IMPACT OF CYBER WAR ON INFORMATION SECURITY DEVELOPMENT

Abdolmajid Shahgholi School of information technology (SIT department) Jawaharlal Nehru Technological University,India Hyderabad, India (Iranian nationality) shahgholi_a@hotmail.com ABSTRACT---Nowadays, Network Security deals with some policies and technologies, defending against Cyber Attacks occurred due to different Internet-oriented Computer Networks as well as exchanging Information Technologies. This paperpresents both specific vulnerabilities of different Network-based Technologies such as Wireless LAN (Local Area Network), Cellphone, Non-cryptography Protocols, Web Services and several Security Techniques including Access Control, IDS (Intrusion Detection System),IPS (Intrusion Prevention System), Firewall, DNSSEC (Domain Name Service Security) and Web Service Security. Finally, the specific result of availabilitys impact on NIDS (Network Intrusion Detection System) versus NIPS (Network Intrusion Prevention System) is explained. KEY WORDS: FRAME SPOOFING, PHARMING ATTACKS, PHISHING, SAML, 2G, UMTS. Hamid Reza Barzegar School of information technology (SIT department) Jawaharlal Nehru Technological University,India Hyderabad, India (Iranian nationality) Hr.barzegar@gmaill.com of a system, and information or data can be modified altered or destroyed. Who, from the perspective of an IT infrastructure, are internal attackers and external attackers? Internal attackers are commonly linked to disgruntled employees, contractors, or third-party users who, for whatever reason, have lost respect and integrity for the organization, including IT (information technology) infrastructure and its assets. External attackers are commonly linked to one of numerous attacker profiles or types. CyberTerrorists/Cyber Criminal describe an individual or groups of individuals who are funded to conduct clandestine or espionage activities on governments, corporations, and individuals in an unlawful manner. These individuals typically engaged in sponsored acts of defacements, DoS(Denial Of Service)/DDoS(Distributed Denial Of Service) attacks, identity theft, financial theft, or worse compromising critical infrastructures in countries, such as nuclear power plants, electric plants, water plants, and so on. Wireless networks present formidable challenges in the area of security. The open nature of such networks makes it relatively easy to sniff packets or even modify and inject malicious packets into the network. One of the most widely deployed cellular networks is the Global System for Mobile Communications (GSM). The designers of GSM or 2G (second-generation cellular networks) had several goals in mind. From a security viewpoint, it was also designed to protect against charge fraud and eavesdropping. The successor to GSM is Universal MobileTelecommunications System

1. Introduction
Computer security is unlike other forms of security. Products such as locks, safes, and steel doors give clear rating on what types of attacks they can withstand and how long they can withstand them. Security can be achieved in many ways, but its pretty well universally agreed that confidentiality, integrity, and availability (CIA) form the basic building blocks of any good security initiative. Attacks on an IT infrastructure and assets can disrupt availability of service resulting in the following: loss of productivity, violation of service level agreement, financial loss, loss of life, attacks against the integrity

(UMTS) or simply 3g. it promised advanced services such as mobile Internet, multimedia messaging, videoconferencing. Specific features in Internet protocols such as TCP, UDP, and ICMP are exploited to launch DoS attacks. While vulnerabilities lurk in specific features of the protocol, they may also be due to the way a certain protocol is implemented. There are many known vulnerabilities that make software in secure. Of these, buffer overflow vulnerability is the most common. In addition, web applications may be vulnerable to cross-site scripting attacks, and database applications may be vulnerable to SQL injection attacks. Access control can be into the application or it can be implemented at the system level l. Access control may be enforced at different levels of granularity. At the first level of granularity, illegal access to memory needs to be prevented. An intrusion is the act of gaining unauthorized access to a system so as to cause loss or harm. Two ways of handling attempted intrusions are built intrusion preventionand intrusion detection.A firewall acts as a security guard controlling access between an internal, protected network and an external, entrusted network based on a given security policy. A firewall may be implemented in hardware as stand-alone firewall appliance or in software on a PC. The promoters of Web services needed to figure out some way of securing Web services that can be potentially accessed by a complete stranger over the network. Without the proper security infrastructure in place, the adoption of web services would not have been possible.

each other, and infrastructure WLAN, which use access points (AP). A station first sends a frame to an AP and then frame is delivered via AP to its final destination. The station may be another wireless station or a station on the other wired network. The union of the basic service sets comprises an extended service set (ESS). As in wired LANs, each station and AP in the ESS is uniquely identified by a MAC address a 48-bit quantity. In addition each AP is also identified by an SSID (service set id), which is a character string of length at most 32 characters. Special kind of frame called a beacon is periodically broadcast by the AP. A station, on power up, can discover an AP within its range by monitoring the wireless medium for a beacon. The bacon usually contains the SSID of the broadcasting AP. A station sends a Probe Request which probes for APs within its range. An AP , on hearing such a request , responds with a Probe Response frame contains the SSID of the AP and also information about its capabilities , supported data rates, etc. to become part of the WLAN, station will have to associate with an AP. A station that wishes to associate with an AP sends it an Associate Request frame. The AP replies with an Associate Response frame if it accepts the request for associating with it. Before association, 802.11 requires the station to authenticate Itself to the AP.

2.2 WLAN vulnerabilities

Wireless LANs (WLAN) are susceptible to the same protocol-based attacks that plague wired LAN, and also have their own set of unique vulnerabilities. Since wireless access points may proliferate in the organization, unsecured wireless access points can be a danger to organizations because they offer the attacker a route around the company's firewall and into the network.

2. IEEE 802.11 Wireless LAN Securities

A wireless LAN (or WLAN, for wireless local area network, sometimes referred to as LAWN, for local area wireless network) is one in which a mobile user can connect to a local area network (LAN) through a wireless (radio) connection.The IEEE 802.11 group of standards specifies the technologies for wireless LANs. 802.11 standards use Ethernet Mobile Basics protocol and CSMA/CA (carrier sense multiple access with collision avoidance) for path sharing and include an encryption method, the Wired Equivalent Privacy algorithm.

2.3 SSID issues

The service set identifier (SSID) is an identification value programmed in the access point or group of access points to identify the local wireless subnet. This segmentation of the wireless network into multiple networks is a form of an authentication check. If a wireless station does not know the value of the SSID, access is denied to the associated access

2.1 Background
There are two principal of types of WLANs ad-hoc networks, where stations communicate directly with

point; when a station is connected to the access point, the SSID acts as a simple password, providing a measure of security.

2.4 Authentication
The wired network is often an Ethernet LAN with an existing security infrastructure that includes an Authentication Server (AS). In many organization, AAA ( authentication /Authorization/Accounting) functionality is provided by a RADIUS (Remote Authentication Dial In User Service) server, the challenge then is to develop protocols that seamlessly integrate the WLAN with the security infrastructure of wired network. 802.11i uses IEEE 82.1x a protocol that supports authentication at the link layer. Three entities are involved (i) supplicant (the wireless station). (ii) Authenticator (the AP in our case). (iii) Authentication server. Different authentication mechanism an message types are defined by IETFs extensible authentication protocol (EAP). EAP is not really an authentication protocol but rather a framework upon which various authentication protocols may be supported. EAP exchanges are mostly comprised of requests and responses. The AP broadcast its security capabilities in the bacon or Probe Response frame. The station uses the associate request frame to communicate its security capabilities. 802.11i authentication takes place after the station associates with an AP. This differs from earlier version of 802.11where authentication precedes association. The protocol used between the station and the AP is EAP. The main authentication methods supported by EAP include the following: EAP-MD5, EAP-TLS, EAP-TTLS, and EAP-PEAP. EAP-MD5 lets a RADIUS server authenticate LAN stations by verifying an MD5 hash of each user's password. This is a simple and reasonable choice for trusted Ethernets where there is low risk of outsider sniffing or active attack. However, EAP-MD5 is not suitable for public Ethernets or wireless LANs because outsiders can easily sniff station identities and password hashes, or masquerade as access points to trick stations into authenticating with them instead of the real deal.EAP with Transport Layer Security (EAP-TLS) is the only standard secure option for wireless LANs at this

time. EAP-TLS requires the station and RADIUS server to both prove their identities via public key cryptography (i.e., digital certificates or smart cards). This exchange is secured by an encrypted TLS tunnel, making EAP-TLS very resistant to dictionary or other MitM attacks. However, the station's identity -- the name bound to the certificate -- can still be sniffed by outsiders. EAP-TLS is most attractive to large enterprises that use only Windows XP/2000/2003 with deployed certificates.EAP with Tunneled TLS (EAP-TTLS) and Protected EAP (PEAP) are Internet Drafts that have been proposed to simplify 802.1X deployment. Both require certificate-based RADIUS server authentication, but support an extensible set of user authentication methods. Organizations that have not yet issued certificates to every station and don't want to just for 802.1X can use Windows logins and passwords instead. RADIUS servers that support EAP-TTLS and PEAP can check LAN access requests with Windows Domain Controllers, Active Directories, and other existing user databases. From a sniffing perspective, these options are just as strong as EAPTLS. However, user passwords are still more likely to be guessed, shared, or disclosed through social engineering than client-side certificates.

