Auflistung nach Autor:in "Frings, Sandra"
1 - 10 von 55
Treffer pro Seite
Sortieroptionen
- KonferenzbeitragAbout the role of IT security in the information society(IMF 2007: IT-Incident Management & IT-Forensics, 2007) Brunnstein, Klaus
- KonferenzbeitragAttaking test and online forensics in IPv6 networks(IMF 2008 – IT Incident Management & IT Forensics, 2008) Wu, Liu; Hai-Xin, Duan; Tao, Lin; Xing, Li; Jian-Ping, WuAlthough IPv6 protocol has considered and implemented more security mechanisms compared with IPv4, there are still many security threatens in Ipv6 Networks. Being one of the key protocols in IPv6, the Internet Control Message Protocol (ICMPv6) suffers from severe security risks. In this paper we construct an IPv6 attacking test system ATS_ICMP_6 exploiting the ICMPv6 Unreachable Message, which shows that the security of IPv6 protocol is still very weak. In the other hand, we has designed and implemented a network forensics prototype 6Foren in IPv6 environment based on the protocol analysis technology, its functions include packet capture, data reconstruct and messages replay etc. the 6Foren can be used as the online digital forensics which support the online forensic of HTTP, FTP, SMTP and POP3 protocols.
- KonferenzbeitragAutomated resolving of security incidents as a key mechanism to fight massive infections of malicious software(IT-Incident Management & IT-Forensics - IMF 2006, 2006) Kaiser, Jochen; Vitzthum, Alexander; Holleczek, Peter; Dressler, FalkoToday, many end systems are infected with malicious software (malware). Often, infections will last for a long time due to missing (auto- mated) detection or insufficient user knowledge. Even large organizations usually do not have the necessary security staff to handle all affected computers. Obviously, automated infections with malicious software cannot be handled by manual repair; new approaches are needed. One way to encounter automatic mass infections is to semi-automate the incident management. Less important security incidents should be handled by the user himself while serious incidents should be forwarded to qualified personal. To enable the end user resolving his own security incidents, both organizational and technical information have to be provided in a comprehensible way. This paper describes PRISM (Portal for Reporting Incidents and Solution Management), which consists of several components addressing the goal: a unit receiving security incidents in the IDMEF format, a component containing the logic for handling security incidents and corresponding remedies, and a component generating dynamic web pages presenting adequate solutions for recorded security incidents. PRISM was verified using case studies for universities, companies and end-user/provider scenarios.
- KonferenzbeitragBuilding a runtime state tracing kernel(IMF 2008 – IT Incident Management & IT Forensics, 2008) Chakravarthy, Ananth; Vaidya, Vinay G.A process is run by executing a sequence of instuctions by the processor However it is probable that not all of the instructions are executed as there are hundreds of paths that can be taken by the executable to complete ist execution. The path chosen is dependent on a host of factors like the environment, user input, the platform etc. As such, at any given instant of time, the process might be in any of the possible states Sn after traversing states S1, S2, S3 .. where S1, S2, S3 .....Sn, Sn+1, Sn+2,..SM depict the total M states that can be taken by the executable. There is no mechanism currently inside the LINUX kernel to peek into the state of the process to find out which if these states is it currently in and what are the states it has "traversed" to reach the current state while is is executing. If such an effective tracing can be achieved, it would lead to better operating system security. Other advantages are better logs or even building a verifiable software system. This paper looks at the infrastructure that has been developed to realize such a functionality in the Linux kernel and thereby increase the security of the running process. Of particular mention is the framework that has been developed to peek into the state of a running process as it executes and the various mechanisms that could be used to ascertain the state of the running process.
