No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
... • SASL: Simple Authentication and Security Layer (SASL) is a framework that uses other authentication types such as Kerberos [23]. Aside from LDAP, Active Directory uses other authentication methods such as LM and NTLM. ...
In an increasingly interconnected world, it is essential for all entities to have a strong cybersecurity strategy and defense. The last few years, organizations were relying in a "Response-Oriented" approach to cybersecurity incidents. Today, many entities realize this approach is no longer sufficient and turn to a more "Readiness-Oriented" approach [1]. The reason for this change being that one of the best ways for a defense to be tested is the simulation of a real-world attack [2]. The purpose of this thesis with the title "An External Red Team Assessment in a Corporate Environment" is to demonstrate how a malicious user could infiltrate a corporate infrastructure, how would he move inside the network and how much damage he could cause. Featuring, Windows Active Directory services with a domain controller one Windows 10 client and a firewall which is also used as a router. Furthermore, there will be an Ubuntu web server hosting a website with a Local File Inclusion (LFI) vulnerability which will be used as the initial foothold.
The first part of this thesis will be an introduction and will include a general idea of cybersecurity, why a red team assessment is important, what problem is it trying to solve and what has been achieved from the practical part.
The second part will be more theoretical about the terminology used, what are the current threats, how a red team assessment is performed, different methodologies, tools and frameworks, why this kind of testing is essential and differences between the cybersecurity teams which are red, blue and purple teams.
For the third part there will be an analysis of the steps taken to conduct all the attacks, exploitation, pivoting and persistence described in the first part, but also how these vulnerabilities can be mitigated. This operation will be performed according to the MITRE ATT&CK framework.
Finally, there will be a report about all the vulnerabilities found in the network along with their mitigation and an assessment of the damage and potential loss for the company if these series of events take place. Also, the rules of engagement document will be provided which is the legal document that certifies the legality of this assessment and will determine what systems are in scope and what attacks can and cannot be performed.
... O PEPé uma entidade lógica que reforça decisões de Políticas. Este reforçoé representado pela execução do conjunto de Ações das Regras de Política.Uma sugestão para protocolo de acesso ao Repositório de Políticas que vem tendo uma razoável aceitaçãoé o LDAP (Lightweight Directory Access Protocol), especificado em[5]. De fato, a IETF especifica em[6] um mapeamento do PCIM para um schema LDAP, denominado PCLS (Policy Core LDAP Schema).Uma sugestão para protocolo de transferência de decisões de Políticas entre PDPs e PEPsé o COPS (Common Open Policy Service). ...
... Due to its light implementation, many applications support LDAP for synchronizing and managing directory services (e.g., the Active Directory Server from Microsoft). LDAP allows cross-platform clients to query the directory services that contain attribute-value pairs of users, applications, computers, and devices in the network through an LDAP client [3]. Enterprise applications use LDAP for authentication in applications that include email clients, SSH, server, and workstation access. ...
The Lightweight Directory Access Protocol (LDAP) has been widely used to query directory services. It is mainly utilized for reading, writing, and searching directory services like the Active Directory. The vast adoption of LDAP for authentication has entailed several attack attempts like injection attacks and unauthorized access due to third-party key storage. Furthermore, recent vulnerabilities discovered in libraries like the Log4j can lead adversaries to obtain unauthorized information from the directory services through pivoting attacks. Moreover, the LDAP can be configured to operate on UDP, motivating adversaries to exploit it for Distributed Reflection Denial of Service attacks (DRDoS). This paper presents a study of attacks on the LDAP by deploying honeypots that simulate multiple profiles that support the LDAP service and correlating the attack datasets obtained from honeypots deployed by the Honeynet Project community. We observe a total of 39, 388 malicious events targeting the honeypots and discover 273 unique attack sources performing pivot attacks in a period of one month.
... LDAP (Lightweight Directory Access Protocol) [2] is the predominant Internet open standard for directory services, being published in a series of RFCs (Request For Comments). Microsoft, Novell, Sun, Oracle, and many other vendors feature LDAP-based products. ...
... Due to technical, but mainly political difficulties encountered in trying to implement the full X.500 directory, there is currently no standard certificate distribution/storage mechanism. However, PKI repositories have been traditionally based on the lightweight directory access protocol (LDAP) [4,5]. LDAP is much simpler than its precursor, the directory access protocol (DAP). ...
Traditionally, publicly available repositories of certificates offer the usual response to the problem of public key distribution. After issuing a public-key certificate a certification authority (CA) - in the frame of a particular public-key infrastructure (PKI) - will store and publish that certificate in a repository so that, at a later moment, end-users can search, find and retrieve public-key certificates. A known and still persisting drawback of this approach is that these repositories are not interconnected between each other on an Internet scale, therefore the search and retrieving of certificates on a wider scale turns out to be very difficult. In this scenario, end-users are supposed to know the Internet location of the repository before actually starting the procedure of search and retrieval. Currently, there are no means to perform automatic discovery of authoritative repositories for a particular certificate using as a search-key some information identifying an Internet entity. In this paper, we try to describe a different approach for solving the key distribution problem. This solution takes into account an already existing Internet-wide infrastructure: the domain name system (DNS).
... As of this, an entry's RDN is not guaranteed to remain unchanged. A widely adopted and popular standard for directory services is the Lightweight Directory Access Protocol (LDAP) [214] [215] [216], which is based on the ITUT standard X.500 [217]. LDAP is often used in corporate networks for employee or email directories. ...
Online Social Networks (OSN) have become an integral part of our everyday lives. We express ourselves, create and collect content such as images or videos, share content and information with our friends and colleagues, exchange messages, or keep track of what’s happening in the world. Yet, despite social communication being implicitly a distributed, decentralized phenomenon, most OSN services are built in a central, monolithic fashion, concentrating all knowledge and power in one company or organization. This contradicts the idea of the social web, as proprietary and isolated walled gardens keep users from being able to freely choose an OSN platform provider or to effectively control their privacy. In order to mitigate the problem, alternative architectures that distribute control and data to multiple independent services were proposed. Unfortunately, the implicit network effects existing in large OSN services still prevent users from migrating to alternative solutions in significant numbers. Moreover, technical protocols for facilitating holistic and seamless interoperability and furthermore
data portability in OSN services do not exist. Ultimately, today’s OSN market is dominated by one single service which has been able to attract a significant amount of users, while a large number of competing services and alternative solutions exist that combine a comparably small number of users. Two main issues have been identified that contribute to the current situation of one OSN service heavily dominating the entire market, being the lack of data portability and interoperability between different OSN services. This work proposes Sonic, a solution that aims to interconnect arbitrary OSN services into one open and heterogeneous federation of OSN services. Sonic introduces an open communication protocol and data formats that are able to facilitate interconnectivity of OSN services. The proposed architecture supports core features implemented in today’s most popular OSN services and facilitates extended functionality through an extensibility framework.
... Other works have adopted the same concept for publishing the indices to the DSs, but instead of a centralized DS they use distributed networks of DSs to have a more scalable query processing. For example, The Bridge project utilizes Lightweight Directory Access Protocol (LDAP) [18] and the studies in [19] and [20] considers a peer to peer (P2P) architecture. ...
When dealing with a large number of devices, the existing indexing solutions for the discovery of IoT sources often fall short to provide an adequate scalability. This is due to the high computational complexity and communication overhead that is required to create and maintain the indices of the IoT sources particularly when their attributes are dynamic. This paper presents a novel approach for indexing distributed IoT sources and paves the way to design a data discovery service to search and gain access to their data. The proposed method creates concise references to IoT sources by using Gaussian Mixture Models (GMM). Furthermore, a summary update mechanism is introduced to tackle the change of sources availability and mitigate the overhead of updating the indices frequently. The proposed approach is benchmarked against a standard centralized indexing and discovery solution. The results show that the proposed solution reduces the communication overhead required for indexing by three orders of magnitude while depending on IoT network architecture it may slightly increase the discovery time.
... It builds upon the ideas of X.500 but differs, in particular, with regards to security features [85] and simplicity. LDAP is designed to be extensible and flexible, see the many LDAP related RFCs, including RFC2251 [172] dated 1997, and RFC4510 [182] to RFC4519 [153]. LDAP organizes its data in a tree like ASN.1 [95]. ...
Today's Internet utilizes a multitude of different protocols. While some of these protocols were first implemented and used and later documented, other were first specified and then implemented. Regardless of how protocols came to be, their definitions can contain traps that lead to insecure implementations or deployments. A classical example is insufficiently strict authentication requirements in a protocol specification. The resulting Misconfigurations, i.e., not enabling strong authentication, are common root causes for Internet security incidents. Indeed, Internet protocols have been commonly designed without security in mind which leads to a multitude of misconfiguration traps. While this is slowly changing, to strict security considerations can have a similarly bad effect. Due to complex implementations and insufficient documentation, security features may remain unused, leaving deployments vulnerable. In this paper we provide a systematization of the security traps found in common Internet protocols. By separating protocols in four classes we identify major factors that lead to common security traps. These insights together with observations about end-user centric usability and security by default are then used to derive recommendations for improving existing and designing new protocols---without such security sensitive traps for operators, implementors and users.
... As entries might be shifted to another branch or level in the tree-like structure, it's RDN is not guaranteed to remain stable. An existing and widely used standard for directory services is the Lightweight Directory Access Protocol (LDAP) [25][26][27] based on the ITUT standard X.500 [28]. One of the most used and well known directory services is the Domain Name System (DNS) [15,29]. ...
As of today, communication habits are shifting towards Online Social Network (OSN) services such as WhatsApp or Facebook. Still, OSN platforms are mostly built in a closed, proprietary manner that disallows users from communicating seamlessly between different OSN services. These lock-in effects are used to discourage users to migrate to other services. To overcome the obvious drawbacks of proprietary protocols and service architectures, SONIC proposes a holistic approach that facilitates seamless connectivity between different OSN platforms and allows user accounts to be migrated between OSN platforms without losing data or connections to other user profiles. Thus, SONIC builds the foundation for an open and heterogeneous Online Social Network Federation (OSNF). In this paper, we present a distributed and domain-independent ID management architecture for the SONIC OSNF, which allows user identifiers (GlobalID) to remain unchanged even when a profile is migrated to a different OSN platform. In order to resolve a given GlobalID to the actual URL of a social profile the Global Social Lookup System (GSLS), a distributed directory service built on peer to peer technology is introduced. Datasets called Social Records, which comprise all information required to look up a certain profile, are stored and published by the GSLS. Following this approach, social profiles can be migrated between OSN platforms without changing the user identifier, or losing connections to other users’ social profiles.
... Directory services (e.g. LDAP, compare Wahl et al., 1997) are an attempt to solve this problem. Accounts are managed hierarchically in a central directory that all applications access whenever they need information about a user. ...
Increasingly complex networks and distributed services entail new challenges concerning interoperability and integration of security mechanisms. The currently available solutions, e.g. directory services or distributed authentication systems have disadvantages that can be overcome by a new approach based on mapping identities. Identity mapping allows assigning the identity of one human to different users in various systems. The security features of every system can be fully used and no common denominator limits the power of a single system. This paper’ describes the different types of mappings that are necessary to implement such a system. Mappings cannot occur only on a user-user basis but also roles and groups have to be considered to correctly represent modern security issues.
... LDAP: Zugangsdaten werden direkt in einem LDAP-Verzeichnis (Wahl et al. 1997;Wahl et al. 2000) geprüft. ...
