StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Proceedings of the 10th ACM Conference on Computer and Communications Security - Article Example

Cite this document
Summary
From the paper "Proceedings of the 10th ACM Conference on Computer and Communications Security" it is clear that although dnswall is one of the most common tools in DNS filtering and preventing DNS rebranding, it should be used in combination with other tools due to the wide range of threats…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER94.5% of users find it useful
Proceedings of the 10th ACM Conference on Computer and Communications Security
Read Text Preview

Extract of sample "Proceedings of the 10th ACM Conference on Computer and Communications Security"

?Article Critique Sommer, D. and V. Paxson. (2003). Enhancing Byte-Level Network Intrusion Detection Signatures with Context. CCS '03 Proceedings of the 10th ACM conference on Computer and communications security, pages 262-271. New York: ACM. Summary The article is authored by Robin Sommer and Vern Paxson and details a Network Intrusion Detection Signature (NIDS) system that is an improvement over other NIDS that use byte sequences as signatures to detect malicious activity. The authors assert that although these systems have high efficiency, they have a limitation as they tend to suffer from a high false-positive rate, that is, they detect non-attacks as actual attacks. They mention that signature matching also has inherent weaknesses. For instance, when using tight signatures, the matcher does not have the ability to detect attacks other than those for which it has clearly specified signatures; consequently, it is highly possible that the matcher will completely miss new attacks, which, unfortunately, are being developed at a rapid pace. Besides, often signatures are not in fact “tight” as the developers proclaim. To address the NIDS weaknesses mentioned above, Sommer and Paxson (2003) develop the concept of contextual signatures as an enhancement of string-based signature-matching employed by traditional NIDS. Under this system, instead of only matching fixed strings in isolation, the process is enhanced with additional context. These enhancements include the provision of low-level context by using regular expressions for matching, and high-level context by making use of the semantic information availed by Bro’s protocol analysis and scripting language. Consequently, the newly designed NIDS’ expressiveness is greatly enhanced and this significantly reduces false positive rates. Critique In this paper, the authors describe a Network Intrusion Detection Signature system that they have designed as an improvement to conventional systems that have intrinsic weaknesses. However, developing such a system would be in vain if the traditional systems did not have any weaknesses, or if the newly designed NIDS did not bring any improvements, and this is the whole essence of research. The authors give detailed descriptions of gaps in previous NIDS and how their system will address these flaws. This is one of the strengths and contributions of the paper. Their design is built on one popular form of detecting misuse of network resources known as signature matching in which the system scans network traffic for matches against exact and clearly defined patterns. Flaws identified in earlier systems include a high probability of false positives. Besides, they systems do not address failed attacks. The authors assert that the problem of false positives can be greatly reduced through additional context. To this end, the newly designed NIDS will enable the use of additional context by: i. Providing full regular expressions rather than using fixed strings, and ii. Giving the signature engine a perception of full connection state, this permits it to compare multiple interdependent matches in both directions when the connection is in use. If the signature engine reports the match of a signature, the system uses this information to initiate a decision process, rather than an alert as occurs in most signature-matching systems. To indicate how effective their system is, the authors compare the re-designed NIDS with one of the conventional systems, Snort. A weakness of the paper is its failure to compare their newly designed system to a number of conventional NIDSs. Indeed, the authors only compare their system to one conventional system; Snort. It is known that different NIDS have unique flaws and strengths, perhaps a review of more systems would reveal a number of gaps that the authors would then address in their design enhancements and subsequent research. Findings from these numerous papers would have also served as platforms for future research in the field of network intrusion prevention. The authors contend that various difficulties exist in the evaluation of NIDS both in terms of assessing attack detection and in terms of evaluating performance. This perhaps accounts for their failure to assess more NIDS in their research. Although the authors present a brilliant paper in detailing flaws in conventional NIDS and how their new system will fix these, the paper could still benefit from some improvements. First, the authors need to evaluate more NIDSs and measure them up against their system to identify whether any additional flaws exist in these other systems or in their own system. Besides, their new NIDS system needs to be taken through rigorous testing procedures using test attacks to determine whether it can detect and correctly identify these attacks. Such tests are necessary before full implementation of the system. This article expands on what I have learnt in class, particularly in the area of internet security. Unauthorized access into a system through network intrusion can result into correspondence interception, loss or deletion of information, access and intrusion into software, databases and servers and even failure of servers. Consequently, research into internet security must be an ongoing process as new threats arise daily, and this paper is just part of ongoing research process. Concepts that would improve the paper include incorporation of other tools that can work in tandem with the described NIDS to enhance internet security. These techniques would include information on how to choose a network topology that limits intrusions, incorporation of data protection measures, and the physical security represented through the identification of people allowed to physically access IT infrastructure components such as