2.5 Replacement of WEP

802.11i supersedes the previous security specification, Wired Equivalent Privacy (WEP), which was shown to have severe security weaknesses. Wi-Fi Protected Access (WPA) had previously been introduced by the Wi-Fi Alliance as an intermediate solution to WEP insecurities. WPA implemented a subset of a draft of 802.11i. The WiFi Alliance refers to their approved, interoperable implementation of the full 802.11i as WPA2, also called RSN (Robust Security Network). 802.11i makes use of the Advanced Encryption Standard (AES) block cipher, whereas WEP and WPA use the RC4 stream cipher. [1][2]

3. Cellphone Security Second generation cellular networks (2G):

2G technology introduced the idea of subscriber

Identity Module (SIM) card. this is basically a smart card that can be removed from one cellphone and placed in another. itstores three secrets and performs cryptographic operations involving some of the secrets. the secrets are : a unique 15-digit subscriber identification number called the International Mobile Subscriber Identity(IMSI); A 128-bit subscriber Authentication key denoted ki known only to the SIM and the HLR of the subscribers home network; a PIN known to the phones owner and used to unlock the SIM. This is intended to prevent stolen phones being used.[19] Threats:In order to understand the GSM security mechanism, you first must understand the threats that the GSM system is attempting to protect against. Two main motivations for attackers of mobile phone systems are theft of service and interception of data. Theft of service can come in many forms, but the most technically interesting is the cloning of a phone. When cloning a phone, an attacker steals the identifying information from a legitimate phone and loads it to another phone. This allows the attacker to masquerade as the legitimate phonecausing charges to be assessed against the account holder of the legitimate phone. Data interception of mobile phone networks, another major concern, is a similar threat to other wireless networks. An attacker, using relatively unsophisticated tools can listen to the transmissions of the phone and the base station in an effort to eavesdrop on the voice and data transmissions occurring. The largest defense to this type of attack is encryption of the data in the air. 3.1 Authentication: Authentication is dependent on SIM which hold the individual authentication key ki, the user identification IMSIA and the algorithm is utilized for authentication. Authentication make use of challenges-response method .access control (AC) produces a random number RAND as challenge and SIM inside the MS answer with SRES as replay. AUC carriers out the fundamental production of random values RAND, signed responses SRES and cipher keys for every IMSI and then forwards the information to HLR. The present VLR request the suitable values for RAND, SREs and kc from HLR,

VLR transmits the random value RAND to SIM. Mobile station transmits back the SRES produced by the SIM. Both data values are compared by VLR, if the data values are similar VLR receives the subscriber otherwise subscriber is refused. System security is maintained by the algorithm such as A3 for authentication, A5 for encryption and A8 for production of cipher key. 3.2 Encryption After authentication, MS and BSS can start encryption by using the cipher key (Kc). Kc is produce by individual key (Ki) and random value, by algorithm A8 based on random value RAND, SIM in the MS and network calculates the similar Kc. By the algorithm A5 and cipher key Kc, MS and BTS encrypt and decrypt data. Kc should be a 64 bit key.

3.3 Security enhancements in UMTS

The security functions of UMTS are based on what was implemented in GSM. Some of the security functions have been added and some existing has been improved. Encryption algorithm is stronger and included in base station (NODE-B) to radio network controller (RNC) interface, the application of authentication algorithms is stricter and subscriber confidentially is tighter. The main security elements that are from GSM: Authentication of subscribers, Subscriber identity confidentially, Subscriber Identity Module (SIM) to be removable from terminal hardware, Radio interface encryption. Additional UMTS security features: Security against using false base stations with mutual authentication, Encryption extended from air interface only to include Node-B to RNC connection, Security data in the network will be protected in data storages and while transmitting ciphering keys and authentication data in the system, Mechanism for upgrading security features. Core network traffic between RNCs, MSCs and other networks is not ciphered and operators can to implement protections for their core network transmission links, but that is unlike to happen. MSCs will have by design a lawful interception capabilities and access to Call Data Records (SDR), so all switches will have to have security measures against unlawful access. UMTS specification has five security feature groups:

Network access security: the set of security features that provide users with secure access to 3G services, and which in particular protect against attacks on the (radio) access link. Network domain security: the set of security features that enable nodes in the provider domain to securely exchange signaling data, and protect against attacks on the wire line network. User domain security: the set of security features that secure access to mobile stations. Application domain security: the set of security features that enable applications in the user and in the provider domain to securely exchange messages. Visibility and configurability of security: the set of features that enables the user to inform himself whether a security feature is in operation or not and whether the use and provision of services should depend on the security feature. UMTS specification has the following user identity confidentiality security features: User identity confidentiality: the property that the permanent user identity (IMSI) of a user to whom a services is delivered cannot be eavesdropped on the radio access link. User location confidentiality: the property that the presence or the arrival of a user in a certain area cannot be determined by eavesdropping on the radio access link. User intractability: the property that an intruder cannot deduce whether different services are delivered to the same user by eavesdropping on the radio access link. Air interface ciphering/deciphering in performed in RNC in the network side and in mobile terminals; Ciphering in function of air interface protocol Radio Link Control (RLC) layer or Medium Access control (MAC) layer.

memory are exhausted. There are some other scenarios such as sending large number of UDP packets to non listening ports on victim via attacker , or sending a very large number of ICMP Echo Request message to the victims network. A distributed DoS (DDoS) is also harder to detect compared to DoS emanating from a single source. In a DDoS attack, the brain behind the attack scans the Internet to find multiple vulnerable hosts called handlers and compromises them. Each handler, in Turn, recruits many agents or zombies to lunch the attack.[4]

4.2 ARP spoofing

ARP poison routing (APR) or ARP cache poisoning, a method of attacking an Ethernet LAN by updating the target computers ARP cache with both a forged ARP request and reply packets in an effort to change the Layer 2 Ethernet MAC address (i.e., the address of the network card) to one that the attacker can monitor. Because the ARP replies have been forged, the target computer sends frames that were meant for the original destination to the attackers computer first so the frames can be read. A successful APR attempt is invisible to the user. 4.2.1 Remedies Avoid using insecure protocols like Basic HTTP Authentication and Telnet. You should make it a practice to sniff your own network to see what information is being passed and ensure youre not already sending sensitive information across the network. If you do have to use an insecure protocol, tunnel it through a secure channel (SSH, SSL, etc.)Look into using Static ARP tables between critical workstations and servers. Although a pain to maintain, they do limit the chances of ARP spoofing. You can run software like ARP Watch to detect changes in MAC addresses on the network. Try running tools that can detect if a NIC is running in promiscuous mode, this could be a sign of sniffing. (Sniffed and Sentinel are common tools)All mobile or guest access points should use a VPN to connect to the network. Better yet, keep public terminals on a separate LAN from workstations and servers. Lockdown workstations so that users cant install sniffing software or boot from live CDs (Backtrack).

4. None Cryptographic Vulnerabilities 4.1 DoS AND DDoS

Protocol

Typically a victim is flooded with packets that elicit some kind of response by DoS attack scenarios. An attacker sends thousands of TCP packets to its victim with the SYN flag set. The victim thinks that these are legitimate requests for TCP connection establishment. In response to each request, the victim reserves buffer space(approximately 300 bytes). Eventually, the victims communication link and/or

4.3 Attacks on DNS

Consider a bank called A that has an internet presence. A allow its customers to perform banking transaction over the internet by visiting and logging on to its web site WWW.A.COM, on his browser. The web page that is downloaded has the look and feel the authentic one but is site owned by an attacker. The customer is unaware that the web site belongs to an attacker. He proceeds to enter his login name and password which are then captured by the attacker.

