Sürdürülebilir Yeşil Kampüs Koleksiyonu / Sustainable Green Campus Collection
Permanent URI for this collectionhttps://hdl.handle.net/11147/7755
Browse
4 results
Search Results
Master Thesis Intrusion Detection System Alert Correlation With Operating System Level Logs(Izmir Institute of Technology, 2009) Toprak, Mustafa; Aytaç, İsmail SıtkıInternet is a global public network. More and more people are getting connected to the Internet every day to take advantage of the Internetwork connectivity. It also brings in a lot of risk on the Internet because there are both harmless and harmful users on the Internet. While an organization makes its information system available to harmless Internet users, at the same time the information is available to the malicious users as well. Most organizations deploy firewalls to protect their private network from the public network. But, no network can be hundred percent secured. This is because; the connectivity requires some kind of access to be granted on the internal systems to Internet users. The firewall provides security by allowing only specific services through it. The firewall implements defined rules to each packet reaching to its network interface. The IDS complements the firewall security by detected if someone tries to break in through the firewall or manages to break in the firewall security and tried to have access on any system in the trusted site and alerted the system administrator in case there is a breach in security. However, at present, IDSs suffer from several limitations. To address these limitations and learn network security threats, it is necessary to perform alert correlation. Alert correlation focuses on discovering various relationships between individual alerts. Intrusion alert correlation techniques correlate alerts into meaningful groups or attack scenarios for ease to understand by human analysts. In order to be sure about the alert correlation working properly, this thesis proposed to use attack scenarios by correlating alerts on the basis of prerequisites and consequences of intrusions. The architecture of the experimental environment based on the prerequisites and consequences of different types of attacks, the proposed approach correlates alerts by matching the consequence of some previous alerts and the prerequisite of some later ones with OS-level logs. As a result, the accuracy of the proposed method and its advantage demonstrated to focus on building IDS alert correlation with OS-level logs in information security systems.Master Thesis A Firewall Design for Academic Environments(Izmir Institute of Technology, 2001) Tok, Metin; Koltuksuz, Ahmet HasanComputer networks in academic environments could have many secUlity problems if there weren't enough precaution. The source of these problems is generally vulnerabilities of TCP/IP protocol and Internet. Vulnerabilities can cause threats. These threats will be analyzed in this thesis. There are many kind of countelmeasures to prevent the assets of the academic networks. Firewalls are a kind of countermeasure against these attacks. In this thesis, these countelmeasures will be also analyzed and a firewall will be designed and proposed for academic environments against these threats.Master Thesis Development of a Distributed Firewall Administration Tool(Izmir Institute of Technology, 2008) Erdoğan, Yunus; Tuğlular, TuğkanToday firewalls not only guard internal computer networks but also individual personal computers against malicious and unauthorized accesses from outside. The purpose of this study is to create architecture and its corresponding application to manage distributed firewalls running on Microsoft Windows platform. Distributed Firewall Administration is about creating a management center for a network composed of the firewalls running on Microsoft Windows platform. Main important part of this work is to determine distributed firewall network topology with breadth-first search and depth-first search algorithms.The Microsoft Windows Firewall API makes it possible to programmatically manage the features of firewalls running on windows platform by allowing applications to create, enable and disable firewall exceptions. This study used the Windows Firewall API to manage the features of it. This API is only reachable using C/C++ low level programming languages.Distributed Firewall Administration Tool (DFAT) can add, modify or delete rules on the end-user firewall rule set, these rules stored on the database. This tool works on a distributed environment, there is a parent child relationship between firewalls. Parent firewalls have right to manage its child firewall.s rule set. Firewalls introduce themselves to each other with broadcast method.Master Thesis Firewall monitoring using intrusion detection systems(Izmir Institute of Technology, 2005) Asarcıklı, Şükran; Tuğlular, TuğkanMost organizations have intranet, they know the benefits of connecting their private LAN to the Internet. However, Internet is inherently an insecure network. That makes the security of the computer systems an imported problem. The first step of network security is firewalls. Firewalls are used to protect internal networks from external attacks through restricting network access according to the rules. The firewall must apply previously defined rules to each packet reaching to its network interface. If the application of rules are prohibited due to malfunction or hacking, internal network may be open to attacks and this situation should be recovered as fast as possible. In order to be sure about the firewall working properly, we proposed to use Intrusion Detection Systems (IDS)to monitor firewall operation. The architecture of our experimental environment is composed of a firewall and two IDSs. One IDS is between external network and firewall, while the other is between firewall and private network. Those two IDSs are invisible to the both networks and they send their information to a monitoring server, which decides, based on two observations, whether the firewall is working properly or not.