This article presents a security system proposal, providing a low-level endpoint security
and network activity monitoring. Its focus is to provide a necessary information for local
administrators, who does not necessarily have the knowledge of networking infrastructure
or access to it, according to the security policies of a parent organization. The proposed
system is designed for academic research environments, where it serves as a tool for an
extended security in protection of sensitive data used in research and development against
the local and remote threads. The developed system was extended to contain central
security point which acts as a server with IDS/IPS capability and enrich the whole
functionality of distributed firewalling system.
BalikL., HoralekJ., HornigO., SobeslavV., DolezalR. and KucaK.,
Endpoint Firewall for Local Security Hardening in Academic Research
Environment, Computational Collective Intelligence, 2015,
Springer International Publishing, pp.
246–255.
2.
BeardsleyT. and
QianJ., The
TCP split handshake: Practical effects on modern network equipment,
Network Protocols and Algorithms2 (2010).
3.
ButlerD.L. and WinneP.H.,
Feedback and self-regulated learning: A theoretical
synthesis, Review of Educational Research65(3) (1995),
245–281. DOI: 10.3102/00346543065003245
4.
CimlerR., MatyskaJ. and SobeslavV.,
Cloud based solution for mobile healthcare application,
Proceedings of the 18th International Database Engineering & Applications
Symposium on - IDEAS ’14, 2014. DOI: 10.1145/2628194.2628217
5.
CzajkowskiG. and
DaynèsL.,
Multitasking without Compromise: A Virtual Machine
Evolution, Proceedings of the 16th ACM SIGPLAN Conference on
Object-oriented Programming, Systems, Languages, and Applications,
36(11), 2001, pp.
125–138. DOI: 10.1145/504282.504292
6.
WangD., XueY.
and DongY.,
Memory-Efficient Hypercube Flow Table for Packet Processing on
Multi-Cores, Global Telecommunications Conference (GLOBECOM
2011), 2011 IEEE, On page(s), pp.
1–6.
7.
DilleyJ.A., LaghateP., SummersJ. and DevanneauxT., Cloud Based
Firewall System And Service, US Patent No.: 20150089582,
2015.
8.
DubrawskyI.,
Firewall Evolution - Deep Packet Inspection, Infocus,
2003.
9.
GreenwaldM., SinghalS.K., StoneJ.R. and CheritonD.R.,
Designing an academic firewall: Policy, practice, and experience with
SURF, Network and Distributed System Security,
1996, pp. 79–92.
10.
HamedH. and Al-ShaerE.,
Dynamic Rule-ordering Optimization for High-speed Firewall
Filtering, In ASIACCS ’06 Proceedings of the 2006 ACM Symposium
on Information, Computer and Communications Security, 2006, pp.
332–342. DOI: 10.1145/1128817.1128867
HeA., ChomsiriT., NandaP.
and TanZ.,
Improving cloud network security using the Tree-Rule
firewall, Future Generation Computer Systems30 (2014),
116–126.
14.
HolíkF., HorálekJ., NeradováS., ZittaS.
and NovákM.,
Methods of deploying security standards in a business
environment. In Proceedings of 14th Conference on Microwave
Techniques, COMITE 2015 New York: IEEE (Institute of Electrical and Electronics
Engineers), 2015, pp. 411–414.
ISBN 978-147998121-2.
15.
KochR., GollingM. and RodosekG.D.,
Geolocation and verification of IP-addresses with specific focus on
IPv6, In Cyberspace Safety and Security,
Springer International Publishing, 2013,
pp. 151–170.
16.
ManolacheF.B.,
HouQ. and RusuO.,
Analysis and prevention of network password guessing attacks in an
enterprise environment, RoEduNet Conference 13th Edition:
Networking in Education and Research Joint Event RENAM 8th Conference,
2014, pp. 1–7.
17.
MishraA., AgrawalA. and RanjanR.,
Artificial Intelligent Firewall, In ACAI ’11
Proceedings of the International Conference on Advances in Computing and Artificial
Intelligence, 2011, pp. 204–207.
DOI: 10.1145/2007052.2007094
18.
MoonCh.-S. and KimS.-H., A
study on the integrated security system based real-time network packet deep
inspection, In International Journal of Security and Its
Applications8 (2014),
113–122.
19.
MartinR., PechoucekM., GrillM., BartosK. and a Pavel
CeledaV.K.,
Collaborative approach to network behour analysis based on
hardware-accelerated FlowMon probes, International Journal of
Electronic Security and Digital Forensics, Zeneva: Inderscience Publishers
(2009). roc. 2, č. 1, s. 35-48. ISSN
1751-911X.
WaldvogelM. and
KollekJ.,
SIEGE: Service-Independent Enterprise-Grade protection against password
scans, 2014.
22.
WoolA.,
Trends in firewall configuration errors: Measuring the holes in swiss
cheese, Internet Computing, IEEE14(4) (2010),
58–65.
23.
ZhangR., QianD.,
BaC., WuW.
and GuoX.,
Multi-agent based intrusion detection architecture,
Computer Networks and Mobile Computing (2001),
494–501.
24.
ChenZ., WuY.,
GeJ. and YuepengE., A
New Lookup Model for Multiple Flow Tables of Open Flow with Implementation and
Optimization Considerations, Computer and Information Technology
(CIT), 2014 IEEE International Conference on, On page(s):
528–532.
