Thomas M. Thomas

Bio: Thomas M. Thomas is an academic researcher. The author has contributed to research in topics: Internet Security Association and Key Management Protocol & Network security. The author has an hindex of 2, co-authored 3 publications receiving 99 citations.

OSPF Network Design Solutions

Abstract: From the Publisher: OSPF Network Design Solutions presents a detailed, applied look into the workings of the popular Open Shortest Path First protocol, demonstrating how to dramatically increase network performance, security, and the ease with which large-scale networks are maintained. OSPF is thoroughly explained through exhaustive coverage of network design, deployment, management, and troubleshooting.

Network security first-step

Abstract: 1. Here There Be Hackers! Essentials First: Looking for a Target. Hacking Innocent Information. Targets of Opportunity. Are You a Target of Opportunity? Targets of Choice. Are You a Target of Choice? The Process of an Attack. Reconnaissance and Footprinting (a.k.a. Casing the Joint). Scanning. Enumeration. Gaining Access. Application Attacks. Misconfiguration Attacks. Script Attacks. Escalating Privilege. Covering Tracks. Network Security Organizations. SANS. Center for Internet Security (CIS). SCORE. Internet Storm Center. ICAT Metabase. Security Focus. Learning from the Network Security Organizations. Overview of Common Attacks and Exploits. Chapter Summary. Chapter Review. 2. Security Policies and Responses. Defining Trust. Acceptable Use Policy. Policy Overview. Purpose. Scope General Use and Ownership. Security and Proprietary Information. Unacceptable Use. E-mail and Communications Activities. Enforcement. Conclusion. Password Policy. Overview. Purpose. Scope. General Policy. General Password Construction Guidelines. Password Protection Standards. Enforcement. Conclusion. Virtual Private Network (VPN) Security Policy. Scope. Policy. Conclusion. Extranet Connection Policy. Scope. Security Review. Third-Party Connection Agreement. Business Case. Point of Contact. Establishing Connectivity. Modifying or Changing Connectivity and Access. Terminating Access. Conclusion. ISO Certification and Security. Sample Security Policies on the Internet. Chapter Summary. Chapter Review. 3. Overview of Security Technologies. Security First Design Concepts. Packet Filtering via Access Control Lists (ACLs). Limitations of Packet Filtering. Stateful Packet Inspection (SPI). Detailed Packet Flow Using SPI. Limitations of Stateful Packet Inspection. Network Address Translation (NAT). NAT's Limitations. Proxies and Application Level Protection. Content Filters. Public Key Infrastructure (PKI). AAA Technologies. Authorization. Accounting. Remote Authentication Dial-In User Service (RADIUS). Terminal Access Controller Access Control System (TACACS). TACACS+ Versus RADIUS. Chapter Summary. Chapter Review Questions. 4. Security Protocols. DES Encryption. Limitations of DES. Triple DES Encryption. Limitations of 3DES. Message Digest 5 Algorithm. Point-to-Point Tunneling Protocol (PPTP). Limitations of PPTP. Layer 2 Tunneling Protocol (L2TP). Benefits of L2TP. L2TP Operation. Secure Shell (SSH). SSH Operation. Tunneling and Port Forwarding. Limitations of SSH. Chapter Summary. Chapter Review Questions. 