Die Arbeit beschäftigt sich mit der Gewährleistung der betrieblichen Informationssicherheit, insbesondere IT-Sicherheit an der Kommunikationsschnittstelle zwischen personellen und maschinellen Aufgabenträgern. Durch die Untersuchung des Konzepts der Rolle im betrieblichen Informationssystem als Bündelung von Berechtigungen anhand von Aufgaben, wird eine Lücke zwischen den beiden Forschungsgebieten Informationssicherheit und betriebliches Informationssystem geschlossen. Mit den gewonnenen Erkenntnissen wurde das Referenzmodell des rollenbasierten Zugriffskontrollmodells (RBAC) zu eRBAC als Grundlage eines Zugriffskontrollsystems für Anwendungssysteme erweitert.
Im ersten Teil der Arbeit wird der Untersuchungsrahmen abgesteckt und in die Terminologie der Informationssicherheit eingeführt. Außerdem wird die Auswahl des rollenbasierten Zugriffskontrollmodells durch einen erarbeiteten Klassifikationsrahmen unterstützt.
Gegenstand des zweiten Teils der Arbeit ist die Analyse des Begriffs Rolle. Durch die systematische Einordnung des Begriffs Rolle in Rollenkonzepte und das Einbinden der Rolle in das betriebliche Informationssystem wird gezeigt, dass sich die Rolle als virtueller Aufgabenträger zwischen der Aufgaben- und Aufgabenträgerebene befindet. Rollen beziehen sich auf Aufgaben und sind ein geeignetes Instrument, um Aufgabenträger mit Zugriffsrechten zu verbinden, damit diese ihre Aufgaben innerhalb eines IS durchführen können und gleichzeitig die Informationssicherheit gewährleistet wird. Deshalb ergänzt die Rollenzuordnung die Unternehmensarchitektur nach der Methodik des semantischen Objektmodells (SOM) an der Schnittstelle zwischen Geschäftsprozess- und Aufgabenträgerebene. Da sich Rollen aus dem Geschäftsprozess entwickeln lassen, ist der Top-Down Ansatz geeignet, ein valides Rollenmodell zu erstellen. Das Metamodell der Rollenzuordnung erweitert das Metamodell der Aufgabenträgerzuordnung um die Beziehungen Aufgabe und Aufgabenträger mit Rolle. Die Rollen bündeln dabei die Zugriffsrechte, die einem Aufgabenträger bei teilautomatisierten Aufgaben auf Aufgabenträgerebene an der Kommunikationsschnittstelle die notwendigen Zugriffe gewährt.
p>This thesis examines the issues affecting the design and implementation of scalable agent-based systems which use query routing for resource or service discovery. Query routing is a type of informed distributed search in which agents reason about the capabilities of other agents in order to constrain the scope of a query and the cost of processing it.
The technique of query routing bears many similarities to the use of mediators in multi-agent systems. We discuss the relation between mediator-based systems for service discovery in multi-agent systems and the use of query routing in distributed information systems, and present a novel model of the query routing task which we have used to examine the complexity and scalability of a number of commonly encountered architectures for resource or service discovery.
This theory-based approach is complemented by our practical experiences of building query routing systems using our simple agent framework, Phyle. Finally, we perform an empirical study of the behaviour of different query routing systems in order to validate our model, using our simulator for query routing systems, Paraphyle.</p
Les réseaux sans fil IP envahissent nos lieux de vie et le défaut de sécurité d'accès est un sérieux frein au développement de nouveaux services en leur sein. Dans ce travail nous proposons l'emploi de la carte à puce Java comme module de sécurité pour l'accès à ces réseaux, comme le sont les puces pour la téléphonie mobile GSM.Pour y parvenir malgré les limitations de ces cartes en matière de puissance de traitement et de capacité de stockage, on propose un nouveau protocole du nom de EAP-SSC (EAP Secured Smartcard Channel). Il assure une authentification mutuelle fondée sur la cryptographie à clés symétriques ou asymétriques.La diversité des autorités administrant les réseaux sans fil IP commande la prise en compte d'une variété de politiques de sécurité applicables. Aussi, proposons-nous une plate-forme dénommée OpenEAPSmartcard pour toute carte Java du marché. Son architecture est ouverte et facile à adapter aux scénarii d'authentification des développeurs.La sécurité des matériaux cryptographiques stockés sur les serveurs n'est pas garantie, à cause des attaques profitant des failles et des vulnérabilités des systèmes d'exploitation ; celle des bornes d'accès à la portée des utilisateurs l'est moins encore. Notre solution est d'implanter dans les cartes Java des serveurs EAP dénommés micro-serveurs d'authentification.Le déploiement de ces micro-serveurs pose le problème de leur mise à jour dans le temps et dans l'espace. Une architecture logicielle dénommée TEAPM (Trusted EAP Module) est proposée. En son cœur sont les protocoles EAP et EAP-TLS surmontés de XML et HTTP pour faciliter l'administration distante et sécurisée "Over The Air" des cartes à puce Java.
