Newest Papers

{LANG_NAVORIGIN} > Newest

09/23/2005
SQL Injection Attack and Defense
{LANG_NAVORIGIN} Exploits SQL Injection
This paper focuses on educating the security professionals with the risks associated with this situation and tries to give brief understanding of various kinds of attacks that attacker may launch and outline of various strategies that can be evaluated and adopted to protect the valuable information assets.

By: Sagar Joshi, 09/23/2005

09/19/2005
Encryption Formula: In the True Light of Science
{LANG_NAVORIGIN} Encryption
Knowing the exact formular for prime has been a problem as proven the Riemann Hypothesis. With the proof of Fermat’s last theorem in 1994, John Derbyshire the Author of the Mathematical unknown says “The Riemann hypothesis is now the great white whale of Mathematical research” Even before that, it was regarded by mathematicians as the more significant problem though not as old as Fermat’s last theorem.

By: Ahmed Akande, 09/19/2005

09/01/2005
Writing syslog messages to MySQL
{LANG_NAVORIGIN} Architecture Logging
In this paper, I describe how to write syslog messages to a MySQL database. Having syslog messages in a database is often handy, especially when you intend to set up a front-end for viewing them. This paper describes an approach with rsyslogd, an alternative enhanced syslog daemon natively supporting MySQL. I describe the components needed to be installed and how to configure them.

By: Rainer Gerhards, 09/01/2005

08/31/2005
Configuration of IPS to improve Incident Response Time
{LANG_NAVORIGIN} Intrusion Detection
This paper discusses advanced configuration of IPS to reflect the changing network topology using feedback from an event analysis tool. The events analyzed by incident response tools can be used to find out the false positives and the signatures required in the IPS. Using the analyzed event pool data, IPS can be dynamically configured to reduce the false positives, improve the incident response time and improve the performance by reducing the load on the IPS.

By: Ramesh Sripathy Rao and Elango Krishnasami, 08/31/2005

08/17/2005
Foundations of Cryptography
{LANG_NAVORIGIN} Encryption
Cryptography has been employed for keeping secrets since the time of Caesar. From the simplest ciphers of shifting letters, to mathematically provably secure ciphers of today, cryptography has progressed a long way. It also has widened to a number of uses and capabilities to fit an ever growing number of applications. Cryptography makes it possible to keep data secure over an insecure network.

By: LearnSecurityOnline, 08/17/2005

08/03/2005
WLAN Security Challenges
{LANG_NAVORIGIN} Wireless Security
The latest WLAN specification, 802.1x, provides a roadmap for implementing improved WLAN security. Not surprisingly, an authentication server - long a cornerstone of remote access security - plays a pivotal role in securing an 802.1x WLAN. And, new 802.1 x security methods provide strong authentication and data privacy techniques to fully secure WLAN access.

By: Josh Glenn, 08/03/2005

07/28/2005
Advanced Topics in Shell Scripting
{LANG_NAVORIGIN} Operating System Linux
This article focuses on more advanced topics in shell scripting including a number of common utilities which can help you write more versatile shell scripts.

By: Colin Sauze, 07/28/2005

07/25/2005
Session Hijacking Packet Analysis
{LANG_NAVORIGIN} Exploits
TCP session hijacking is a very dangerous attack vector because most systems are vulnerable to it, as most systems use TCP/IP as their primary communication protocol. Newer operating systems have attempted to secure themselves from session hijacking by using pseudo-random number generators to calculate the Initial Sequence Number, making it harder to guess. Any security measure in randomly generating an ISN is ineffective if the attacker is able to sniff ACK packets, as they give all the information required to perform this attack.

By: Lee Lawson, 07/25/2005

07/20/2005
Effective Data Investigation on Cisco Routers
{LANG_NAVORIGIN} Operating System Router
Addressing the three security principles, confidentiality, integrity and availability suggests that network administrators should constantly review and update configurations in routers to maintain a concerted effort of providing due care and due diligence in the network. When performing router security, network administrators should never divulge more information that does not need to be shared. This document provides steps needed to perform effective data investigation on Cisco routers using the router show commands for analysis.