5. Firewalls. Firewall Frequently Asked Questions. Why Do I Need a Firewall? Do I Have Anything Worth Protecting? What Does a Firewall Do? Firewalls Are "The Security Policy". Firewall Operational Overview. Implementing a Firewall. Determine the Inbound Access Policy. Determine Outbound Access Policy. Essentials First: Life in the DMZ. Case Studies. Case Study: Firewall Deployment with Mail Server Inside the Protected (Internal). Case Study: Firewall Deployment with Mail Server in DMZ. Firewall Limitations. Chapter Summary. Chapter Review Questions. 6. Router Security. Edge Router as a Choke Point. Edge Router as a Packet Inspector. Content-Based Packet Inspection. Intrusion Detection with Cisco IOS. When to Use the FFS IDS. FFS IDS Operational Overview. FFS Limitations. Secure IOS Template. Chapter Summary. Chapter Review Questions. 7. IPSec Virtual Private Networks (VPNs). Analogy: VPNs Connect IsLANds Securely. VPN Overview. VPN Benefits and Goals. VPN Implementation Strategies. Split Tunneling. Overview of IPSec VPNs. Tunneling Data. Encryption Modes. Transport Mode. IPSec Protocols. Internet Key Exchange (IKE). ISAKMP Overview. IPSec Operational Overview. IKE Phase 2. Diffie-Hellman Algorithm. Router Configuration as VPN Peer. Configuring IPSec. Step 2: Create the IPSec Transforms. Step 3: Create the Crypto Map. Step 4: Apply the Crypto Map to an Interface. Firewall VPN Configuration for Client Access. Chapter Summary. Chapter Review Questions. 8. Wireless Security. Essentials First: Wireless LANs. Benefits of Wireless LANs. Wireless Equals Radio Frequency. Wireless Networking. Coverage. Bandwidth Availability. WarGames Wirelessly. WarDriving. WarFlying. WarSpamming. WarSpying. Wireless Threats. Denial of Service Attacks. Rogue/Unauthorized Access Points. Incorrectly Configured Access Points. Network Abuses. Wireless Security. Device and Access Point Association. Wired Equivalent Privacy (WEP). MAC Address Filtering. Extensible Authentication Protocol (EAP). LEAP (EAP-Cisco). EAP-TLS EAP-TTLS. Essentials First: Wireless Hacking Tools. Wireless Packet Sniffers. AirSNORT. Chapter Summary. Chapter Review Questions. 9. Intrusion Detection and Honeypots. Essentials First: Intrusion Detection. IDS Functional Overview. Host Intrusion Detection System (HIDS). How Are Intrusions Detected? Protocol Analysis. Anomaly Detection. Signature/Pattern Matching. Log Analysis. Combining Methods. Intrusion Prevention. IPS Responses and Actions. IDS Products. Essentials First: Honeypots. Honeypot Limitations. Chapter Summary. Chapter Review Questions. 10. Tools of the Trade. Essentials First: Vulnerability Analysis. Fundamental Attacks. Packet Sniffers. Denial of Service (DoS) Attacks. Man-in-the-Middle Attacks. Back Doors. Miscellaneous Attacks. Security Assessments and Penetration Testing. Internal Vulnerability and Penetration Assessment. External Penetration and Vulnerability Assessment. Physical Security Assessment. Miscellaneous Assessments. Vulnerability Scanners. Features and Benefits of Vulnerability Scanners. Nessus. In Their Own Words. Scan and Detection Accuracy. Documentation and Support. Reporting. Vulnerability Updates. Retina. Scan and Detection Accuracy. Documentation and Support. Reporting. Vulnerability Updates. Penetration Testing Products. Scan and Detection Accuracy. Documentation. Documentation and Support. Vulnerability Updates. Core Impact In Action. Chapter Summary. Chapter Review Questions. Appendix A: Answers to Chapter Review Questions

Network Security First-Step

Abstract: 1. Here There Be Hackers! Essentials First: Looking for a Target. Hacking Innocent Information. Targets of Opportunity. Are You a Target of Opportunity? Targets of Choice. Are You a Target of Choice? The Process of an Attack. Reconnaissance and Footprinting (a.k.a. Casing the Joint). Scanning. Enumeration. Gaining Access. Application Attacks. Misconfiguration Attacks. Script Attacks. Escalating Privilege. Covering Tracks. Network Security Organizations. SANS. Center for Internet Security (CIS). SCORE. Internet Storm Center. ICAT Metabase. Security Focus. Learning from the Network Security Organizations. Overview of Common Attacks and Exploits. Chapter Summary. Chapter Review. 2. Security Policies and Responses. Defining Trust. Acceptable Use Policy. Policy Overview. Purpose. Scope General Use and Ownership. Security and Proprietary Information. Unacceptable Use. E-mail and Communications Activities. Enforcement. Conclusion. Password Policy. Overview. Purpose. Scope. General Policy. General Password Construction Guidelines. Password Protection Standards. Enforcement. Conclusion. Virtual Private Network (VPN) Security Policy. Scope. Policy. Conclusion. Extranet Connection Policy. Scope. Security Review. Third-Party Connection Agreement. Business Case. Point of Contact. Establishing Connectivity. Modifying or Changing Connectivity and Access. Terminating Access. Conclusion. ISO Certification and Security. Sample Security Policies on the Internet. Chapter Summary. Chapter Review. 3. Overview of Security Technologies. Security First Design Concepts. Packet Filtering via Access Control Lists (ACLs). Limitations of Packet Filtering. Stateful Packet Inspection (SPI). Detailed Packet Flow Using SPI. Limitations of Stateful Packet Inspection. Network Address Translation (NAT). NAT's Limitations. Proxies and Application Level Protection. Content Filters. Public Key Infrastructure (PKI). AAA Technologies. Authorization. Accounting. Remote Authentication Dial-In User Service (RADIUS). Terminal Access Controller Access Control System (TACACS). TACACS+ Versus RADIUS. Chapter Summary. Chapter Review Questions. 4. Security Protocols. DES Encryption. Limitations of DES. Triple DES Encryption. Limitations of 3DES. Message Digest 5 Algorithm. Point-to-Point Tunneling Protocol (PPTP). Limitations of PPTP. Layer 2 Tunneling Protocol (L2TP). Benefits of L2TP. L2TP Operation. Secure Shell (SSH). SSH Operation. Tunneling and Port Forwarding. Limitations of SSH. Chapter Summary. Chapter Review Questions. 5. Firewalls. Firewall Frequently Asked Questions. Why Do I Need a Firewall? Do I Have Anything Worth Protecting? What Does a Firewall Do? Firewalls Are "The Security Policy". Firewall Operational Overview. Implementing a Firewall. Determine the Inbound Access Policy. Determine Outbound Access Policy. Essentials First: Life in the DMZ. Case Studies. Case Study: Firewall Deployment with Mail Server Inside the Protected (Internal). Case Study: Firewall Deployment with Mail Server in DMZ. Firewall Limitations. Chapter Summary. Chapter Review Questions. 6. Router Security. Edge Router as a Choke Point. Edge Router as a Packet Inspector. Content-Based Packet Inspection. Intrusion Detection with Cisco IOS. When to Use the FFS IDS. FFS IDS Operational Overview. FFS Limitations. Secure IOS Template. Chapter Summary. Chapter Review Questions. 7. IPSec Virtual Private Networks (VPNs). Analogy: VPNs Connect IsLANds Securely. VPN Overview. VPN Benefits and Goals. VPN Implementation Strategies. Split Tunneling. Overview of IPSec VPNs. Tunneling Data. Encryption Modes. Transport Mode. IPSec Protocols. Internet Key Exchange (IKE). ISAKMP Overview. IPSec Operational Overview. IKE Phase 2. Diffie-Hellman Algorithm. Router Configuration as VPN Peer. Configuring IPSec. Step 2: Create the IPSec Transforms. Step 3: Create the Crypto Map. Step 4: Apply the Crypto Map to an Interface. Firewall VPN Configuration for Client Access. Chapter Summary. Chapter Review Questions. 8. Wireless Security. Essentials First: Wireless LANs. Benefits of Wireless LANs. Wireless Equals Radio Frequency. Wireless Networking. Coverage. Bandwidth Availability. WarGames Wirelessly. WarDriving. WarFlying. WarSpamming. WarSpying. Wireless Threats. Denial of Service Attacks. Rogue/Unauthorized Access Points. Incorrectly Configured Access Points. Network Abuses. Wireless Security. Device and Access Point Association. Wired Equivalent Privacy (WEP). MAC Address Filtering. Extensible Authentication Protocol (EAP). LEAP (EAP-Cisco). EAP-TLS EAP-TTLS. Essentials First: Wireless Hacking Tools. Wireless Packet Sniffers. AirSNORT. Chapter Summary. Chapter Review Questions. 9. Intrusion Detection and Honeypots. Essentials First: Intrusion Detection. IDS Functional Overview. Host Intrusion Detection System (HIDS). How Are Intrusions Detected? Protocol Analysis. Anomaly Detection. Signature/Pattern Matching. Log Analysis. Combining Methods. Intrusion Prevention. IPS Responses and Actions. IDS Products. Essentials First: Honeypots. Honeypot Limitations. Chapter Summary. Chapter Review Questions. 10. Tools of the Trade. Essentials First: Vulnerability Analysis. Fundamental Attacks. Packet Sniffers. Denial of Service (DoS) Attacks. Man-in-the-Middle Attacks. Back Doors. Miscellaneous Attacks. Security Assessments and Penetration Testing. Internal Vulnerability and Penetration Assessment. External Penetration and Vulnerability Assessment. Physical Security Assessment. Miscellaneous Assessments. Vulnerability Scanners. Features and Benefits of Vulnerability Scanners. Nessus. In Their Own Words. Scan and Detection Accuracy. Documentation and Support. Reporting. Vulnerability Updates. Retina. Scan and Detection Accuracy. Documentation and Support. Reporting. Vulnerability Updates. Penetration Testing Products. Scan and Detection Accuracy. Documentation. Documentation and Support. Vulnerability Updates. Core Impact In Action. Chapter Summary. Chapter Review Questions. Appendix A: Answers to Chapter Review Questions

