Much as the Internet is beneficial to our daily activities, with each passing day it also brings along with it information security concerns for the users be they at company or national level. Each year the number of Internet users keeps growing, particularly in Africa, and this means only one thing, more cyber-attacks. Governments have become a focal point of this data leakage problem making this a matter of national security. Looking at the current state of affairs, cyber-based incidents are more likely to increase in Africa, mainly due to the increased prevalence and affordability of broadband connectivity which is coupled with lack of online security awareness. A drop in the cost of broadband connection means more people will be able to afford Internet connectivity. With open Source Intelligence (OSINT), this paper aims to perform a vulnerability analysis for states in Eastern Africa building from prior research by Swart et al. which showed that there are vulnerabilities in the information systems, using the case of South Africa as an example. States in East Africa are to be considered as candidates, with the final decision being determined by access to suitable resources, and availability of information. A comparative analysis to assess the factors that affect the degree of security susceptibilities in various states will also be made and information security measures used by various governments to ascertain the extent of their contribution to this vulnerability will be assessed. This pilot study will be extended to other Southern and Eastern African states like Botswana, Kenya, Uganda and Namibia in future work.
- Full Text:
- Authors: Chindipha, Stones D , Irwin, Barry V W
- Date: 2015
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428558 , vital:72520 , https://accconference.mandela.ac.za/ACCConference/media/Store/images/Proceedings-2015.pdf#page=105
- Description: Much as the Internet is beneficial to our daily activities, with each passing day it also brings along with it information security concerns for the users be they at company or national level. Each year the number of Internet users keeps growing, particularly in Africa, and this means only one thing, more cyber-attacks. Governments have become a focal point of this data leakage problem making this a matter of national security. Looking at the current state of affairs, cyber-based incidents are more likely to increase in Africa, mainly due to the increased prevalence and affordability of broadband connectivity which is coupled with lack of online security awareness. A drop in the cost of broadband connection means more people will be able to afford Internet connectivity. With open Source Intelligence (OSINT), this paper aims to perform a vulnerability analysis for states in Eastern Africa building from prior research by Swart et al. which showed that there are vulnerabilities in the information systems, using the case of South Africa as an example. States in East Africa are to be considered as candidates, with the final decision being determined by access to suitable resources, and availability of information. A comparative analysis to assess the factors that affect the degree of security susceptibilities in various states will also be made and information security measures used by various governments to ascertain the extent of their contribution to this vulnerability will be assessed. This pilot study will be extended to other Southern and Eastern African states like Botswana, Kenya, Uganda and Namibia in future work.
- Full Text:
A source analysis of the conficker outbreak from a network telescope.
- Authors: Irwin, Barry V W
- Date: 2013
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/429742 , vital:72636 , 10.23919/SAIEE.2013.8531865
- Description: This paper discusses a dataset of some 16 million packets targeting port 445/tcp collected by a network telescope utilising a /24 netblock in South African IP address space. An initial overview of the collected data is provided. This is followed by a detailed analysis of the packet characteristics observed, including size and TTL. The peculiarities of the observed target selection and the results of the flaw in the Conficker worm's propagation algorithm are presented. An analysis of the 4 million observed source hosts is reported, grouped by both packet counts and the number of distinct hosts per network address block. Address blocks of size /8, 16 and 24 are used for groupings. The localisation, by geographic region and numerical proximity, of high ranking aggregate netblocks is highlighted. The observed shift in geopolitical origins observed during the evolution of the Conficker worm is also discussed. The paper concludes with some overall analyses, and consideration of the application of network telescopes to the monitoring of such outbreaks in the future.
- Full Text:
- Authors: Irwin, Barry V W
- Date: 2013
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/429742 , vital:72636 , 10.23919/SAIEE.2013.8531865
- Description: This paper discusses a dataset of some 16 million packets targeting port 445/tcp collected by a network telescope utilising a /24 netblock in South African IP address space. An initial overview of the collected data is provided. This is followed by a detailed analysis of the packet characteristics observed, including size and TTL. The peculiarities of the observed target selection and the results of the flaw in the Conficker worm's propagation algorithm are presented. An analysis of the 4 million observed source hosts is reported, grouped by both packet counts and the number of distinct hosts per network address block. Address blocks of size /8, 16 and 24 are used for groupings. The localisation, by geographic region and numerical proximity, of high ranking aggregate netblocks is highlighted. The observed shift in geopolitical origins observed during the evolution of the Conficker worm is also discussed. The paper concludes with some overall analyses, and consideration of the application of network telescopes to the monitoring of such outbreaks in the future.
