Wireless Security Tools
- Janse van Rensburg, Johanna, Irwin, Barry V W
- Authors: Janse van Rensburg, Johanna , Irwin, Barry V W
- Date: 2006
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/429867 , vital:72647 , https://digifors.cs.up.ac.za/issa/2006/Proceedings/Research/113_Paper.pdf
- Description: Detecting and investigating intrusive Internet activity is an ever-present challenge for network administrators and security researchers. Network monitoring can generate large, unmanageable amounts of log data, which further complicates distinguishing between illegitimate and legiti-mate traffic. Considering the above issue, this article has two aims. First, it describes an investigative methodology for network monitoring and traffic review; and second, it discusses results from applying this method. The method entails a combination of network telescope traffic capture and visualisation. Observing traffic from the perspective of a dedicated sensor network reduces the volume of data and alleviates the concern of confusing malicious traffic with legitimate traffic. Com-plimenting this, visual analysis facilitates the rapid review and correla-tion of events, thereby utilizing human intelligence in the identification of scanning patterns. To demonstrate the proposed method, several months of network telescope traffic is captured and analysed with a tai-lor made 3D scatter-plot visualisation. As the results show, the visuali-sation saliently conveys anomalous patterns, and further analysis re-veals that these patterns are indicative of covert network probing activi-ty. By incorporating visual analysis with traditional approaches, such as textual log review and the use of an intrusion detection system, this re-search contributes improved insight into network scanning incidents.
- Full Text:
- Authors: Janse van Rensburg, Johanna , Irwin, Barry V W
- Date: 2006
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/429867 , vital:72647 , https://digifors.cs.up.ac.za/issa/2006/Proceedings/Research/113_Paper.pdf
- Description: Detecting and investigating intrusive Internet activity is an ever-present challenge for network administrators and security researchers. Network monitoring can generate large, unmanageable amounts of log data, which further complicates distinguishing between illegitimate and legiti-mate traffic. Considering the above issue, this article has two aims. First, it describes an investigative methodology for network monitoring and traffic review; and second, it discusses results from applying this method. The method entails a combination of network telescope traffic capture and visualisation. Observing traffic from the perspective of a dedicated sensor network reduces the volume of data and alleviates the concern of confusing malicious traffic with legitimate traffic. Com-plimenting this, visual analysis facilitates the rapid review and correla-tion of events, thereby utilizing human intelligence in the identification of scanning patterns. To demonstrate the proposed method, several months of network telescope traffic is captured and analysed with a tai-lor made 3D scatter-plot visualisation. As the results show, the visuali-sation saliently conveys anomalous patterns, and further analysis re-veals that these patterns are indicative of covert network probing activi-ty. By incorporating visual analysis with traditional approaches, such as textual log review and the use of an intrusion detection system, this re-search contributes improved insight into network scanning incidents.
- Full Text:
In-kernel cryptographic executable verification
- Motara, Yusuf, M, Irwin, Barry V W
- Authors: Motara, Yusuf, M , Irwin, Barry V W
- Date: 2005
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/429937 , vital:72653 , https://doi.org/10.1007/0-387-31163-7_25
- Description: This paper discusses the problems posed by Trojan horses and unau-thorized code, and reviews existing solutions for dealing with them. A technique involving the in-kernel verification of executables is pro-posed. Its advantages include simplicity, transparency, ease of use and minimal setup time. In addition, the technique has several applications, including assisting with honeypot implementations, incident response and forensic investigations.
- Full Text:
- Authors: Motara, Yusuf, M , Irwin, Barry V W
- Date: 2005
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/429937 , vital:72653 , https://doi.org/10.1007/0-387-31163-7_25
- Description: This paper discusses the problems posed by Trojan horses and unau-thorized code, and reviews existing solutions for dealing with them. A technique involving the in-kernel verification of executables is pro-posed. Its advantages include simplicity, transparency, ease of use and minimal setup time. In addition, the technique has several applications, including assisting with honeypot implementations, incident response and forensic investigations.
- Full Text: