reproduction of the work for educational or research purposes. This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. For more information about the USENIX Association:

Firewalls are hardware and software systems that protect a corporate network from attacks coming from the outside Internet. Despite their critical role, firewall systems are tested without well-defined and effective methodologies. In particular, field testing is performed using simple checklists of vulnerabilities without taking into account the particular topology and configuration of the firewall's target operational environment. We propose a firewall testing methodology based on a formal model of networks that allows the test engineer to model the network environment of the firewall system, to prove formally that the topology of the network verifies the sufficient conditions for protection against attacks, and to build test cases to verify that protections are actually in place. KEYWORDS Network security, testing methodologies, firewalls, formal methods 1 INTRODUCTION The Internet has evolved from a research network to a world-wide communication infrastructure that connects subn...

A Protocol Reference Model is an abstraction of the communication subsystem of a system. Thus, it is appropriate to focus on the protocol reference model when examining the issue of secure communications. In this paper, we discuss some issues in incorporating security services into a protocol reference model. The security services considered are authentication, confidentiality, integrity and access control. We adopt a functional definition for a protocol reference model in terms of the communication services it provides at various layers. We then present two perspectives towards reasoning about the incorporation of security services into a protocol reference model: a perspective that centers on the security requirements, and another that centers on the communication services already present in the protocol reference model. Existing work focuses on the first approach. We focus on the second approach, that is, on the issue of how well a security service slated for incorporation meshes i...

In recent times the profile of intruder attacks has changed significantly. The skilled crackers are getting more skillful and developing new attack methods, while the wide spread availability of cracker tools and exploit information is allowing inexperienced intruders and computer crackers many opportunities. Many of these attacks can be avoided as there are well known solutions and workarounds available. This article examines trends in intruder activity and techniques observed in Australia and New Zealand. 1 Introduction Being the focus of a computer criminal's attention is a place no organisation likes to be in. Unfortunately, with the ever expanding usage of the Internet, the number of sites being attacked is increasing. Many of these attacks try to exploit well known vulnerabilities and will often be repelled if the appropriate patches and workarounds have been applied. Although it is possible to repel many attacks, sites often leave themselves in a vulnerable state and intruders...

In recent years packet-filtering firewalls have seen some impressive technological advances (e.g., stateful inspection, transparency, performance, etc.) and wide-spread deployment. In contrast, firewall and security management technology is lacking. In this paper we present Firmato, a firewall management toolkit, with the following distinguishing properties and components: (1) an entity-relationship model containing, in a unified form, global knowledge of the security policy and of the network topology; (2) a model definition language, which we use as an interface to define an instance of the entity-relationship model; (3) a model compiler, translating the global knowledge of the model into firewall-specific configuration files; and (4) a graphical firewall rule illustrator. We demonstrate Firmato's capabilities on a realistic example, thus showing that firewall management can be done successfully at an appropriate level of abstraction. We implemented our toolkit to work with a commerc...

lman q Encrypted_Message = Encrypt(Key1, Message) q Message = Decrypt(Key2, Encrypted_Message) Text Ciphertext Ciphertext Text Key1 Key2 Raj Jain The Ohio State University 31-6 Public Key Encryption: Example Public Key Encryption: Example Public Key Encryption: Example q RSA: Encrypted_Message = m 3 mod 187 q Message = Encrypted_Message 107 mod 187 q Key1 = <3,187>, Key2 = <107,187> q Message = 5 q Encrypted Message = 5 3 = 125 q Message = 125 107 mod 187 = 125 (64+32+8+2+1) mod 187 = (125 64 mod 187)(125 32 mod 187)... (125 2 mod 187)(125) = 5 Raj Jain The Ohio State University 31-7 Public Key (Cont) Public Key (Cont) Public Key (Cont)<F21.12

The project is implementing a firewall on a computer running the Linux operating system using the TIS firewall toolkit. This computer is connected to a local Ethernet and, via modem, to the Internet. The firewall should make sure, that each user of the internal network can access services on the Internet, but that users from outside can not attack the computers on the internal network. Therefore a security strategy has to be established and later implemented. Contents 1

This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. This handbook is a guide to developing computer security policies and procedures for sites that have systems on the Internet. The purpose of this handbook is to provide practical guidance to administrators trying to secure their information and services. The subjects covered include policy content and formation, a broad range of technical system and network security topics, and security incident

This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. This handbook is a guide to developing computer security policies and procedures for sites that have systems on the Internet. The purpose of this handbook is to provide practical guidance to administrators trying to secure their information and services. The subjects covered include policy content and formation, a broad range of technical system and network security topics, and security incident

Any UNIX system administrator or network manager on a tight budget, but with a need for stable, high-performance network servers, is prompted to consider alternatives to conventional commercial operating systems. While FreeBSD and similar systems obviously offer inexpensive alternatives for UNIX-like workstations and servers, their suitability from a security perspective may be less obvious. This article explores FreeBSD's security features with an eye toward assisting you in making a decision about whether it is suitable for your requirements. Before launching into an exploration of FreeBSD, suffice it to say that the relationship of UNIX to Internet security is a massive topic. There are numerous books and other resources that discuss various elements of the subject, some of which are included in the Resource List at the end of this article. In particular, the interested reader is referred to Practical UNIX and Internet Security [5] and Firewalls and Internet Security [4], which are two of many well-known books on this topic. Features of FreeBSD and Relatives FreeBSD offers several features not usually found in stock UNIX-like systems. Some of these features are common to other BSD-derived systems (NetBSD and OpenBSD) or Linux, so one may wish to consult the system's documentation to see whether these features are available. System Security Levels UNIX system security has suffered from the all-powerful access given to the root-privileged user. Once a cracker obtains root privileges, the entire system becomes vulnerable to the cracker. The 4.4BSD-derived systems offer a new security feature called "system security levels " (see the man page for init(8) for details on these security levels). Raised system security levels prevent certain actions on a system irrespective of a user's privilege. Used properly, this can prevent an assortment of system compromises, including the introduction of Trojan horses and back doors into system binaries and modification of configuration files.