servers and routers. One of the books that can give an insightful understanding into this field is titled Tomorrow's technology and you by Beekman and Beekman (2010). Besides, I found a journal titled Bro: A system for detecting network intruders in real-time by V. Paxson very informative as it gave insight into how the Bro system works. Jackson, C., A. Barth, A. Bortz, W. Shao, and D. Boneh. (2007). Protecting Browsers from DNS Rebinding Attacks. ACM Trans. Web, Vol. 3, No. 1., pp. 1-26 Summary This article details DNS rebinding, a process that takes advantage of the interaction between browsers and their plugins, such as Flash player, Silverlight, and Java. The authors assert that the attacks can convert browsers into open network proxies that can then make the whole system vulnerable to unauthorized access and further attack. These attacks can be used to bypass firewalls and send spam email, commit click fraud, and frame hijacked IP addresses in cyber attacks. The authors emphasize that the classic security against these malicious attacks, known as “DNS pinning” can no longer work in modern browsers. The main focus of the paper, however, is to detail the design of robust protection against this kind of attack. The authors recommend the setting up of plugin patches to protect internet users from hackers. The tool, referred to as dnswall, is not only easy to set up, but it also prevents large-scale exploitation and firewall bypass. The authors also describe two defense options which they refer to as policy-based pinning and host name authorization. Critique In any research process, it is paramount that a gap is first observed before initiating the research process, and this can only be done through evaluation and assessment of systems for which the researcher(s) is trying to improve on. Jackson et al. (2007) excel in this area as they describe the various vulnerabilities that exist in modern browsers and how traditional tools for preventing such attacks, such as DNS pinning, are ineffective in modern browsers. DNS pinning is said to be ineffective due to the vulnerabilities resulting from the recent introduction of plugins into browsers. Although the plugins provide additional browser functionality, their interaction with the browser can permit the attacker to read and write data directly on sockets to a hijacked system regardless of strong pinning. This is one of the main contributions of the paper. A second strength of the paper is seen in the way the researchers detail the communication between plugins and the browser and how this makes the browser vulnerable to hackers. Apart from the general communication process, the authors also detail communication processes between browsers and specific plugins such as Flash Player, Java, and Java LiveConnect. These plugins provide vulnerability against DNS rebinding attacks as they enable subsecond attacks, provide socket-level network access, and operate autonomously from browsers. In order to prevent the vulnerabilities, these plugins must be patched. The paper exhibited a few weaknesses and limitations. These include the failure of the researchers to give adequate detail regarding the functioning of dnswall. They only mention that the tool will protect against firewall circumvention but barely mention how it will work towards this. However, the paper is strong in giving alternative or additional options that can prevent DNS rebinding attacks. These mechanisms include fixing plugins, fixing browsers using default-deny sockets, and fixing browsers using default-allow sockets. Besides, the Firefox NoScript extension can offer partial protection against the attacks. Possible improvements to this paper include a thorough comparison of dnswall against other tools used to prevent DNS rebinding attacks. This would make it possible to evaluate the effectiveness of the tool and even expose some weaknesses that could form the basis for future research. The paper serves to extend my knowledge of concepts learned in class. Internet security is a very broad and complex topic and research into this important area is ongoing as has been seen in the last paper included in this critique. I have previously read widely on the subject of internet security, some of the areas touched on include malicious software (viruses, worms, spyware etc.) and how antivirus programs function to curtail the effects of these programs, denial-of-service attacks and the role of firewalls in web security. This paper improved my comprehension of how firewalls can be bypassed and the tools that can be used to reduce this risk. Some of the books that can increase one’s understanding of internet security include Firewalls and Internet Security: Repelling the Wily Hacker by William R. Cheswick, Steven M. Bellovin, Aviel D. Rubin and Cyber Threat: Internet Security for Home and Business by David Mcmahon. Although dnswall is one of the most common tools in DNS filtering and preventing DNS rebranding, it should be used in combination with other tools due to the wide range of threats that internet users face. Besides, internet attacks are rapidly evolving in form and type and research in to this field must match the pace at which these threats arise. This paper was just a part of that research and the researchers could not obviously cover everything. Consequently, future research into DNS rebranding should focus on the effectiveness of various tools in fighting these attacks. References Jackson, C., A. Barth, A. Bortz, W. Shao, and D. Boneh. (2007). Protecting Browsers from DNS Rebinding Attacks. ACM Trans. Web, 3(1): 1-26. Sommer, D. and V. Paxson. (2003). Enhancing Byte-Level Network Intrusion Detection Signatures with Context. CCS '03 Proceedings of the 10th ACM conference on Computer and communications security, pages 262-271. New York: ACM. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Review/Critique paper of the articles Admission/Application Essay”, n.d.)
Review/Critique paper of the articles Admission/Application Essay. Retrieved from https://studentshare.org/information-technology/1460365-review-critique-paper-of-the-articles
(Review/Critique Paper of the Articles Admission/Application Essay)
Review/Critique Paper of the Articles Admission/Application Essay. https://studentshare.org/information-technology/1460365-review-critique-paper-of-the-articles.
“Review/Critique Paper of the Articles Admission/Application Essay”, n.d. https://studentshare.org/information-technology/1460365-review-critique-paper-of-the-articles.
  • Cited: 0 times

