Denning, Dorothy E. Information Warfare and Security. ACM Press, New York, 1999.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....recipient cannot deny having received the transaction, nor can the sender deny having sent it. Data transmission is not the only area of VPN operations for which security concerns exist. Factors such as physical security, access management and the ability of techniques such as social engineering [Den00] to circumvent existing security measures must also be considered, and appropriate policy decisions implemented and strictly enforced to counter these threats. There are two main trust models applicable to the use of a shared backbone network: 1. Untrusted Service Provider. In this scenario, ....

..... Decryption without possession of the cryptographic key. This is equivalent to breaking the cryptographic algorithm used, and generally requires some form of brute force attack on the key space a computationally infeasible task without access to extraordinary amounts of computational power [Den00] Exploit some design or implementation flaw to obtain the cryptographic key. Such vulnerabilities are rare, and are generally repaired rapidly upon their discovery. This requires users to monitor the status of all programs being used, particularly the operating system, and to apply any ....

[Article contains additional citation context not shown here]

Dorothy E. Denning. Information Warfare and Security. Addison-Wesley, 4 edition, January 2000.

.... contends that a more accurate estimate would be between 1,000 and 3,000, or 2 to 5 of the computers infected [27] Other estimates at the time ranged from 2,000 to 6,000 (3 to 10 ) but when the situation stabilized, consensus among published papers centered around 2,000 to 4,000 (3 to 7 ) [4, 5, 16, 25]. One of the problems with the available information is that the extent of infection of vulnerable machines is unknown. If this information were available, it would be possible to map this proportion into the total number of Internet hosts to yield an estimate of infection that would have ....

Denning, Dorothy, Information Warfare and Security, Addison-Wesley, Reading, 1999.

....the following: During Operation Desert Storm (between April 1990 and May 1991) hackers from the Netherlands penetrated 34 U.S. military sites including military supply systems 11 and gained such information as the exact location of U.S. troops, their weapons, and the movement of U.S. warships. [DENNING99] During the military exercise Eligible Receiver in June 1997, the NSA demonstrated that a hostile enemy state could disrupt computer operations at major military commands, cause large scale blackouts, and interrupt emergency service in Washington D.C. in several other cities in the ....

Denning, Dorothy E. Information Warfare and Security. ACM Press, New York, 1999.

....notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and or a fee. SPAA 01 Crete Greece Copyright 2001 ACM 1 58113 409 6 01 07 . 5.00. regarding intrusion propagation and detection [1, 3, 7, 8]. Various models have been proposed under which researchers mainly study the e ective detection and defeat of attacks assuming a very powerful intruder; see e.g. 6] In this setting, intrusion propagation (the process of spread of such attacks) has mostly been investigated under gossip or ....

D. Denning, \Information Warfare and Security", Addison-Wesley, 1999.

....is a more beneficial and effective approach. A very important but often neglected facet of intrusion detection is its cost effectiveness, or cost benefit trade off. An educated decision to deploy a security mechanism such as an IDS is often motivated by the needs of security risk management [5, 10, 21]. The objective of an IDS is therefore to provide protection to the information assets that are at risk and have value to an organization. An IDS needs to be cost effective in that it should cost no more than the expected level of loss from intrusions. This requires that an IDS consider the ....

....analysis and security assessment communities. The literature suggests that attempts to fully quantify all factors involved in cost modeling usually generate misleading results because not all factors can be reduced to discrete dollars (or some other common unit of measurement) and probabilities [3, 6, 9, 10, 13]. It is recommended that qualitative analysis be used to measure the relative magnitudes of cost factors. It should also be noted that cost metrics are often site specific because each organization has its own security policies, information assets, and risk factors [21] 2.1 Attack Taxonomy An ....

[Article contains additional citation context not shown here]

D. Denning. Information Warfare and Security. Addison Wesley, 1999.

....delivery time guarantees, hence not providing infrastructural support for distributed applications with strict time constraints. Even in best cases, the sequence of events may be the only meaningful measure of time. Availability is also used in other contexts in information security. Denning [9], for example, refers to the defensive and o ensive information warfare in terms of increase and reduction of the availability of information to various parties. Towards Network Denial of Service Resistant Protocols 3 Denial of Service (DoS) is a result of the realization of an intentional threat ....

