Showing papers on "Internet security published in 1994"

Firewalls and Internet Security

Abstract: In a process for the manufacture of 2-amino-3-bromoanthraquinone by heating 2-aminoanthraquinone with bromine (in the molar ratio of 1:1) in sulfuric acid, while mixing, the improvement wherein crude 2-aminoanthraquinone, in sulfuric acid of from 60 to 90 percent strength by weight, which contains from 10 to 15% by weight of an alkanecarboxylic acid of 3 or 4 carbon atoms or a mixture of such acids, is heated with from 1 to 1.05 moles of bromine per mole of 2-aminoanthraquinone at from 130 to 150 DEG C. The 2-amino-3-bromoanthraquinone which is isolated may be used for the manufacture of dyes. It is at least as pure as that obtained from purified 2-aminoanthraquinone by the process of the prior art.

The multimedia fax-MIME gateway

Abstract: New standards may help bridge the rapidly growing communities of the Internet and facsimile machine users. One of these is the Internet standard proposed in July 1992 which provides enhanced capabilities for e-mail. This new standard, Multipurpose Internet Mail Extensions (MIME), lets users exchange multiple-media mail messages over the Internet. The fax-MIME gateway takes advantage of these developments to offer fax services to Internet users and Internet services to multimedia fax users. >

A Primer On Internet and TCP/IP Tools

Abstract: This memo is an introductory guide to some of the TCP/IP and Internet tools and utilities that allow users to access the wide variety of information on the network, from determining if a particular host is up to viewing a multimedia thesis on foreign policy. It also describes discussion lists accessible from the Internet, ways to obtain Internet documents, and resources that help users weave their way through the Internet. This memo provides information for the Internet community. This memo does not specify an Internet standard of any kind.

The Internet for Everyone: A Guide for Users and Providers

Abstract: Explains what Internet is, how to get connected, how to communicate with others and how to navigate and mine it for information. This guide is a comprehensive introduction and overview, which covers all the basic concepts of Internet and its technologies. It describes how to find people on the network, communicate with others and connect to Internet resources, including a catalogue of Internet resources organized by subject and showing the access method and Internet address of each resource. This guide also includes step-by-step directions on choosing the right medium, organizing data and ensuring privacy and security; all the information necessary to set up Gopher protocol for service providers; details on how a LAN relates to Internet; technical information on how data moves over the Internet, including the underlying protocols and details on how to connect your workstation to Internet based on mode of access.

EINet: a secure, open network for electronic commerce

Abstract: Corporate users are by far the most rapidly growing segment of the Internet community, supplementing the existing base of government and academic users. Both corporate and government organizations want to use the Internet to "integrate" their enterprises, and foresee using the Internet to conduct electronic commerce as well. However, the lack of security services on the Internet deters its use for many such applications. The Enterprise Integration Network (EINet) provides security services to support enterprise integration and electronic commerce activities on the Internet. EINet incorporates an application based security system with the security management and operations necessary to protect these activities in an open network environment. The paper discusses the need for security on the Internet, describes the EINet Security System, then summarizes operational experiences and future work. >

Internet security standards: past, present, and future

Abstract: n Security is a topic of great interest as the Internet transitions from the R & 0 environment to the commercial sector and the home. This afiicle traces the evolution of security standards in the Internet and previews work now underway. he Internet protocol suite (e.g., IP, TCP) has been criticized as having been designed with no thought of security. People point to the ease with which IP addresses can be spoofed; the lack of security for name and address mappings provided by the Domain Name System (DNS); the lack of accounting facilities; the difficulty of operating some protocols across “firewall gateways,” and similar characteristics, as evidence of failure to anticipate security requirements. These observations, while generally true, do not fully support the criticism. For example, IP was designed to operate over lower network layer protocols such as X.25, and it was assumed that these lower network layer protocols would enforce network-specific charging policies The construction of networks from IP routers without the use of a lower network layer protocol was not part of the IP model, which also explains the lack of congestion control facilities in IP. Contrary to popular belief, IP was designed with a security model in mind [Kent 1993al. The model assumes the use of end-to-end cryptographic protection at the network layer for most user-oriented security services and the use of link layer cryptography for trafftc-flow confidentiality. TCP/IP was developed initially for use by the U.S. Department of Defense (DOD). In the DOD environment, the threats are such that the only accepted means of providing high-quality security in a large, geographically distributed network is through the application of cryptography. Appropriately designed, IP-layer cryptographic devices offer (connectionless) confidentiality and integrity, data-origin authentication, and enforcement of identity and rule-based access control through automated key distribution. Uniform use of such cryptographic security technology addresses many of the concerns cited above. Prototype devices implementing these services in the TCP/IP environment were developed, tested, and deployed on a limited basis in the late 1970s as part of DoD-sponsored R&D programs--well before security became a common concern for many Internet users, before the term “information superhighway” became a buzzword, and before the advent of the Internet standards process.

