Master Degree / Yüksek Lisans Tezleri

Permanent URI for this collectionhttps://hdl.handle.net/11147/3008

Browse

Filters

2001 - 200972010 - 20132

Settings

Department: search.filters.department.Thesis (Master)--İzmir Institute of Technology, Computer EngineeringSubject: search.filters.subject.Firewalls (Computer security)

Search Results

Now showing 1 - 9 of 9
  • Master Thesis
    Intrusion Detection System Alert Correlation With Operating System Level Logs
    (Izmir Institute of Technology, 2009) Toprak, Mustafa; Aytaç, İsmail Sıtkı
    Internet is a global public network. More and more people are getting connected to the Internet every day to take advantage of the Internetwork connectivity. It also brings in a lot of risk on the Internet because there are both harmless and harmful users on the Internet. While an organization makes its information system available to harmless Internet users, at the same time the information is available to the malicious users as well. Most organizations deploy firewalls to protect their private network from the public network. But, no network can be hundred percent secured. This is because; the connectivity requires some kind of access to be granted on the internal systems to Internet users. The firewall provides security by allowing only specific services through it. The firewall implements defined rules to each packet reaching to its network interface. The IDS complements the firewall security by detected if someone tries to break in through the firewall or manages to break in the firewall security and tried to have access on any system in the trusted site and alerted the system administrator in case there is a breach in security. However, at present, IDSs suffer from several limitations. To address these limitations and learn network security threats, it is necessary to perform alert correlation. Alert correlation focuses on discovering various relationships between individual alerts. Intrusion alert correlation techniques correlate alerts into meaningful groups or attack scenarios for ease to understand by human analysts. In order to be sure about the alert correlation working properly, this thesis proposed to use attack scenarios by correlating alerts on the basis of prerequisites and consequences of intrusions. The architecture of the experimental environment based on the prerequisites and consequences of different types of attacks, the proposed approach correlates alerts by matching the consequence of some previous alerts and the prerequisite of some later ones with OS-level logs. As a result, the accuracy of the proposed method and its advantage demonstrated to focus on building IDS alert correlation with OS-level logs in information security systems.
  • Master Thesis
    A Firewall Design for Academic Environments
    (Izmir Institute of Technology, 2001) Tok, Metin; Koltuksuz, Ahmet Hasan
    Computer networks in academic environments could have many secUlity problems if there weren't enough precaution. The source of these problems is generally vulnerabilities of TCP/IP protocol and Internet. Vulnerabilities can cause threats. These threats will be analyzed in this thesis. There are many kind of countelmeasures to prevent the assets of the academic networks. Firewalls are a kind of countermeasure against these attacks. In this thesis, these countelmeasures will be also analyzed and a firewall will be designed and proposed for academic environments against these threats.
  • Master Thesis
    Standards and Practices Necessary To Implement a Successful Security Review Program for Intrusion Management Systems
    (Izmir Institute of Technology, 2002) Doruk, Alpay; Tuğlular, Tuğkan; Tuğlular, Tuğkan
    Intrusion Management Systems are being used to prevent the information systems from successful intrusions and their consequences. They also have detection features. They try to detect intrusions, which have passed the implemented measures. Also the recovery of the system after a successful intrusion is made by the Intrusion Management Systems. The investigation of the intrusion is made by Intrusion Management Systems also. These functions can be existent in an intrusion management system model, which has a four layers architecture. The layers of the model are avoidance, assurance, detection and recovery. At the avoidance layer necessary policies, standards and practices are implemented to prevent the information system from successful intrusions. At the avoidance layer, the effectiveness of implemented measures are measured by some test and reviews. At the detection layer the identification of an intrusion or intrusion attempt is made in the real time. The recovery layer is responsible from restoring the information system after a successful intrusion. It has also functions to investigate the intrusion. Intrusion Management Systems are used to protect information and computer assets from intrusions. An organization aiming to protect its assets must use such a system. After the implementation of the system, continuous reviews must be conducted in order to ensure the effectiveness of the measures taken. Such a review can achieve its goal by using principles and standards. In this thesis, the principles necessary to implement a successful review program for Intrusion Management Systems have been developed in the guidance of Generally Accepted System Security Principles (GASSP). These example principles are developed for tools of each Intrusion Management System layer. These tools are firewalls for avoidance layer, vulnerability scanners for assurance layer, intrusion detection systems for detection layer and integrity checkers for recovery layer of Intrusion Management Systems.
  • Master Thesis
    Traffic Generator for Firewall Testing
    (Izmir Institute of Technology, 2009) Kaya, Özgür; Tuğlular, Tuğkan
    Firewalls lead at the front line of a computer network to restrict unauthorized access. The desired security level is determined by a policy and implemented by a firewall which not only has to be effective but also stable and reliable service is expected. In order to verify the level of security of the system, testing is required. The objective of this thesis is to test a firewall with software testing techniques taking into consideration the nominated policy and the firewall. Iptables software was examined and tested by two different algorithms that were modified according to software testing techniques, and the results were observed. Packets sent through the Firewall Under Test (FUT) are compared to packets passed through the FUT and test results were observed. The security performance of the modified algorithms proved to be successful.
