Master Degree / Yüksek Lisans Tezleri

Permanent URI for this collectionhttps://hdl.handle.net/11147/3008

Browse

Filters

2001 - 200962010 - 20131

Settings

Subject: search.filters.subject.Firewalls (Computer security)WoS Q: search.filters.wosQuartile.N/A

Search Results

Now showing 1 - 7 of 7
  • Master Thesis
    Intrusion Detection System Alert Correlation With Operating System Level Logs
    (Izmir Institute of Technology, 2009) Toprak, Mustafa; Aytaç, İsmail Sıtkı
    Internet is a global public network. More and more people are getting connected to the Internet every day to take advantage of the Internetwork connectivity. It also brings in a lot of risk on the Internet because there are both harmless and harmful users on the Internet. While an organization makes its information system available to harmless Internet users, at the same time the information is available to the malicious users as well. Most organizations deploy firewalls to protect their private network from the public network. But, no network can be hundred percent secured. This is because; the connectivity requires some kind of access to be granted on the internal systems to Internet users. The firewall provides security by allowing only specific services through it. The firewall implements defined rules to each packet reaching to its network interface. The IDS complements the firewall security by detected if someone tries to break in through the firewall or manages to break in the firewall security and tried to have access on any system in the trusted site and alerted the system administrator in case there is a breach in security. However, at present, IDSs suffer from several limitations. To address these limitations and learn network security threats, it is necessary to perform alert correlation. Alert correlation focuses on discovering various relationships between individual alerts. Intrusion alert correlation techniques correlate alerts into meaningful groups or attack scenarios for ease to understand by human analysts. In order to be sure about the alert correlation working properly, this thesis proposed to use attack scenarios by correlating alerts on the basis of prerequisites and consequences of intrusions. The architecture of the experimental environment based on the prerequisites and consequences of different types of attacks, the proposed approach correlates alerts by matching the consequence of some previous alerts and the prerequisite of some later ones with OS-level logs. As a result, the accuracy of the proposed method and its advantage demonstrated to focus on building IDS alert correlation with OS-level logs in information security systems.
  • Master Thesis
    A Firewall Design for Academic Environments
    (Izmir Institute of Technology, 2001) Tok, Metin; Koltuksuz, Ahmet Hasan
    Computer networks in academic environments could have many secUlity problems if there weren't enough precaution. The source of these problems is generally vulnerabilities of TCP/IP protocol and Internet. Vulnerabilities can cause threats. These threats will be analyzed in this thesis. There are many kind of countelmeasures to prevent the assets of the academic networks. Firewalls are a kind of countermeasure against these attacks. In this thesis, these countelmeasures will be also analyzed and a firewall will be designed and proposed for academic environments against these threats.
  • Master Thesis
    Traffic Generator for Firewall Testing
    (Izmir Institute of Technology, 2009) Kaya, Özgür; Tuğlular, Tuğkan
    Firewalls lead at the front line of a computer network to restrict unauthorized access. The desired security level is determined by a policy and implemented by a firewall which not only has to be effective but also stable and reliable service is expected. In order to verify the level of security of the system, testing is required. The objective of this thesis is to test a firewall with software testing techniques taking into consideration the nominated policy and the firewall. Iptables software was examined and tested by two different algorithms that were modified according to software testing techniques, and the results were observed. Packets sent through the Firewall Under Test (FUT) are compared to packets passed through the FUT and test results were observed. The security performance of the modified algorithms proved to be successful.
  • Master Thesis
    A Feedback-Based Testing Methodology for Network Security Software
    (Izmir Institute of Technology, 2013) Gerçek, Gürcan; Tekir, Selma
    As part of network security testing, an administrator needs to know whether thefirewall enforces the security policy as expected or not, In this setting, black-box testing and evaluation methodologies can be helpful. In this work, we employ a simple mutation operation, namely flipping a bit, to generate mutant firewall policies and use them to evaluate our previously proposed weighted test case selection method for firewall testing. In the previously proposed firewall testing approach, abstract test cases that are automatically generated from firewall decision diagrams instantiated are by selecting test input values fromdifferent test data pools for each field of firewall policy. Furthermore, a case study is presented to valdate the proposed approach.
  • Master Thesis
    Development of a Distributed Firewall Administration Tool
    (Izmir Institute of Technology, 2008) Erdoğan, Yunus; Tuğlular, Tuğkan
    Today firewalls not only guard internal computer networks but also individual personal computers against malicious and unauthorized accesses from outside. The purpose of this study is to create architecture and its corresponding application to manage distributed firewalls running on Microsoft Windows platform. Distributed Firewall Administration is about creating a management center for a network composed of the firewalls running on Microsoft Windows platform. Main important part of this work is to determine distributed firewall network topology with breadth-first search and depth-first search algorithms.The Microsoft Windows Firewall API makes it possible to programmatically manage the features of firewalls running on windows platform by allowing applications to create, enable and disable firewall exceptions. This study used the Windows Firewall API to manage the features of it. This API is only reachable using C/C++ low level programming languages.Distributed Firewall Administration Tool (DFAT) can add, modify or delete rules on the end-user firewall rule set, these rules stored on the database. This tool works on a distributed environment, there is a parent child relationship between firewalls. Parent firewalls have right to manage its child firewall.s rule set. Firewalls introduce themselves to each other with broadcast method.
  • Master Thesis
    Firewall monitoring using intrusion detection systems
    (Izmir Institute of Technology, 2005) Asarcıklı, Şükran; Tuğlular, Tuğkan
    Most organizations have intranet, they know the benefits of connecting their private LAN to the Internet. However, Internet is inherently an insecure network. That makes the security of the computer systems an imported problem. The first step of network security is firewalls. Firewalls are used to protect internal networks from external attacks through restricting network access according to the rules. The firewall must apply previously defined rules to each packet reaching to its network interface. If the application of rules are prohibited due to malfunction or hacking, internal network may be open to attacks and this situation should be recovered as fast as possible. In order to be sure about the firewall working properly, we proposed to use Intrusion Detection Systems (IDS)to monitor firewall operation. The architecture of our experimental environment is composed of a firewall and two IDSs. One IDS is between external network and firewall, while the other is between firewall and private network. Those two IDSs are invisible to the both networks and they send their information to a monitoring server, which decides, based on two observations, whether the firewall is working properly or not.
  • Master Thesis
    Policy Anomaly Reporting for Distributed Firewalls
    (Izmir Institute of Technology, 2007) Çetin, Füsun; Tuğlular, Tuğkan
    Firewall is a protective device which is installed between two networks.Firewall functionality depends on the filtering rules and their order. All rule relations must be considered in order to determine correct rule order. In this thesis, anomaly discovery algorithms are implemented for single and distributed firewall environments in a software tool called .Policy Anomaly Checker.. A number of tests are performed using different policies and network topologies in order to obtain operational values of these algorithms.