D. E. Denning. Information warfare and security. Addison{Wesley Longman, Inc., Reading, MA, USA, 1999.

....is a more beneficial and effective approach. A very important but often neglected facet of intrusion detection is its cost effectiveness,orcost benefit trade off. An educated decision to deploy a security mechanism such as an IDS is often motivated by the needs of security risk management [3, 8, 19]. The objective of an IDS is therefore to provide protection to the information assets that are at risk and have value to an organization. An IDS needs to be cost effective because it should cost no more than the expected level of loss from intrusions. This requires that an IDS consider the ....

....analysis and security assessment communities. The literature suggests that attempts to fully quantify all factors involved in cost modeling usually generate misleading results because not all factors can be reduced to discrete dollars (or some other common unit of measurement) and probabilities [2, 4, 7, 8, 11]. It is recommended that qualitative analysis be used to measure the relative magnitudes of cost factors. It should also be noted that cost metrics are often site specific because each organization has its own security policies, information assets, and risk factors [19] 2.1 Attack Taxonomy An ....

[Article contains additional citation context not shown here]

D. Denning. Information Warfare and Security. Addison Wesley, 1999.

....of threats, such as natural disasters and accidents, the focus here is on the intentional threat the intelligent, determined, and intentional attacks that can be made against computing platforms. Thus, by definition, the use of computer security here deals with defense from deliberate attacks [4]. The fast paced change in computer technology, and the complexity it naturally brings, has increased the number of system vulnerabilities and has not improved overall security as some had predicted. Today s attackers have an increasingly large number of points to attack: satellite ....

....to the computing resources therein. An outsider is an attacker who has no prior access to the target computing platform. Both categories pose special problems in computer security. The largest threat, both in the number of incidents and in the monetary damage caused by attacks comes from insiders [4, 10]. Insiders are a threat when, for personal gain or for sabotage, they exploit information resources within their organization [4] A system that is secure when the operators are trusted and the computers are completely under the control of the company using the system may not be secure when the ....

[Article contains additional citation context not shown here]

D. E. Denning, Information Warfare and Security, Reading, MA: Addison Wesley, 1999.

....is a more beneficial and effective approach. A very important but often neglected facet of intrusion detection is its cost effectiveness, or cost benefit trade off. An educated decision to deploy a security mechanism such as an IDS is often motivated by the needs of security risk management [3, 8, 19]. The objective of an IDS is therefore to provide protection to 2 the information assets that are at risk and have value to an organization. An IDS needs to be cost effective because it should cost no more than the expected level of loss from intrusions. This requires that an IDS consider the ....

....analysis and security assessment communities. The literature suggests that attempts to fully quantify all factors involved in cost modeling usually generate misleading results because not all factors can be reduced to discrete dollars (or some other common unit of measurement) and probabilities [2, 4, 7, 8, 11]. It is recommended that qualitative analysis be used to measure the relative magnitudes of cost factors. It should also be noted that cost metrics are often site specific because each organization has its own security policies, information assets, and risk factors [19] 4 Table 1: An Attack ....

[Article contains additional citation context not shown here]

D. Denning. Information Warfare and Security. Addison Wesley, 1999.

....the lack of global view of what is happening in these networks, can lead to tremendous problems in network reliability. For example, small local failures can easily propagate to entire networks, causing loss of service and corruption of data. Also, deliberate attacks (such as denial of service [3] attacks) can easily cause widespread havoc, as poignantly demonstrated recently [11] Thus one important issue is the development of effective network traversal strategies to protect as many resources as possible from failure and or attacks, i.e. to maximally restrict the number of resources ....

Denning, D. (1999) Information Warfare and Security. Addison-Wesley, NY.

....Robin Hood or Moral Disengagement: Understanding the Justification for Criminal Computer Activity (Marc Rogers, Graduate Studies Dept. of Psychology, University of Manitoba) The rapid growth of information technology has introduced a new category of criminal offender, the computer criminal (Denning, 1998; Parker, 1998; Rasch, 1996; Rogers, 1999; Taylor, 1997) Computer criminals often mistakenly referred to as hackers have defended their actions as being ethical and attempt to justify their behavior in terms of serving some higher moral function (Chandler, 1996; Chantler, 1997; Denning, ....

.... (Denning, 1998; Parker, 1998; Rasch, 1996; Rogers, 1999; Taylor, 1997) Computer criminals often mistakenly referred to as hackers have defended their actions as being ethical and attempt to justify their behavior in terms of serving some higher moral function (Chandler, 1996; Chantler, 1997; Denning, 1998; Parker, 1998; Spafford, 1997) Some computer criminals subscribe to the notion of the ends justifying the means (Chantler, 1996) These individuals assume that the ends of their activities are ethical therefore their activities are ethical (Chantler, 1996) This is an interesting and ....

[Article contains additional citation context not shown here]

Denning, D. (1998). Information Warfare and Security.

....is mostly concerned with the security of communications, usually achieved by standardised security features, for example through Secure Socket Layer (SSL) protocol underneath the Hypertext Transfer Protocol (HTTP) MLS systems are only found in central key servers and key certificate databases. Denning (1999, p.377) estimates the cost of a typical minimum level (C2) certification in TCSEC evaluation criteria ranging from US 500,000 to US 800,000. She also reports cancellation of a project to develop an operating system at the highest security level (A1) after years of development due to a low ....

....security and communication protocol security problems. Since some recent attacks demonstrate problems with the actual cryptographic algorithms, a brief note shall be provided on the problems with security primitives. More comprehensive classifications of vulnerabilities are available (e.g. Denning 1999, Escamilla 1998, Neumann 1995) Rather than aiming at the same depth, well known attacks are summarised to demonstrate the vulnerabilities. Systems remaining vulnerable to attacks known for long periods of time leads to two conclusions. First, new approaches are required towards the security of ....

[Article contains additional citation context not shown here]

Denning, D.E.(1999) Information Warfare and Security. ACM Press, Addison-Wesley, Reading, MA, USA.

....criminals, etc. Chantler, 1996; Parker, 1998; Post, 1996; Rogers, 1999) The term hacker describes the activity involved in, but does not accurately reflect any of the differences in those individuals engaged in the activity (Post, 1996) Hackers are not a homogeneous group (Chantler, 1996; Denning, 1998; Post, 1996; Sterling 1992) The psychological and criminological studies to date have been hampered by other factors as well. Many studies relied on the subject s own classification as a hacker with no corroborating evidence (i.e. arrest record) Other studies were conducted via the Internet, ....

....are guns for hire (Post, 1996) They specialize in corporate espionage, are usually extremely well trained, and have access to state of the art equipment. It has been theorized that the professional category has expanded since the dissolution of several of the eastern block intelligence agencies (Denning, 1998; Post et al. 1998; Parker, 1998; Post, 1996) The majority of research and media attention has been focused on cyber punks. There has been little or no research on the other categories (Rogers, 1999) Psychological Profiles Despite the attention being focused on criminal hackers today, we still ....

[Article contains additional citation context not shown here]

Denning, D. (1998). Information Warfare and Security.

No context found.

Denning, Dorothy E. Information Warfare and Security. ACM Press, New York, 1999.

No context found.

Denning, D.E.: Information Warfare and Security. Addison Wesley, (1998).

No context found.

D.E. Denning. Information Warfare and Security. Addison Wesley, 1998.

No context found.

Dorothy E. Denning. Information warfare and security. Addison-Wesley, 1999.

No context found.

Denning DE. Information Warfare and Security. Reading, MA: Addison-Wesley Longman, 1999, pp 131--161.

No context found.

Denning, D. (1998) Information Warfare and Security, Addison-Wesley.

No context found.

Dorothy Denning. Information Warfare and Security. AddisonWesley, 1999.

No context found.

D. E. Denning. Information warfare and security. AddisonWesley, 1999.

No context found.

Denning, Dorothy E., Information Warfare and Security, Addison Wesley Longman, Inc., 1999.

No context found.

D. Denning, Information Warfare and Security. Addison Wesley, 1999.

No context found.

Denning, D. (1999) Information Warfare and Security. Addison-Wesley, New York.

No context found.

Denning, Dorothy E. Information Warfare and Security, Reading, MA, Addison Wesley, 1999.

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC