Logo des Repositoriums

Auflistung nach Autor:in "Schadt, Dirk"

1 - 10 von 40
  • Konferenzbeitrag
    About the role of IT security in the information society
    (IMF 2007: IT-Incident Management & IT-Forensics, 2007) Brunnstein, Klaus
  • Konferenzbeitrag
    Attaking test and online forensics in IPv6 networks
    (IMF 2008 – IT Incident Management & IT Forensics, 2008) Wu, Liu; Hai-Xin, Duan; Tao, Lin; Xing, Li; Jian-Ping, Wu
    Although IPv6 protocol has considered and implemented more security mechanisms compared with IPv4, there are still many security threatens in Ipv6 Networks. Being one of the key protocols in IPv6, the Internet Control Message Protocol (ICMPv6) suffers from severe security risks. In this paper we construct an IPv6 attacking test system ATS_ICMP_6 exploiting the ICMPv6 Unreachable Message, which shows that the security of IPv6 protocol is still very weak. In the other hand, we has designed and implemented a network forensics prototype 6Foren in IPv6 environment based on the protocol analysis technology, its functions include packet capture, data reconstruct and messages replay etc. the 6Foren can be used as the online digital forensics which support the online forensic of HTTP, FTP, SMTP and POP3 protocols.
  • Konferenzbeitrag
    Automated resolving of security incidents as a key mechanism to fight massive infections of malicious software
    (IT-Incident Management & IT-Forensics - IMF 2006, 2006) Kaiser, Jochen; Vitzthum, Alexander; Holleczek, Peter; Dressler, Falko
    Today, many end systems are infected with malicious software (malware). Often, infections will last for a long time due to missing (auto- mated) detection or insufficient user knowledge. Even large organizations usually do not have the necessary security staff to handle all affected computers. Obviously, automated infections with malicious software cannot be handled by manual repair; new approaches are needed. One way to encounter automatic mass infections is to semi-automate the incident management. Less important security incidents should be handled by the user himself while serious incidents should be forwarded to qualified personal. To enable the end user resolving his own security incidents, both organizational and technical information have to be provided in a comprehensible way. This paper describes PRISM (Portal for Reporting Incidents and Solution Management), which consists of several components addressing the goal: a unit receiving security incidents in the IDMEF format, a component containing the logic for handling security incidents and corresponding remedies, and a component generating dynamic web pages presenting adequate solutions for recorded security incidents. PRISM was verified using case studies for universities, companies and end-user/provider scenarios.
  • Report
    Berücksichtigung von IT-Sicherheit in der beruflichen Aus- und Weiterbildung (September 2008)
    (2008) Donabauer, Bernd; Dostal, Werner; Johlen, Dietmar; Löhr, Klaus-Peter; Schadt, Dirk; Hansen, Marit; Weck, Gerhard
    Die Sicherheit von IT-Systemen und IT-Infrastrukturen sowie der sichere Umgang mit IT wurden lange Zeit vernachlässigt, werden aber zunehmend als unverzichtbar sowohl für die private Nutzung von IT als auch für die Informationssicherheit in Unternehmen und Institutionen erkannt. Die Gesellschaft für Informatik hat im Oktober 2006 auf das Ausbildungsdefizit bei der IT-Sicherheit hingewiesen und Empfehlungen zur Verbesserung der Ausbildungs- situation in Schulen und Hochschulen veröffentlicht. Sie hält es außerdem für erforderlich, dass das Thema in der beruflichen Aus- und Weiterbildung berücksichtigt wird. Drei Bereiche werden identifiziert: Berufliches Schulwesen, berufliche Weiterbildung, Ausbildung zum Datenschutzbeauftragten.
  • Konferenzbeitrag
    Building a runtime state tracing kernel
    (IMF 2008 – IT Incident Management & IT Forensics, 2008) Chakravarthy, Ananth; Vaidya, Vinay G.
    A process is run by executing a sequence of instuctions by the processor However it is probable that not all of the instructions are executed as there are hundreds of paths that can be taken by the executable to complete ist execution. The path chosen is dependent on a host of factors like the environment, user input, the platform etc. As such, at any given instant of time, the process might be in any of the possible states Sn after traversing states S1, S2, S3 .. where S1, S2, S3 .....Sn, Sn+1, Sn+2,..SM depict the total M states that can be taken by the executable. There is no mechanism currently inside the LINUX kernel to peek into the state of the process to find out which if these states is it currently in and what are the states it has "traversed" to reach the current state while is is executing. If such an effective tracing can be achieved, it would lead to better operating system security. Other advantages are better logs or even building a verifiable software system. This paper looks at the infrastructure that has been developed to realize such a functionality in the Linux kernel and thereby increase the security of the running process. Of particular mention is the framework that has been developed to peek into the state of a running process as it executes and the various mechanisms that could be used to ascertain the state of the running process.
  • Konferenzbeitrag
    CarmentiS: A Co-Operative Approach Towards Situation Awareness and Early Warning for the Internet
    (IT-Incident Management & IT-Forensics - IMF 2006, 2006) Grobauer, Bernd; Mehlau, Jens Ingo; Sander, Jürgen
    Abstract. Although plenty of organizations collect sensor data such as IDS alerts or darknet flows, local analysis has its definite limits when it comes to derive conclusions about happenings and trends within the Internet as a whole. CarmentiS, a joint effort of the early warning working group within the German CERT association, provides an infrastructure and organizational framework for sharing, correlating and cooperatively analyzing sensor data. The infrastructure allows organizations to submit sensor data – at the moment, net flows and IDS alerts are treated – over a secure channel to a central database. Cooperative analysis of the data is made possible via a secure web front end allowing analysts of participating CERTs to create and execute analysis profiles as well as share and discuss analysis results. Thus correlating sensor data and pooling know how and resources for analysis from different sites, CarmentiS provides a framework for a co-operative approach towards situation awareness and early warning for the Internet. This article gives an overview of the CarmentiS infrastructure and organizational framework, and describes the current status of the project. It also addresses open questions that can only be solved by experimenting with co-operative analysis and gives an outlook of possible further developments of the CarmentiS approach towards improved situation awareness and early warning.
  • Konferenzbeitrag
    A case study on constructing a security event management system
    (IMF 2007: IT-Incident Management & IT-Forensics, 2007) Gurbani, Vijay K.; Cook, Debra L.; Menten, Lawrence E.; Reddlington, Thomas B.
  • Konferenzbeitrag
    A common process model for incident response and computer forensics
    (IMF 2007: IT-Incident Management & IT-Forensics, 2007) Freiling, Felix C.; Schwittay, Bastian
  • Konferenzbeitrag
    A Comparative Study of Teaching Forensics at a University Degree Level
    (IT-Incident Management & IT-Forensics - IMF 2006, 2006) Anderson, Philip; Dornseif, Maximillian; Freiling, Felix C.; Holz, Thorsten; Irons, Alastair; Laing, Christopher; Mink, Martin
    Computer forensics is a relatively young University discipline which has developed strongly in the United States and the United Kingdom but is still in its infancy in continental Europe. The national programmes and courses offered therefore differ in many ways. We report on two recently established degree programmes from two European countries: Great Britain and Germany. We present and compare the design of both programmes and conclude that they cover two complementary and orthogonal aspects of computer forensics education: (a) rigorous practical skills and (b) competence for fundamental research discoveries.
  • Konferenzbeitrag
    The Contribution of Tool Testing to the Challenge of Responding to an IT Adversary
    (IT-Incident Management & IT-Forensics - IMF 2006, 2006) Lyle, James R.
    The investigator is being presented with more data and more types of data to analyze. The investigator cannot work without tools. Tools are needed to acquire and analyze the data and solve the case. If the accuracy of any tools is successfully challenged in a court of law, then any results based on the tools can be suppressed and not presented. Even if an investigation is not going to any formal proceeding, the investigator wants to know the limitations of any tools used in an investigation. This can best be accomplished by an independent assessment of the tools. This paper describes the Computer Forensics Tool Testing (CFTT) project at the National Institute of Standards and Technology (NIST) in the United States. Currently, the CFTT project is developing tool specifications, test plans, test procedures, and test sets. The results provide the information necessary for toolmakers to improve tools, for users to make informed choices about acquiring and using computer forensics tools, and for interested parties to understand the tools capabilities. Our approach for testing computer forensic tools is based on well-recognized international methodologies for conformance testing and quality testing