A Genetic Algorithm for the Weight Setting Problem in OSPF Routing

Abstract: With the growth of the Internet, Internet Service Providers (ISPs) try to meet the increasing traffic demand with new technology and improved utilization of existing resources. Routing of data packets can affect network utilization. Packets are sent along network paths from source to destination following a protocol. Open Shortest Path First (OSPF) is the most commonly used intra-domain Internet routing protocol (IRP). Traffic flow is routed along shortest paths, splitting flow at nodes with several outgoing links on a shortest path to the destination IP address. Link weights are assigned by the network operator. A path length is the sum of the weights of the links in the path. The OSPF weight setting (OSPFWS) problem seeks a set of weights that optimizes network performance. We study the problem of optimizing OSPF weights, given a set of projected demands, with the objective of minimizing network congestion. The weight assignment problem is NP-hard. We present a genetic algorithm (GA) to solve the OSPFWS problem. We compare our results with the best known and commonly used heuristics for OSPF weight setting, as well as with a lower bound of the optimal multi-commodity flow routing, which is a linear programming relaxation of the OSPFWS problem. Computational experiments are made on the AT&T Worldnet backbone with projected demands, and on twelve instances of synthetic networks.

Wisecrackers: A theory-grounded investigation of phishing and pretext social engineering threats to information security

Abstract: The collection and dissemination of information about people by businesses and governments is ubiquitous. One of the main threats to people's privacy comes from human carelessness with this information, yet little empirical research has studied behaviors associated with information carelessness and the ways that people exploit this vulnerability. The studies that have investigated this im-portant question have not been grounded in theory. In particular, the extant literature reveals little about social engineering threats and the reasons why people may or may not fall victim. Synthesizing theory from the marketing literature to explain consumer behavior, an empirical field study was conducted to see if factors that account for successful marketing campaigns may also account for successful social engineering attacks. © 2008 Wiley Periodicals, Inc.

A hybrid genetic algorithm for the weight setting problem in OSPF-IS-IS routing

Abstract: Intradomain traffic engineering aims to make more efficient use of network resources within an autonomous system. Interior Gateway Protocols such as OSPF (Open Shortest Path First) and IS-IS (Intermediate System-Intermediate System) are commonly used to select the paths along which traffic is routed within an autonomous system. These routing protocols direct traffic based on link weights assigned by the network operator. Each router in the autonomous system computes shortest paths and creates destination tables used to direct each packet to the next router on the path to its final destination. Given a set of traffic demands between origin-destination pairs, the OSPF weight setting problem consists of determining weights to be assigned to the links so as to optimize a cost function, typically associated with a network congestion measure. In this article, we propose a genetic algorithm with a local improvement procedure for the OSPF weight-setting problem. The local improvement procedure makes use of an efficient dynamic shortest path algorithm to recompute shortest paths after the modification of link weights. We test the algorithm on a set of real and synthetic test problems, and show that it produces near-optimal solutions. We compare the hybrid algorithm with other algorithms for this problem illustrating its efficiency and robustness. © 2005 Wiley Periodicals, Inc. NETWORKS, Vol. 46(1), 36–56 2005(This research was done while the first author was a visiting scholar at the Internet and Network Systems Research Center at AT&T Labs Research (AT&T Labs Research Technical Report TD-5NTN5G).)