4.3.1 DNS Security Extension

DNSSEC is a suite of extensions that add security to the DNS protocol. The core DNSSEC extensions are specified in RFCs 4033, 4034, and 4035 and add origin authority, data integrity, and authenticated denial of existence to DNS. In addition to several new concepts and operations for both the DNS server and the DNS client, DNSSEC introduces four new resource records (DNSKEY, RRSIG, NSEC, and DS) to DNS. In short, DNSSEC allows for a DNS zone and all the records in the zone to be cryptographically signed. When a DNS server hosting a signed zone receives a query, it returns the digital signatures in addition to the records queried for. A resolver or another server can obtain the public key of the public/private key pair and validate that the responses are authentic and have not been tampered with. In order to do so, the resolver or server must be configured with a trust anchor for the signed zone, or for a parent of the signed zone. 4.4 Frame spoofing Two main types of this spoofing are both spoofed deauthentication frame and spoofing power management control frames. In first one, middle of delivering data between AP and station an attacker who has spoofed MAC address of the related station sends deauthentcation frame to AP. AP think this frame came from genuine station and it closes connection. Then remained packets will fail. [17]

In this, attack is wanted from user to login to his bank. It seems every thing (website address, security certification) are normal but link to that website is changed. It occurs because of some disadvantages or challenges in website script, programmer used it. [20] Overcoming XSS: Using suitable web browsers; using no script tools and not clicking on unknown links. 5.3 SQL INJECTION One type of hackers attacks is on websites that allows to hacker access to database with use of SQL language. SQL injection is a code injection technique that exploits security vulnerability in a website's software. The vulnerability happens when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. 5.3.1 SQL INJECTION REMEDIES: selecting object oriented structure of ASP.NET; avoiding +, & characters ; using custom error detection that hackers cannot use formal error to attack to site; instead of single quote using OlebbCommand in SQL codes; at the end of codes using CmndCheck.[11]

6. Access Control in the Operating System

Access control is authority to control access to resources. User, group of user and a machine has a valid account on the system (UID, GID) are three key entities involved in access control. there are three access control policy as well as discretionary, mandatory and role base access control. Discretionary access control (DAC) is an access policy determined by the owner of an object (objects are resources that subject need to access to) that who allowed to access the object and what privileges they have. Two important example of DAC are UNIX and WINDOWS access control. UNIX based on a user who has an account on the system. Windows control operations, are on file system in objects, threads, sockets, semaphores, register key. Mandatory access control (MAC) is an access policy determined by the system not the owner.MAC is used in multilevel system that process highly sensitive data such as classified government and military information. Role

5. Software Vulnerabilities
5.1 Phishing Phishing, in its common form, is the process of luring a victim to a fake website by clicking on a link. The victim usually encounters the link in an e-mail message sent to him or on a webpage being browsed by him. Phishers can get user information target, PayPal, eBay site or online bank. [19] 5.2 CROSS-SITE SCRIPTING (XSS)

base access control is an access policy determined by the system not the owner. Role base access control is used in commercial application and also military system. It is controlled at the system level outside of users control. [6]

7. IPS AND IDS

IPS (Intrusion Prevention System) forestalls various kinds of attacks and IDS is a device or software appliances that monitor system activities for malicious activities and make a report to a management station. For example in password strategy : (i) we should have eight character hard to guess, (ii) changing password at least once in two mounts , (iii) try to store password securely and dont inform it to others. Moreover; (IV) after three unsuccessful attempt to an account, account should be disable in twenty minutes. The first and second can be either user base or force by system. The third issue just involves user alone and the forth one involves system alone. These mentioned levels are belonged to IPS. IDS (Intrusion Detection System) should monitor loggings such as a person for five years has never logged in outside of office hours when in 4 am logged in, IDS should alert.[14]

message was coming and be able to verify that the sender was who the sender claimed to be. Our customer needed to be able to ensure that the data being transmitted was not tampered with. SAML: Perhaps the biggest roadblocks to the longterm success of Web services are security issues. And one of the most important of those security issues is user authentication - specifically, allowing a user to sign on or use multiple Web services from separate but affiliated sites, without having to authenticate himself at every step of the process. That's the job of SAML (Security Assertion Markup Language), an XML-based standard for authentication and authorization that provides a "single sign-on" so that people can be authenticated once and then be able to access multiple Web services. SAML allows each individual site to have its own mechanism for sign-on and authentication, but will allow sites to accept authenticated users from other sites.[16]

10. Conclusion
This paper has discussed different development t that can be found in an information security environment. Network security is all about studying Cyber Attacks with a view to defending against them. Understanding what makes systems vulnerable to these attacks is an important first step in avoiding or preventing them. Most hackers were young adults, often teens, who had dropped out of school but were otherwise intelligent and focused. Many of the traditional hackers seem to be obsessive programmers. They seem to be adept at circumventing limitation to achieve a challenging but often forbidden objective. Remember that security is a process. You have to be vigilant, but the price of vigilance is secure data and no net loss of competitive advantage. Although no amount of negligence provides legitimate reasons for a third party to steal data, neither does that absolve system administrators of responsibilities to secure their networks. Remember too, that network management becomes increasingly important as the network grows larger; otherwise, the system administrators are overrun doing work that can easily be automated. Behind every attack is a vulnerability of some type or other. But what exactly is vulnerability? Vulnerability is a weakness or lacuna in a procedure, protocol, hardware, or software within an

8. Firewalls
All Internet traffic from reaching your computer that you have not specifically requested. What this means is that if you browse to a web site, the firewall will allow the traffic from that web site to reach your computer and therefore yourself. On the other hand, if you did not request information from that web site, and the web site sent traffic to you, it would be denied from reaching your computer because you did not specifically ask for it. This behavior can be changed if you wish, and we will discuss that further in the document. [7]

9. WS-SECURITY (web Service Security)

As the use cases for our customer's application were being developed, a set of security-related, nonfunctional requirements were identified: The communication between our customer and his business partner should not be able to be viewed by a third party as it travels on the Internet. Our customer needed to be able to determine from whom the

organization that has the potential to cause damage. The understanding of security vulnerabilities is the key in helping us understanding attacks better and, more importantly, in defending against them. Deploying an IDS/IPS and tuning it to a point where the alerts generated are relevant is not an easy or quick project. False positives may plague an analyst for days or weeks to come but the only thing worse than a false positive is a false negative. Knowledge of the environment is absolutely critical to save the analyst time in the long run and being comfortable with how the detection engines are set up. The proper time and resources must be allocated to maximize any return on investment an IDS/IPS provides. Web services involve a fundamental shift in how justice agencies will manage, access, and share information. Within the Web services architecture, security is key in justice implementations involving sensitive but unclassified information.However, with the sophistication of attacking methods and advancement of information technology, it is necessary for countermeasures to constantly evolve as well, and so as our recurrence prevention measures against new threats.

11. Case study: Result for availabilitys impact on NIDS (Network-based Intrusion Detection System)versus NIPS (Networkbase Intrusion Prevention System) decision.
Networked computers with exposed vulnerabilities may be disrupted or taken over by a hacker, or by automated malicious code. Should a terrorist group attempt to launch a coordinated cyber attack against computers that manage the critical infrastructure, they may find it useful to copy some of the tactics now commonly used by todays computer hacker groups to locate Internet-connected computers with vulnerabilities, and then systematically exploit those vulnerabilities.Availability is a time value calculated in terms of MTBF (Mean Time Between Failures) and MTTR (Main time to Repair). The MTBF number is provided by the manufacturer and is expressed in hours. The MTTR number, variable and dependent upon the specific network, is also expressed n hours. Availability = MTBF/(MTBF+MTTR). The most common way to express this availability calculation is by percentage. It is commonly referenced by

network professionals using the term 9s, illustrated in following table to calculate annual availability, you can multiply your targeted 9s value by 525,600 minutes per year. * Availability *Annual downtime * 90% (one 9) *36.5 days *99 % (two 9s) *3.65 days A device with a MTBF of 175,000 hours and an MTTR of 30 minutes has a calculated annual availability of 525,598 minutes, which equals 1.52 minutes of downtime. Appendix C provides more detail and complex examples regarding these calculations. The real challenge in computing the availability of any system or network is in understanding the MTTR. This value is unique to your environment, affected by variables such as routing protocol convergence time and/or spanning tree convergence time, depending on your topology. You need to understand exactly what happens when an inline device fails to forward traffic properly. This can be due to power, hardware, or other environmental failure. Ideally you would build a full test environment with your intended NIPS design and then test the different scenarios. You should be able to estimate the impact of failure by analyzing a few key variables: Interface fail-open how long does it take for a set of inline interfaces to begin passing traffic after a failure? Will traffic be queued or dropped? Layer 3 (L3) environment failures when your NIPS is deployed on a routed network segment, how long does your routing protocol take to converge? Layer 2 (L2) environment failures when your NIPS is deployed on a physically redundant L2 network segment, how quickly will the spanning tree converge? Non-hardware sources of downtime. Were doing these calculations based purely on hardware failure calculations, so you must also consider software failure, environmental considerations, and human error. Compared to other network devices, A NIPS has a much higher number of software updates (signatures, typically). Application of these software updates always introduces the possibility of software failure or human error that could result in an unexpected outage. This is important to remember that NIDS is just a tool in your collection, not be-all and end-all security mechanism, despite what NIDS vendors tell to you.