This paper analyzes access control mechanisms of the Enterprise Java Beans (EJB) architecture and defines a configuration of the EJB protection system in a more precise and less ambiguous language than the EJB 3.0 standard. Using this configuration, the authors suggest an algorithm that formally specifies the semantics of authorization decisions in EJB. The level of support is analyzed for the American National Standard Institute’s (ANSI) specification of Role-Based Access Control (RBAC) components and functional specification in EJB. The results indicate that the EJB specification falls short of supporting even Core ANSI RBAC. EJB extensions dependent on the operational environment are required in order to support ANSI RBAC required components. Other vendor-specific extensions are necessary to support ANSI RBAC optional components. Fundamental limitations exist, however, due to the impracticality of some aspects of the ANSI RBAC standard itself. This paper sets up a framework for assessing implementations of ANSI RBAC for EJB systems.
In the current Internet system, there are many problems using anonymity of the network communication such as personal information leaks and crimes using the Internet system. This is why TCP/IP protocol used in Internet system does not have the user identification information on the communication data, and it is difficult to supervise the user performing the above acts immediately. As a study for solving the above problem, there is the study of Policy Based Network Management (PBNM). This is the scheme for managing a whole Local Area Network (LAN) through communication control for every user. In this PBNM, two types of schemes exist. As one scheme, we have studied theoretically about the Destination Addressing Control System (DACS) Scheme with affinity with existing internet. By applying this DACS Scheme to Internet system management, we will realize the policy-based Internet system management. In this paper, to realize it, concept of the Internet PBNM Scheme is proposed as the final step.
In the current Internet system, there are many problems using anonymity of the network communication such as personal information leaks and crimes using the Internet system. This is why TCP/IP protocol used in Internet system does not have the user identification information on the communication data, and it is difficult to supervise the user performing the above acts immediately. As a study for solving the above problem, there is the study of Policy Based Network Management (PBNM). This is the scheme for managing a whole Local Area Network (LAN) through communication control for every user. In this PBNM, two types of schemes exist. As one scheme, we have studied theoretically about the Destination Addressing Control System (DACS) Scheme with affinity with existing internet. By applying this DACS Scheme to Internet system management, we will realize the policy-based Internet system management. In this paper, to realize it, concept of the Internet PBNM Scheme is proposed as the final step.
In the current Internet system, there are many problems using anonymity of the network communication such as personal information leaks and crimes using the Internet system. This is why TCP/IP protocol used in Internet system does not have the user identification information on the communication data, and it is difficult to supervise the user performing the above acts immediately. As a study for solving the above problem, there is the study of Policy Based Network Management (PBNM). This is the scheme for managing a whole Local Area Network (LAN) through communication control for every user. In this PBNM, two types of schemes exist. As one scheme, we have studied theoretically about the Destination Addressing Control System (DACS) Scheme with affinity with existing internet. By applying this DACS Scheme to Internet system management, we will realize the policy-based Internet system management. In this paper, to realize management of the specific domain with some network groups with plural organizations, results of implementation about creation and distribution processes of DACS rules are described.
In today’s world for each and every one, the data is very important factor or data plays a very important role. The concept of computer data is coming from the eighteenth century, and in nineteenth, computer data is very important concept. In nineteenth most of the devices are having the data storage capability. So, this data storage capability leads the computer to invent various protocols. The protocol is the special set of rules that are used to access the data, to exchange the data and to communicate between various notes of computer. Mainly data is stored in databases or in directory servers in computer. The protocols are also used to compress the data, to notify the data sending device that data sending is over and to notify the receiving data device that data receiving is over. Depending upon the operation, protocols are classified into various types. Protocols are fallen under the Open Systems Interconnection (OSI) models. It consists of various layers and various protocols. Depending upon the use and application, protocols are used.
In the current Internet system, there are many problems using anonymity of the network communication such as personal information leaks and crimes using the Internet system. This is why TCP/IP protocol used in Internet system does not have the user identification information on the communication data, and it is difficult to supervise the user performing the above acts immediately. As a study for solving the above problem, there is the study of Policy Based Network Management (PBNM). This is the scheme for managing a whole Local Area Network (LAN) through communication control for every user. In this PBNM, two types of schemes exist. As one scheme, we have studied theoretically about the Destination Addressing Control System (DACS) Scheme with affinity with existing internet. By applying this DACS Scheme to Internet system management, we will realize the policy-based Internet system management. In this paper, to realize management of the specific domain with some network groups with plural organizations, concept of implementation method applied for this scheme is described.
In the current Internet system, there are many problems using anonymity of the network communication such as personal information leaks and crimes using the Internet system. This is why TCP/IP protocol used in Internet system does not have the user identification information on the communication data, and it is difficult to supervise the user performing the above acts immediately. As a study for solving the above problem, there is the study of Policy Based Network Management (PBNM). This is the scheme for managing a whole Local Area Network (LAN) through communication control for every user. In this PBNM, two types of schemes exist. As one scheme, we have studied theoretically about the Destination Addressing Control System (DACS) Scheme with affinity with existing internet. By applying this DACS Scheme to Internet system management, we will realize the policy-based Internet system management. In this paper, to realize management of the specific domain with some network groups with plural organizations, the policy information decision processes applied for this scheme are considered and described.
Die Diplomarbeit [Woh00] stellt einen Entwurf für eine Bibliothek zur Verwaltung öffentlicher Schlüssel vor. Die Bibliothek unterstützt ihren Benutzer bei seiner Entscheidung, ob ein bestimmter öffentlicher Schlüssel von ihm für authentisch gehalten werden kann. Dieses Dokument stellt einen Katalog dar, der Antworten auf Fragen zu dem Entwurf dieser Bibliothek beinhaltet. Desweiteren wird auf die betrachteten Anwendungen CORAL, XSB, EXODUS, OpenLDAP und einem Compiler für Open-PGP eingegangen. Es werden die Erfahrungen beschrieben, die während der Arbeit mit diesen Anwendungen aufgetreten sind.
In the current Internet system, there are many problems using anonymity of the network communication such as personal information leaks and crimes using the Internet system. This is why TCP/IP protocol used in Internet system does not have the user identification information on the communication data, and it is difficult to supervise the user performing the above acts immediately. As a study for solving the above problem, there is the study of Policy Based Network Management (PBNM). This is the scheme for managing a whole Local Area Network (LAN) through communication control for every user. In this PBNM, two types of schemes exist. The first is the scheme for managing the whole LAN by locating the communication control mechanisms on the path between network servers and clients. The second is the scheme of managing the whole LAN by locating the communication control mechanisms on clients. As the second scheme, we have studied theoretically about the Destination Addressing Control System (DACS) Scheme. By applying this DACS Scheme to Internet system management, we will realize the policy-based Internet system management. In this paper, the explanation about the scheme to manage the specific domain is performed. In this scheme, the scheme to manage the network group of plural organizations is expanded.
