Download Network Hardening: An Automated Approach to Improving by Lingyu Wang PDF
By Lingyu Wang
This Springer short examines the instruments in accordance with assault graphs that support exhibit community hardening threats. latest instruments aspect all attainable assault paths resulting in serious community assets. although no present device offers a right away approach to eliminate the threats, they seem to be a extra effective technique of community safeguard than depending completely at the event and talents of a human analyst. Key history info on assault graphs and community hardening is helping readers comprehend the complexities of those instruments and strategies. community Hardening: an automatic method of enhancing community defense is a worthy source for researchers and execs operating in community safety. it's also a useful gizmo for advanced-level scholars excited by safeguard in computing device technology and electric engineering.
Read or Download Network Hardening: An Automated Approach to Improving Network Security PDF
Best network security books
Guide to Computer Forensics and Investigations (3rd Edition)
Grasp the talents essential to release and whole a winning computing device research with the up-to-date fourth version of this well known booklet, advisor TO desktop FORENSICS AND INVESTIGATIONS. This source publications readers via carrying out a high-tech research, from buying electronic facts to reporting its findings.
The Executive MBA in Information Security
In line with the Brookings Institute, an organization’s info and different intangible resources account for over eighty percentage of its marketplace price. because the basic sponsors and implementers of data safety courses, it really is crucial for these in key management positions to own a high-quality knowing of the regularly evolving basic techniques of knowledge safety administration.
Intrusion Detection with SNORT: Advanced IDS Techniques Using SNORT, Apache, MySQL, PHP, and ACID
Community safety has turn into an immense a part of company IT procedure and safeguarding all of the nooks and crannies of your community could be well timed and dear. This ebook presents information regarding easy methods to use loose Open resource instruments to construct and deal with an Intrusion Detection approach. Rehman presents exact information regarding utilizing giggle as an IDS and utilizing Apache, MySQL, personal home page and ACID to research intrusion info.
This publication constitutes the completely refereed post-conference court cases of the sixteenth foreign convention on details protection and Cryptology, ICISC 2013, held in Seoul, Korea in November 2013. The 31 revised complete papers offered including 2 invited talks have been rigorously chosen from 126 submissions in the course of rounds of reviewing.
- Information security management handbook
- Smart Mobile Apps: Mit Business-Apps ins Zeitalter mobiler Geschäftsprozesse
- Microsoft SQL Server 2012 Security Cookbook
- Practical Information Security Management A Complete Guide to Planning and Implementation
- The Cloud Security Ecosystem: Technical, Legal, Business and Management Issues
Additional resources for Network Hardening: An Automated Approach to Improving Network Security
Sample text
A is an allowable hardening action. We use A to denote the set of all possible hardening actions. stop_ftp(2) block_host(0) stop_sshd(1) ftp(0,1) ftp_rhosts(0,1) ftp(1,2) trust(1,0) sshd(0,1) ftp(0,2) ftp_rhosts(1,2) rsh(0,1) sshd_bof(0,1) ftp_rhosts(0,2) trust(2,1) user(1) trust(2,0) rsh(1,2) rsh(0,2) user(2) local_bof(2) root(2) Fig. 3 Possible hardening actions (orange rectangles) for the attack graph of Fig. 3 depicts the same attack graph of Fig. 2, but it explicitly shows the allowable hardening actions, represented as rounded rectangles.
2 Therefore, when choosing a set of initial conditions to be removed in order to prevent attacks on given targets, we should take into account all the implications of removing those conditions. Removing specific initial conditions may require to take actions that disable additional conditions, including conditions not explicitly modeled in the attack graph, such as conditions that are not part of any attack path. To address this problem, we formalize the notion of hardening strategy in terms of allowable actions, and define a cost model that takes into account the impact of hardening actions.
6 shows an example of attack graph with two initial conditions. c1 _ c2 / ^ c1 ^ c2 /, and the DNF is L Á :c1 ^ :c2 _ :c1 _ :c2 . Clearly, among the three options :c1 ^ :c2 , :c1 , and :c2 , the first incurs no less cost than the second or the third and hence should be removed from consideration. The above example also shows that theoretically the DNF of L may have an exponential size in the number of initial conditions (after the above reduction, this number of options will be bound by the number of incomparable subsets of n n by Sperner’s initial conditions, which is known as the binomial coefficient bn=2c Theorem).