CHECK THESE SAMPLES OF Proceedings of the 10th ACM Conference on Computer and Communications Security

MSc Computer System Security RFID

RFID Privacy and security The protection related to privacy and security incorporated with RFID technology cannot be rectified without analyzing causes and driving factors.... The applications of radio waves consist of Radar systems, Fixed Mobile and Satellite Communication, Media Broadcasting and computer Networks....
18 Pages (4500 words) Essay

Database Architecture for GEMLCA Resource Availability

Administrators should be able to deploy new legacy applications on computer server using different job managers like Condor, Fork, PBS, etc.... hellip; Computational resources as supercomputers, computer clusters, storage systems, data sources, instruments and people connected through a network are synched together and work as a single resource.... This layer is required to connect computer server to OSGA built grid.... The selected grid should allow the grid clients to access legacy applications available in computer servers like a grid or web services....
9 Pages (2250 words) Research Paper

Firewalls Network Security Analysis

The essay "Firewalls Network security Analysis" discusses the implementation of firewall technology for the enhanced security of any business or personal network.... It also outlines and analyzes firewall's security matters, effectiveness, and methodologies in addition to implemented in individual and organizations.... he terms security and privacy are associated with data and information, which are an important part of organizations as well as individuals....
6 Pages (1500 words) Essay

E-Commerce: Security and Privacy Issues

This paper presents a detailed analysis of the security and privacy issues in the case of an e-commerce scenario.... In addition, the research presents a comprehensive overview of some of the main security and privacy-related issues those could make the e-commerce less secure business platform.... nbsp; … This section covers the analysis of some of the main vulnerabilities regarding e-commerce security.... nbsp; Besides this Turban, Leidner, McLean, & Wetherbe (2005) outlined the another most important security threat that is computer virus attacks on the web-based business network or computer system....
11 Pages (2750 words) Research Paper

Device Hardening and Secure Network Design

In addition, this research will offer a comprehensive overview of the hardening and other security initiatives.... Additionally, the firewalls are implemented for additional in-depth examination; tactically positioned router ACLs thus they augment network security.... Additionally, the reason for establishing the server hardening policy is to express the requirements for installing a new server in a secure fashion and maintaining the security integrity of the server and application software....
12 Pages (3000 words) Term Paper

Emerging Cyber Security Approaches and Technologies

The major challenge of the current security, of the cyber system, is because they are static.... ajority of computer networks are established by the use of static elements.... Examples of these static elements include IP addresses, and computer software's, etc.... Previously, when there was an attack on the cyber system, experts were not concerned on making changes on the computer system.... However, in the current environment, and innovation in information systems, and computer science, a static cyber system is difficult to defend....
18 Pages (4500 words) Research Paper

Improving Security in Web Services-Based Services Oriented Architectures

This report "Improving security in Web Services-Based Services Oriented Architectures" presents an overview of the common existing internet attack methods that have been discussed.... Such a network may not be expected to respond to the normal network security methods that are applied to small private networks.... The major security parameters in any computer network are confidentiality, integrity, availability, and privacy.... These security parameters need to be satisfied in any type of internet application or service....
9 Pages (2250 words) Report

The Main Security Issues and Aspects in Cloud Computing Based Technology Arrangement

The paper "The Main security Issues and Aspects in Cloud Computing Based Technology Arrangement" analyzes security-related aspects and highlights them with a view of current technology-based hindrances in the way of successful application of new technology-based cloud computing arrangements.... This research will present a deep analysis of some of the main security issues and aspects of cloud computing-based technology arrangement....
14 Pages (3500 words) Research Proposal
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us