In the current Internet system, there are many problems using anonymity of the network communication such as personal information leaks and crimes using the Internet system. This is why TCP/IP protocol used in Internet system does not have the user identification information on the communication data, and it is difficult to supervise the user performing the above acts immediately. As a study for solving the above problem, there is the study of Policy Based Network Management (PBNM). This is the scheme for managing a whole Local Area Network (LAN) through communication control for every user. In this PBNM, two types of schemes exist. The first is the scheme for managing the whole LAN by locating the communication control mechanisms on the path between network servers and clients. The second is the scheme of managing the whole LAN by locating the communication control mechanisms on clients. As the second scheme, we have studied theoretically about the Destination Addressing Control System (DACS) Scheme. By applying this DACS Scheme to Internet system management, we will realize the policy-based Internet system management. In this paper, as the progression phase for the last goal, we perform the load experiment of the cloud type virtual PBNM named the vDACS Scheme, which can be used by plural organizations, for applications to the small and medium size scale organization. The number of clients used in an experiment is 600.
KeywordsPolicy-based network managementDACS schemeNAPT
In the current Internet system, there are many problems using anonymity of the network communication such as personal information leaks and crimes using the Internet system. This is why TCP/IP protocol used in Internet system does not have the user identification information on the communication data, and it is difficult to supervise the user performing the above acts immediately. As a study for solving the above problem, there is the study of Policy Based Network Management (PBNM). This is the scheme for managing a whole Local Area Network (LAN) through communication control for every user. In this PBNM, two types of schemes exist. The first is the scheme for managing the whole LAN by locating the communication control mechanisms on the path between network servers and clients. The second is the scheme of managing the whole LAN by locating the communication control mechanisms on clients. As the second scheme, we have studied theoretically about the Destination Addressing Control System (DACS) Scheme. By applying this DACS Scheme to Internet system management, we will realize the policy-based Internet system management. In this paper, as the progression phase for the last goal, we perform the load experiment of the cloud type virtual PBNM named the vDACS Scheme, which can be used by plural organizations, for applications to the small and medium size scale organization. The number of clients used in an experiment is 300.
In the current Internet system, there are many problems using anonymity of the network communication such as personal information leaks and crimes using the Internet system. This is why TCP/IP protocol used in Internet system does not have the user identification information on the communication data, and it is difficult to supervise the user performing the above acts immediately. As a study for solving the above problem, there is the study of Policy Based Network Management (PBNM). This is the scheme for managing a whole Local Area Network (LAN) through communication control for every user. In this PBNM, two types of schemes exist. The first is the scheme for managing the whole LAN by locating the communication control mechanisms on the path between network servers and clients. The second is the scheme of managing the whole LAN by locating the communication control mechanisms on clients. As the second scheme, we have studied theoretically about the Destination Addressing Control System (DACS) Scheme. By applying this DACS Scheme to Internet system management, we will realize the policy-based Internet system management. In this paper, as the progression phase for the last goal, we perform the load experiment of the cloud type virtual PBNM named the vDACS Scheme, which can be used by plural organizations, for applications to the small and medium size scale organization. The number of clients used in an experiment is 200.
In the current Internet-based systems, there are many problems using anonymity of the network communication such as personal information leak and crimes using the Internet systems. This is because the TCP/IP protocol used in Internet systems does not have the user identification information on the communication data, and it is difficult to supervise the user performing the above acts immediately. As a solution for solving the above problem, there is the approach of Policy-based Network Management (PBNM). This is the scheme for managing a whole Local Area Network (LAN) through communication control of every user. In this PBNM, two types of schemes exist. The first is the scheme for managing the whole LAN by locating the communication control mechanisms on the course between network servers and clients. The second is the scheme of managing the whole LAN by locating the communication control mechanisms on clients. As the second scheme, we have been studied theoretically about the Destination Addressing Control System (DACS) Scheme. By applying this DACS Scheme to Internet system management, we realize the policy-based Internet system management. In this paper, we show the DACS system theoretically.
In an ideal environment, physicians and others involved in cancer research and patient care would have easy access to needed information. Common sense, the Health Information Portability and Accountability Act (HIPAA), and related regulations demand that we defend such information from inappropriate modification and retrieval, thus protecting patient safety, the integrity of study results, and the privacy of patient health records. The challenge is deciding which information to protect, what kinds of protection to establish for each type of information, and who should have access to or permission to modify the data. Only when we establish such policies can we apply technical measures to provide appropriate safeguards.