By: Ophelia Livingston, 07/20/2005

07/20/2005
Cross Site Scripting (XSS) FAQ
{LANG_NAVORIGIN} Exploits
XSS vulnerabilities have been found in all sorts of websites including fbi.gov, yahoo.com, ebay.com and many other popular and important websites. This paper details XSS attacks and hopes to educate you on what they are, how attackers use them and of course how you can prevent them from happening.

By: Chris Morganti, 07/20/2005

07/19/2005
Encryption is not enough for DRM
{LANG_NAVORIGIN} Security Management
If you examine the ordinary PDF file you will find that a large amount of control information can clearly be seen. In other words, not everything is actually encrypted. That is a weakness since there should be no reliance upon information that has not been protected. Many document protection systems have been attacked successfully using that external control information. It may also allow others to see information that you did not want to be known. So check that all your information is encrypted, and not just the visible content.

By: LockLizard, 07/19/2005

07/16/2005
Operating Systems Security Considerations
{LANG_NAVORIGIN} Operating System
Operating Systems can be viewed as a resource manager, responsible for fair resource sharing between different processes in the system. On the other hand, Operating systems control access to application memory and scheduling of the processor. Applications must be run like OS-Level services and the developer of these apps does not know the level of details needed to develop secure applications on their own, If the OS isn’t doing these things securely, it generally compromise all security at higher levels, So The OS is a very logical place to enforce and support security. This paper presents the common built-in security criteria and mechanisms in OSs, it also introduces the common Vulnerabilities.

By: Mohammad Heidari, 07/16/2005

07/15/2005
CWSP - Certified Wireless Security Professional
{LANG_NAVORIGIN} Certifications
The CWSP exam is an advanced level wireless LAN certification developed by Planet3 Wireless. This exam is a part of the Certified Wireless Network Program (CWNP). The exam tests your ability on how well you are able to protect your company’s valuable data from hackers. For anyone desiring a career in IT or Security this is a certification you cannot afford to be without.

By: J. Whitted, 07/15/2005

07/14/2005
Introduction to Digital Rights Management
{LANG_NAVORIGIN} Security Management
Most people have heard of software licensing and pay per view television, but possibly not connected it with a development in technology called Digital Rights Management (DRM). To understand what DRM is trying to achieve you first of all need to understand intellectual property.

By: LockLizard, 07/14/2005

07/12/2005
Protecting your Intellectual Property with DRM
{LANG_NAVORIGIN} Security Management
Implementing a DRM service does not have to be complex or expensive to set up and administer. To a large extent that will depend upon your scale of operation. If you publish a small number of books or documents to a small number of customers you can run a system manually without any difficulty. Obviously if you are publishing several documents every week to hundreds of customers that is more complicated purely from an administrative standpoint. The DRM component need not be so complex.

By: LockLizard, 07/12/2005

07/08/2005
Detecting Computer Security Attacks by Technical Methods
{LANG_NAVORIGIN} Intrusion Detection
In this paper I will describe some of possible technologies of detecting computer attacks. I will also argue the case that it is impossible to detect computer attack as they are evolving to level beyond the scope of a single technology. There is a need of human intelligence to correlate information from various points in organization to detect attacks. Security attack detection should have two clear points: Human part and Technical part.

By: Ajoy Kumar, 07/08/2005

07/08/2005
Designing a secure file sharing system
{LANG_NAVORIGIN} Application Security
Peer to peer systems have gained tremendous popularity over the last few years, partly due to the unimaginable success of the Napster file sharing system. This phenomenon initiated a new era of computing, which included the development and deployment of many similarly designed systems, targeting different types of usage.

By: Stelios Tigkas, 07/08/2005

07/06/2005
Salted hashes demystified - A Primer
{LANG_NAVORIGIN} Encryption
This primer will provide a basic level explanation of how seeded (or salted) hashes of clear text data are structured / created. The original formalization of this concept comes from RFC-3112. This document is written so that an understanding of this type of functionality becomes possible to anyone with a good computer science foundation.

By: Andres Andreu, 07/06/2005

07/06/2005
Evict the Spammers from Your Inbox
{LANG_NAVORIGIN} Malicious Code Spam
Spamming has become a profitable business, driven by the low cost of sending email compared to other direct marketing techniques. The high return on investment for spammers has resulted in an overwhelming volume of unwanted messages in personal and business email boxes. This article explores how to implement an effective anti spam program.