- Full Text:
A Canonical Implementation Of The Advanced Encryption Standard On The Graphics Processing Unit
- Pilkington, Nick, Irwin, Barry V W
- Authors: Pilkington, Nick , Irwin, Barry V W
- Date: 2008
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/430007 , vital:72659 , https://digifors.cs.up.ac.za/issa/2008/Proceedings/Research/47.pdf
- Description: This paper will present an implementation of the Advanced Encryption Standard (AES) on the graphics processing unit (GPU). It investigates the ease of implementation from first principles and the difficulties encountered. It also presents a performance analysis to evaluate if the GPU is a viable option for a cryptographics platform. The AES implementation is found to yield orders of maginitude increased performance when compared to CPU based implementations. Although the implementation introduces complica-tions, these are quickly becoming mitigated by the growing accessibility pro-vided by general programming on graphics processing units (GPGPU) frameworks like NVIDIA’s Compute Uniform Device Architechture (CUDA) and AMD/ATI’s Close to Metal (CTM).
- Full Text:
- Authors: Pilkington, Nick , Irwin, Barry V W
- Date: 2008
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/430007 , vital:72659 , https://digifors.cs.up.ac.za/issa/2008/Proceedings/Research/47.pdf
- Description: This paper will present an implementation of the Advanced Encryption Standard (AES) on the graphics processing unit (GPU). It investigates the ease of implementation from first principles and the difficulties encountered. It also presents a performance analysis to evaluate if the GPU is a viable option for a cryptographics platform. The AES implementation is found to yield orders of maginitude increased performance when compared to CPU based implementations. Although the implementation introduces complica-tions, these are quickly becoming mitigated by the growing accessibility pro-vided by general programming on graphics processing units (GPGPU) frameworks like NVIDIA’s Compute Uniform Device Architechture (CUDA) and AMD/ATI’s Close to Metal (CTM).
- Full Text:
Using inetvis to evaluate snort and bro scan detection on a network telescope
- Irwin, Barry V W, van Riel, J P
- Authors: Irwin, Barry V W , van Riel, J P
- Date: 2008
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/429981 , vital:72656 , https://doi.org/10.1007/978-3-540-78243-8_17
- Description: This paper presents an investigative analysis of net-work scans and scan detection algorithms. Visualisa-tion is employed to review network telescope traffic and identify incidents of scan activity. Some of the identified phenomena appear to be novel forms of host discovery. Scan detection algorithms used by the Snort and Bro intrusion detection systems are cri-tiqued by comparing the visualised scans with alert output. Where human assessment disagrees with the alert output, explanations are sought by analysing the detection algorithms. The Snort and Bro algorithms are based on counting unique connection attempts to destination addresses and ports. For Snort, notable false positive and false negative cases result due to a grossly oversimplified method of counting unique destination addresses and ports.
- Full Text:
- Authors: Irwin, Barry V W , van Riel, J P
- Date: 2008
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/429981 , vital:72656 , https://doi.org/10.1007/978-3-540-78243-8_17
- Description: This paper presents an investigative analysis of net-work scans and scan detection algorithms. Visualisa-tion is employed to review network telescope traffic and identify incidents of scan activity. Some of the identified phenomena appear to be novel forms of host discovery. Scan detection algorithms used by the Snort and Bro intrusion detection systems are cri-tiqued by comparing the visualised scans with alert output. Where human assessment disagrees with the alert output, explanations are sought by analysing the detection algorithms. The Snort and Bro algorithms are based on counting unique connection attempts to destination addresses and ports. For Snort, notable false positive and false negative cases result due to a grossly oversimplified method of counting unique destination addresses and ports.
- Full Text:
- «
- ‹
- 1
- ›
- »