  • Master Thesis
    A Feedback-Based Testing Methodology for Network Security Software
    (Izmir Institute of Technology, 2013) Gerçek, Gürcan; Tekir, Selma
    As part of network security testing, an administrator needs to know whether thefirewall enforces the security policy as expected or not, In this setting, black-box testing and evaluation methodologies can be helpful. In this work, we employ a simple mutation operation, namely flipping a bit, to generate mutant firewall policies and use them to evaluate our previously proposed weighted test case selection method for firewall testing. In the previously proposed firewall testing approach, abstract test cases that are automatically generated from firewall decision diagrams instantiated are by selecting test input values fromdifferent test data pools for each field of firewall policy. Furthermore, a case study is presented to valdate the proposed approach.
  • Master Thesis
    Development of a Distributed Firewall Administration Tool
    (Izmir Institute of Technology, 2008) Erdoğan, Yunus; Tuğlular, Tuğkan
    Today firewalls not only guard internal computer networks but also individual personal computers against malicious and unauthorized accesses from outside. The purpose of this study is to create architecture and its corresponding application to manage distributed firewalls running on Microsoft Windows platform. Distributed Firewall Administration is about creating a management center for a network composed of the firewalls running on Microsoft Windows platform. Main important part of this work is to determine distributed firewall network topology with breadth-first search and depth-first search algorithms.The Microsoft Windows Firewall API makes it possible to programmatically manage the features of firewalls running on windows platform by allowing applications to create, enable and disable firewall exceptions. This study used the Windows Firewall API to manage the features of it. This API is only reachable using C/C++ low level programming languages.Distributed Firewall Administration Tool (DFAT) can add, modify or delete rules on the end-user firewall rule set, these rules stored on the database. This tool works on a distributed environment, there is a parent child relationship between firewalls. Parent firewalls have right to manage its child firewall.s rule set. Firewalls introduce themselves to each other with broadcast method.
  • Master Thesis
    Firewall monitoring using intrusion detection systems
    (Izmir Institute of Technology, 2005) Asarcıklı, Şükran; Tuğlular, Tuğkan
    Most organizations have intranet, they know the benefits of connecting their private LAN to the Internet. However, Internet is inherently an insecure network. That makes the security of the computer systems an imported problem. The first step of network security is firewalls. Firewalls are used to protect internal networks from external attacks through restricting network access according to the rules. The firewall must apply previously defined rules to each packet reaching to its network interface. If the application of rules are prohibited due to malfunction or hacking, internal network may be open to attacks and this situation should be recovered as fast as possible. In order to be sure about the firewall working properly, we proposed to use Intrusion Detection Systems (IDS)to monitor firewall operation. The architecture of our experimental environment is composed of a firewall and two IDSs. One IDS is between external network and firewall, while the other is between firewall and private network. Those two IDSs are invisible to the both networks and they send their information to a monitoring server, which decides, based on two observations, whether the firewall is working properly or not.
  • Master Thesis
    Policy Anomaly Reporting for Distributed Firewalls
    (Izmir Institute of Technology, 2007) Çetin, Füsun; Tuğlular, Tuğkan
    Firewall is a protective device which is installed between two networks.Firewall functionality depends on the filtering rules and their order. All rule relations must be considered in order to determine correct rule order. In this thesis, anomaly discovery algorithms are implemented for single and distributed firewall environments in a software tool called .Policy Anomaly Checker.. A number of tests are performed using different policies and network topologies in order to obtain operational values of these algorithms.
  • Master Thesis
    Campus Network Topology Discovery and Distributed Firewall Policy Generation
    (Izmir Institute of Technology, 2011) Çalışkan, Ezgi; Tuğlular, Tuğkan; Tuğlular, Tuğkan
    The change in technology of network components has enabled more complex and dynamic computer networks to occur. At present, most network components can easily be attached to or removed from computer networks. This situation causes the static prevention techniques to be inadequate. In static prevention, any situation which is different than expected ones occurs, the default rule is taken granted for it. Detecting unpredictable situations and finding out solutions for them takes time. There are some network systems, which control network parameters dynamically, such as intrusion detection systems integrated firewalls. However, even if these systems control traffic parameters, they can only alert when the parameter values are not in the given range. They may not be successful to determine well-designed attacks or even if the system determines the attack, it takes time to interfere. Instead of static approaches, a dynamic network security system, which is compatible with dynamic network topology and can update the security issues according to changes in network, is needed. To achieve this dynamic nature, the network must be monitored. Then controlling and managing new components could be easier and more secure. New security rules must be created for the newly attached network components or security rules must be removed for removed network components. In this thesis, an approach to monitor a campus area network and dynamically update firewall rules according to monitoring results is proposed. The implemented approach is validated through a case study.