The Experts below are selected from a list of 720 Experts worldwide ranked by ideXlab platform
Reza Askari Moghadam - One of the best experts on this subject based on the ideXlab platform.
-
Increasing overall network security by integrating signature-based NIDS with Packet Filtering Firewall
IJCAI International Joint Conference on Artificial Intelligence, 2009Co-Authors: Hamed Salehi, Hossein Shirazi, Reza Askari MoghadamAbstract:Today network intrusion detection and intrusion prevention system (NIDS/IPS) are considered as one of the hottest topics in computer security. On the other side Firewalls have optimized several times and different types have been introduced. Today by integrating NIDS and Firewall a new product comes to the market, which is called IPS. IPSs protect information systems from unauthorized access, damage or disruption. They are installed on network primary point and perform deep Packet inspection (6 layers) so the hardware should be fast enough to sit almost invisibly within the network. This policy requires expensive hardware which is based on multiple server processor technology. It also needs appropriate changes in network design and policies. The cost may not be so reasonable for medium and small size companies. In this paper we are going to implement some kind of integration between signature-based NIDS and Packet Filtering Firewalls which would increase the overall security by a reasonable cost in compare with modern IPSs. We try to conclude this by optimizing snort as a famous open source NIDS with a sample Firewall program in Linux which is implemented by means of IPTABLES commands. The data is transferred in standard XML format. We also test the model by standard DARPA99 data sets and the results are satisfied.
Fraboul Christian - One of the best experts on this subject based on the ideXlab platform.
-
Extending Firewall Session Table to Accelerate NAT, QoS Classification and Routing
2009Co-Authors: Mostafa Mahmoud, Anas Abou El Kalam, Fraboul ChristianAbstract:security and QoS are the two most precious objectives for network systems to be attained. Unfortunately, they are in conflict, while QoS tries to minimize processing delay, strong security protection requires more processing time and cause Packet delay. This article is a step towards resolving this conflict by extending the Firewall session table to accelerate NAT, QoS classification, and routing processing time while providing the same level of security protection. Index Terms ? stateful Packet Filtering; Firewall; session/state table; QoS; NAT; Routing
-
Extending Firewall Session Table to Accelerate NAT, QoS Classification and Routing
HAL CCSD, 2009Co-Authors: Mostafa Mahmoud, Abou El Kalam Anas, Fraboul ChristianAbstract:International audiencesecurity and QoS are the two most precious objectives for network systems to be attained. Unfortunately, they are in conflict, while QoS tries to minimize processing delay, strong security protection requires more processing time and cause Packet delay. This article is a step towards resolving this conflict by extending the Firewall session table to accelerate NAT, QoS classification, and routing processing time while providing the same level of security protection. Index Terms — stateful Packet Filtering; Firewall; session/state table; QoS; NAT; Routing
Hamed Salehi - One of the best experts on this subject based on the ideXlab platform.
-
Increasing overall network security by integrating signature-based NIDS with Packet Filtering Firewall
IJCAI International Joint Conference on Artificial Intelligence, 2009Co-Authors: Hamed Salehi, Hossein Shirazi, Reza Askari MoghadamAbstract:Today network intrusion detection and intrusion prevention system (NIDS/IPS) are considered as one of the hottest topics in computer security. On the other side Firewalls have optimized several times and different types have been introduced. Today by integrating NIDS and Firewall a new product comes to the market, which is called IPS. IPSs protect information systems from unauthorized access, damage or disruption. They are installed on network primary point and perform deep Packet inspection (6 layers) so the hardware should be fast enough to sit almost invisibly within the network. This policy requires expensive hardware which is based on multiple server processor technology. It also needs appropriate changes in network design and policies. The cost may not be so reasonable for medium and small size companies. In this paper we are going to implement some kind of integration between signature-based NIDS and Packet Filtering Firewalls which would increase the overall security by a reasonable cost in compare with modern IPSs. We try to conclude this by optimizing snort as a famous open source NIDS with a sample Firewall program in Linux which is implemented by means of IPTABLES commands. The data is transferred in standard XML format. We also test the model by standard DARPA99 data sets and the results are satisfied.
Janura Dominik - One of the best experts on this subject based on the ideXlab platform.
-
Advanced Filtering operation in the Linux operating system
Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2011Co-Authors: Janura DominikAbstract:This thesis is oriented on the subject of advanced Filtering operations and network security under Linux operating system. It explains the procedure of creating a simple Packet Filtering Firewall using the netfilter framework and verifies its efectivity. It further examines the options of user identification in peer-to-peer networks using L7-Filtering. It contains design of a system that detects traffic in the most used P2P networks. This system’s function is attested by simulating a P2P traffic inside the local network
-
Advanced Filtering operation in the Linux operating system
Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2011Co-Authors: Janura DominikAbstract:Tato práce je zaměřená na problematiku filtrace síťového provozu a zabezpečení sítě v prostředí operačního systému Linux. Přibližuje postup sestavení jednoduchého paketového Firewallu využitím nástroje netfilter a ověřuje jeho efektivitu. Dále prověřuje možnosti identifikace uživatelů v peer-to-peer sítích pomocí L7-filtru. Obsahuje návrh systému, který detekuje provoz v nejpoužívanějších P2P sítích. Funkce tohoto systému je prověřena simulací příslušného P2P provozu v lokální síti.This thesis is oriented on the subject of advanced Filtering operations and network security under Linux operating system. It explains the procedure of creating a simple Packet Filtering Firewall using the netfilter framework and verifies its efectivity. It further examines the options of user identification in peer-to-peer networks using L7-Filtering. It contains design of a system that detects traffic in the most used P2P networks. This system’s function is attested by simulating a P2P traffic inside the local network.
Mostafa Mahmoud - One of the best experts on this subject based on the ideXlab platform.
-
Extending Firewall Session Table to Accelerate NAT, QoS Classification and Routing
2009Co-Authors: Mostafa Mahmoud, Anas Abou El Kalam, Fraboul ChristianAbstract:security and QoS are the two most precious objectives for network systems to be attained. Unfortunately, they are in conflict, while QoS tries to minimize processing delay, strong security protection requires more processing time and cause Packet delay. This article is a step towards resolving this conflict by extending the Firewall session table to accelerate NAT, QoS classification, and routing processing time while providing the same level of security protection. Index Terms ? stateful Packet Filtering; Firewall; session/state table; QoS; NAT; Routing
-
Extending Firewall Session Table to Accelerate NAT, QoS Classification and Routing
HAL CCSD, 2009Co-Authors: Mostafa Mahmoud, Abou El Kalam Anas, Fraboul ChristianAbstract:International audiencesecurity and QoS are the two most precious objectives for network systems to be attained. Unfortunately, they are in conflict, while QoS tries to minimize processing delay, strong security protection requires more processing time and cause Packet delay. This article is a step towards resolving this conflict by extending the Firewall session table to accelerate NAT, QoS classification, and routing processing time while providing the same level of security protection. Index Terms — stateful Packet Filtering; Firewall; session/state table; QoS; NAT; Routing