In this article we will discuss the requirements of security toolkits for open networks, explain some important technical details and give a perspective on modern security technology. To illustrate these issues we will focus on the current and future development of SECUDE. We will give a brief overview of the SECUDE [16] structure, emphasize the latest developments and new security APIs, such as improvements in the CRYPT-API, the integration of new smartcards, the Directory access via LDAP, the support of X.509v3 certificates and new security features like GSSv2, PKCS#7,10, S/MEME, BAKO and SURE.
Grids bestaan uit een verzameling reken- en opslagelementen die geografisch verspreid kunnen zijn, maar waarvan men de gezamenlijke capaciteit wenst te benutten. Daartoe dienen deze elementen verbonden te worden met een netwerk. Vermits veel wetenschappelijke applicaties gebruik maken van een Grid, en deze applicaties doorgaans grote hoeveelheden data verwerken, is het noodzakelijk om een netwerk te voorzien dat dergelijke grote datastromen op betrouwbare wijze kan transporteren. Optische transportnetwerken lenen zich hier uitstekend toe. Grids die gebruik maken van dergelijk netwerk noemt men lambda Grids. Deze thesis beschrijft een kader waarin het ontwerp en dimensionering van optische netwerken voor lambda Grids kunnen beschreven worden. Ook wordt besproken hoe werklast kan verdeeld worden op een Grid eens die gedimensioneerd is. Een groot deel van de resultaten werd bekomen door simulatie, waarbij gebruik gemaakt wordt van een eigen Grid simulatiepakket dat precies focust op netwerk- en Gridelementen. Het ontwerp van deze simulator, en de daarbijhorende implementatiekeuzes worden dan ook uitvoerig toegelicht in dit werk.
ABSTRAK Jurusan Teknik Infomatika merupakan suatu organisasi yang menggunakan jaringan komputer yang diakses dari beberapa domain dan menggunakan sistem operasi terpisah. Masing-masing sistem tersebut menggunakan pengelolaan autentikasi yang terpisah, dengan kenyataan bahwa seharusnya dapat diakses oleh setiap anggota organisasi ini. Kebutuhan pengguna dan pengelola jaringan akan efisiensi pemakaian informasi autentikasi menjadi permasalahan yang akan dibahasa dana makalah ini. Pada makalah ini, dilakukan analisis kemungkinan dilakukannya otentikasi terintegrasi pada jaringan komputer Teknik Informatika yang menggunakan Windows 2000, Linux, dan Novell Netware. Analisis dilakukan dengan meninjau kemampuan integrasi direktori, metode otentikasi, dan kerjasama dengan sistem lain. Dari hasil pemetaan terhadap kebutuhan dan ketersediaan sumber daya teknologi pada jurusan, dipilih solusi otentikasi menggunakan Samba dan OpenLDAP untuk melayani permintaan otentikasi dari Windows 2000 dan Linux. Uji coba telah dilakukan untuk otentikasi client Windows 2000 dan Linux , mencakup login dari masing-masing sistem operasi, domain yang berbeda, menggunakan satu username dan password. Uji coba juga dilakukan terhadap proses pemeliharaan sistem oleh administrator sistem.
In the current Internet-based systems, there are many problems using anonymity of the network communication such as personal information leak and crimes using the Internet systems. As a solution for solving the above problem, there is the approach of Policy-based Network Management (PBNM). This is the scheme for managing a whole Local Area Network (LAN) through communication control of every user. As a scheme of PBNM, we have been studied theoretically about the Destination Addressing Control System (DACS) Scheme. By applying this DACS Scheme to Internet system management, we intend to realize the policy-based Internet system management finally. In the DACS Scheme, inspection is not done about compatibility to cloud environment with virtualization technology that spreads explosively. As the result, the coverage of the DACS Scheme is limited only in physical environment now. In this study, we inspect compatibility of the DACS Scheme for the cloud environment with virtualization technology, and enlarge coverage of this scheme.
ResearchGate has not been able to resolve any references for this publication.