512. In: 17thInternationalWorkshop, SAC 2010Waterloo, Ontario, Canada, August 12-13, 2010 [11]. Adianpagvacpastor.: universal website hijacking by exploiting firewall content filtering features. In: GNUCITIZEN,Jun 6, 2009 2 [12]. Misra, S.; Krishna, P.V.; Abraham, K.I.; Sch. of Inf. Technol., Indian Inst. of Technol., Kharagpur, India .: Adaptive link-state routing and intrusion detection in wireless mesh networks, In: IEEE,ISSN: 1751-8709 ,December 2010 [13]. Standaert, F.-X., Veyrat-Charvillon, N., Oswald, E., Gierlichs, B., Medwed,M., Kasper, M., Mangard, S.: The world is not enough: Another lookon second-order dpa. Cryptology, 2010

12. References
[1]. Schiller, j. mobile communications, 2 nd Ed., Addison Wesley, 2003, Indian reprint Pearson educations, 2003 [2]. Adelstein, F., S.K.S. Gupa, G. G. Richard III, and L. Schwiebert, Fundamentals of Mobile and Pervasive Computing, McCGraw-Hill, 2005, Reprint, Tata McGrawHill 2005. [3]. B. Forouzan , Cryptography and Network Security, McGraw Hill, 2007. [4].A. Hussain, j. Heidemann, and C. Papadopoulos, A framework for classifying denial of service attacks, proceedings of the ACM SIGCOMM Conference (KARLSRUHE, Germany), pp. 99-110, 2003. [5].T. Gallagher, B. Jeffries, and L. Landauer, Hunting SecurityBugs, Microsoft Press, 2006. [6]. S. Govindavajhala and A. Apple, Windows access control demystified ,Tech.report, Princeton University, 2006. [7].John Wack, Ken Cutler, and Jamie Pole, Guidelines on firewalls and firewall Policy, NIST Special Publication, pp. 800-841, January 2002. [8].Chang, C.C., Chang, S.C.: An Improved Authentication Key Agreement Protocol Based on Elliptic Curve for Wireless Mobile Networks. In: IIHMSP 2008 International Conference on Intelligent Information Hiding and Multimedia Signal Processing, pp. 13751378 (2008) [9].Le Kang and Ji Xiang.: CAPTCHA Phishing: A Practical Attack on Human Interaction Proofing. In: 5th International Conference, Inscrypt 2009. Beijing, China, December 12-15, 2009 [10].Charles Bouillaguet, Orr Dunkelman,GaeanLeurent,and Pierre-Alain Fouque.: Attacks on Hash Functions Based on GeneralizedFeistel: Application to Reduced-RoundLesamntaand SHAvite-3

[14]. Tnnissen, Jacco. :I ntrusion Detection, Honeypots and Incident Handling Resources; in: Honeypots.com.; 13 January 2004 [15]. Chuvakin, Anton. :Network IDS Shortcomings:Has NIDS Reached the End of the Road? . in: SC InfosecOpinionwire. 6 February 2002 [16]. Meng Wang; Chunxiao Fan; Zhigang Wen; Shan Li; Jie Li;..: Implementation of Internet of Things Oriented Data Sharing Platform Based on RESTful Web Service ; in: The 7th International Conference on Wireless Communications, Networking and Mobile Computing, 2011

[17]. Deccio, C.; Sedayao, J.; Kant, K.; Mohapatra, P.:

Quantifying and Improving DNSSEC Availability. In: 20th International Conference on Computer Communications and Networks; 2011 [18]. Yu, Xi; Chen, Xiaochen; Xu, Fangqin.: Recovering and Protecting against DNS Cache Poisoning Attacks; in: International Conference of Information Technology, Computer Engineering and Management Science; 2011 [19]. Kim, H.; Huh, J.H.: Detecting DNS-poisoningbased phishing attacksfrom their network performance characteristics; in:Institution of Engineering and Technology; 2011 [20]. Shahriar, Hossain; Zulkernine, Mohammad;: S2XS2: A Server Side Approach to Automatically Detect XSS Attacks; in: 9TH international conference on dependable, autonomic and security computing; 2011