Inter-networking security

Abstract: Inter-networking security in a multi-vendor heterogeneous network environment is a critical problem for IT professionals. This paper analyzes the security threats in a multi-vendor network environment and proposes a network security architecture for building a secure distributed network. It also discusses various information security packages including crypto-systems, network authentication, and security control software. The paper attempts to provide readers a systematic way for securing inter-network environment. >

Network Security and the NPS Internet Firewall.

Abstract: : As the Naval Postgraduate School's (NPS) computer network continues to incorporate computers with a wide variety of security holes, it is vital that an Internet firewall be installed to provide perimeter security for NPS from the Internet. NPS has had systems compromised by unauthorized individuals who have gained access via the Internet. The approach taken by this thesis was to analyze the type of Internet firewalls available and chose a design that provides the protection required at NPS while maintaining the Internet functionality desired. After choosing the appropriate type of firewall, it was tested for functionality and performance. The functionality test successfully validated that the bootp, netwall, tftp, sunrpc, and nfsd packets could he blocked while other network services remained functional. The performance testing process first monitored existing traffic to and from the BARRNET and DDN routers. The second step determined the firewall's performance with a well known network measurement tool, New Test TCP/IP (ntrcp). The existing data rates to and from the Intemet are on average 438 kilobjis per second and the nttcp tests showed that the firewall could run at 600 kilobits per second. These results validated that the firewall could maintain the data rates currently required to the Internet. This thesis resulted in a firewall, obtained from Texas A&M, that can be installed and used to improve the network security between the NPS network and the Internet. This firewall runs on a PC and would be located between the NPS network and the BARRNKr and DDN routers. This would result in a perimeter of security for the NPS network, to assist in the ever growing need for network security.

Beacon based approach to network security

Abstract: In 1993, there were an estimated two million hosts connected to the Internet with a user population of around twenty million, in seventy countries. Increasingly, the information being transmitted within the Internet community is sensitive and concerns about data privacy and integrity are growing. This thesis examines the internet environment and the issues that have lead to this raised level of concern regarding security. We will also examine some of the primitive cryptographic services that are available to promote trust between users. ' It is universally acknowledged that reliable authentication of communicating entities is essential for achieving security in a distributed computing environment. The design of such systems as Kerberos, SPX and more recently KryptoKnight and Kuperee, have largely been successful in addressing the problem. We will examine two of these systems. The first, Kerberos is the best known of these efforts and was developed at Massachusetts Institute of Technology (MIT) as part of Project Athena. It is based on the weU-known Needham and Schroeder protocol and incorporates modifications that were proposed by Denning and Sacco. The second, KryptoKnight, is more recent. Unlike Kerberos which uses timestamps to ensure freshness, KryptoKnight relies on exchange of nonces. The common element within these implementations is the need for a trusted third-party authentication service. This essentially, requires a great deal of trust to be invested in the authentication server which adds a level of complexity and reduces system flexibility. The use of a Beacon to promote trust between communicating parties was first suggested by M. Rabin in "Transactions protected by beacons," Journal of Computer and System Sciences, Vol 27, pp 256-267,1983. In this thesis we revive Rabin's ideas which have been largely overlooked in the psist decade. In particular we present a novel approach to the authentication problem bcLsed on a service called Beacon which continuously broadccists certified nonces. We show that tliis approach considerably simplifies authentication and the distribution of keys. We illustrate the impact of such a service by "Beaconizing" the Needham and Schroeder public key protocol. The modified protocol would be suitable for deployment at upper layers of the communication protocol stack. The results of this thesis are to be pubhshed in: A. Jiwa, J. Seberry, and Y. Zheng. Beacon based authentication. In Proceedings of the European Symposium on Research in Computer Security (ESORICS'94), Brighton, UK, Nov 1994, accepted for publication by Lecture Notes in Computer Science, Springer-Verlag, Berlin-Heidelberg-New York, 1994. A less technical version of the paper is to be presented at: A. Jiwa, J. Seberry, and Y. Zheng. Network security featuring beacon based authentication. In Proceedings of Fifth Australasian Conference on Information Systems, Melbourne, Australia, Sept 1994, accepted for publication.