- KonferenzbeitragCarmentiS: A Co-Operative Approach Towards Situation Awareness and Early Warning for the Internet(IT-Incident Management & IT-Forensics - IMF 2006, 2006) Grobauer, Bernd; Mehlau, Jens Ingo; Sander, JürgenAbstract. Although plenty of organizations collect sensor data such as IDS alerts or darknet flows, local analysis has its definite limits when it comes to derive conclusions about happenings and trends within the Internet as a whole. CarmentiS, a joint effort of the early warning working group within the German CERT association, provides an infrastructure and organizational framework for sharing, correlating and cooperatively analyzing sensor data. The infrastructure allows organizations to submit sensor data – at the moment, net flows and IDS alerts are treated – over a secure channel to a central database. Cooperative analysis of the data is made possible via a secure web front end allowing analysts of participating CERTs to create and execute analysis profiles as well as share and discuss analysis results. Thus correlating sensor data and pooling know how and resources for analysis from different sites, CarmentiS provides a framework for a co-operative approach towards situation awareness and early warning for the Internet. This article gives an overview of the CarmentiS infrastructure and organizational framework, and describes the current status of the project. It also addresses open questions that can only be solved by experimenting with co-operative analysis and gives an outlook of possible further developments of the CarmentiS approach towards improved situation awareness and early warning.
- KonferenzbeitragA case study on constructing a security event management system(IMF 2007: IT-Incident Management & IT-Forensics, 2007) Gurbani, Vijay K.; Cook, Debra L.; Menten, Lawrence E.; Reddlington, Thomas B.
- KonferenzbeitragA common process model for incident response and computer forensics(IMF 2007: IT-Incident Management & IT-Forensics, 2007) Freiling, Felix C.; Schwittay, Bastian
- KonferenzbeitragA Comparative Study of Teaching Forensics at a University Degree Level(IT-Incident Management & IT-Forensics - IMF 2006, 2006) Anderson, Philip; Dornseif, Maximillian; Freiling, Felix C.; Holz, Thorsten; Irons, Alastair; Laing, Christopher; Mink, MartinComputer forensics is a relatively young University discipline which has developed strongly in the United States and the United Kingdom but is still in its infancy in continental Europe. The national programmes and courses offered therefore differ in many ways. We report on two recently established degree programmes from two European countries: Great Britain and Germany. We present and compare the design of both programmes and conclude that they cover two complementary and orthogonal aspects of computer forensics education: (a) rigorous practical skills and (b) competence for fundamental research discoveries.
- KonferenzbeitragThe Contribution of Tool Testing to the Challenge of Responding to an IT Adversary(IT-Incident Management & IT-Forensics - IMF 2006, 2006) Lyle, James R.The investigator is being presented with more data and more types of data to analyze. The investigator cannot work without tools. Tools are needed to acquire and analyze the data and solve the case. If the accuracy of any tools is successfully challenged in a court of law, then any results based on the tools can be suppressed and not presented. Even if an investigation is not going to any formal proceeding, the investigator wants to know the limitations of any tools used in an investigation. This can best be accomplished by an independent assessment of the tools. This paper describes the Computer Forensics Tool Testing (CFTT) project at the National Institute of Standards and Technology (NIST) in the United States. Currently, the CFTT project is developing tool specifications, test plans, test procedures, and test sets. The results provide the information necessary for toolmakers to improve tools, for users to make informed choices about acquiring and using computer forensics tools, and for interested parties to understand the tools capabilities. Our approach for testing computer forensic tools is based on well-recognized international methodologies for conformance testing and quality testing
- KonferenzbeitragDetecting New Patterns of Attacks — Results and Applications of Large Scale Sensoring Networks(IT-Incident Management & IT-Forensics - IMF 2006, 2006) Voss, Torsten; Kossakowski, Klaus-PeterIt is still not clear, how large scale sensoring networks can be turned into useful ressources of incident response teams. Recent research has shown that the work of incident response teams is clearly exposed to denial of service attacks if the handling of low number / high priority incidents is not separated from the work related to high number / low priority incidents [WK05]. This would imply that handling the magnitude of data coming from large scale sensoring networks will pose concrete operational problems to any incident response team dealing with it. While there are some strategies to mitigate this problem, we believe that only selecting the ’interesting’ events through filtering is not good enough and give away useful insights that are inside the data but not yet obviously visible for an unaware observer. Therefore our research objective is to identify successful strategies of how to extract useful data automatically out of large data sets. So far we have succeeded to improve a suggested algorithm and test it’s application in an operational setting. This paper will outline the algorithm, any improvement made as well as the key insights in it’s application.