Practical Approach for Securing Windows Environment : Attack Vectors and Countermeasures

Abdurrahman Pektas and Ertugrul Basaranoglu, 

Galatasaray University, Turkey

ABSTRACT 

Today, with the advancement of information technology, companies need to use many technologies, platforms, systems and applications to effectively maintain their daily operations. This technology dependence has created a serious complexity in the business network which increases the attack surface and attracts cyber criminal’s attention. As a result, the number of cyber-attacks targeting corporate environment is dramatically increased. To identify security holes in a network, penetration tests are performed by internal sources (employees) and external sources (outsource companies or third parties). Microsoft domain penetration testing,is one of the most important scopes of penetration testing, which aims to expose the weaknesses in Microsoft domain environment. If the domain environment is not structured securely, it can be abused by attackers and causes serious damage to the organization. In this study, we present a penetration methodology for Windows domain environment called MSDEPTM providing key metrics for Microsoft domain penetration testing. More specifically, the fundamental steps of the attack vectors from the hacker point of view, root causes of these attacks, and countermeasures against the attacks are discussed. 

KEYWORDS 

Penetration testing, Microsoft domain environment, securing Windows, information security, vulnerability assessment  

For More Details:http://aircconline.com/ijnsa/V9N6/9617ijnsa02.pdf

Effectiveness and Weakness of Quantified/Automated Anomaly Based IDs

HidemaTanaka 

National Defense Academy of Japan

ABSTRACT 

We shall discuss new problems of quantification/automation of anomaly-based Intrusion Detection System(IDS). We shall analyze effectiveness and weakness using our proposal method as an example, and derive new attack scenario. Development of anomaly-based IDS is necessary for correspondence to a high network attack, however, we shall show that it makes new different problems at the same time. In this paper, we shall discuss some attack scenario which makes invalidate our detection. As the result, we conclude that it is difficult to prevent such attacks technically, and security requirements for operation side become serious.

KEYWORDS

Anomaly-based intrusion detection system, Automated IDS, Discrete Fourier Transform, Spectrum analysis, Kyoto2006+ dataset 

For More Details:http://aircconline.com/ijnsa/V9N6/9617ijnsa01.pdf

Protecting Privacy in VANETs Using Mix Zones with Virtual Pseudonym Change

Belal Amro 

Hebron University 

ABSTRACT 

Vehicular ad hoc networks VANETs use pseudonyms to communicate among them and with roadside units, these pseudonyms are used to authenticate these vehicles and to hide real identities behind these pseudonyms, to better enhance privacy, these pseudonyms are changed frequently so that it will not be that easy to link these pseudonyms together and hence reveal real identities. However, changing pseudonyms will not be that useful if previous and current pseudonyms are easily linked together. Therefore different techniques have been proposed to hide the pseudonym changes and make it difficult to link pseudonyms together. Most of these techniques do not fully quarantine privacy when changing a pseudonym under some situations such as low traffic. In this paper, we provide a technique for changing pseudonyms that have the same privacy level under all traffic conditions. The technique relies on fixed mixing zones that are planted and distributed over the roads. By this technique, a vehicle guarantees a high level of security when changing its pseudonym at that mix zone which will make it very difficult for an adversary to link particular pseudonyms together and hence reveal real identity. Performance analysis showed that our model works efficiently with very few computational costs.

 KEYWORDS 

VANETS, privacy, pseudonyms, mix zone, security

For More Details:http://aircconline.com/ijnsa/V10N1/10118ijnsa02.pdf

Click Spam Prevention Model for Online Advertisement

Nicola Zingirian and Michele Benini Department of Information Engineering, University of Padova, Italy 

ABSTRACT 

This paper shows a vulnerability of the pay-per-click accounting of Google Ads and proposes a statistical tradeoff-based approach to manage this vulnerability. The result of this paper is a model to calculate the overhead cost per click necessary to protect the subscribers and a simple algorithm to implement this protection. Simulations validate the correctness of the model and the economical applicability. 

KEYWORDS 

Pay-per-click Advertising, Google Ads, Web Advertising, Click Spam, Web Security 

For More Details :http://aircconline.com/ijnsa/V10N1/10118ijnsa01.pdf