"... In PAGE 10: ... According to Table 5, with a 30% malicious packet percentage, about 2 or 3 security violations occur in a 1-year period for 50% firewall processor utilization and a non-firewall workload of up to 10%. Over a 1-year period, Table4 shows approximately 11 reported vulnerabilities for RedHat Linux. Table 5: Rates of Error-Caused Security Violations, Firewall Processor Utilization = 50% Non-firewall workload = 0% Non-firewall workload = 10% Malicious packet percentage 20% 30% 40% 20% 30% 40% Due to TSV 1.... In PAGE 10: ...82 2.76 The reported security vulnerabilities in Table4 and error-caused security violations in Table 5 are caused by different phenomena, the former by software bugs and the latter by transient errors in the system. Once a security- related software bug is discovered, all machines running on the same version of an operating system are susceptible to this bug until the corresponding patch is applied.... ..."

"... In PAGE 14: ... Therefore, public Internet vulnerabilities and failures could also affect intranets. Table1 provides a comparison of the public Internet and intranets. Table 1 Internet and Intranet Comparison... ..."

"... In PAGE 8: ...able 3-4. Wireless LAN Security Summary ........................................................................ 3-43 Table4 -1.... In PAGE 8: ...able 4-1. Key Characteristics of Bluetooth Technology ........................................................ 4-2 Table4 -2.... In PAGE 8: ...able 4-2. Device Classes of Power Management................................................................. 4-5 Table4 -3.... In PAGE 8: ...able 4-3. Summary of Authentication Parameters .............................................................. 4-11 Table4 -4.... In PAGE 8: ...able 4-4. Key Problems with Existing (Native) Bluetooth Security ....................................... 4-13 Table4 -5.... In PAGE 8: ...able 4-5. Bluetooth Security Checklist................................................................................ 4-21 Table4 -6.... In PAGE 64: ... Bluetooth is designed to operate in the unlicensed ISM (industrial, scientific, medical applications) band that is available in most parts of the world, with variation in some locations. The characteristics of Bluetooth are summarized in Table4 -1. Bluetooth-enabled devices will automatically locate each other, but making connections with other devices and forming networks requires user action.... In PAGE 65: ... This relationship also allows for a dynamic topology that may change during any given session: as a device moves toward or away from the master device in the network, the topology and therefore the relationships of the devices in the immediate network change. Table4 -1. Key Characteristics of Bluetooth Technology Characteristic Description Physical Layer Frequency Hopping Spread Spectrum (FHSS).... In PAGE 68: ...4-5 Table4 -2. Device Classes of Power Management Type Power Power Level Operating Range Class 1 Devices High 100 mW (20 dBm) Up to 100 meters (300 feet) Class 2 Devices Medium 2.... In PAGE 74: ... The parameters used in the authentication procedure are summarized in Table 4-3. Table4 -3. Summary of Authentication Parameters Parameter Length Secrecy Characteristic Device address 48 bits Public Random challenge 128 bits Public, unpredictable Authentication (SRES) response 32 bits Public Link key 128 bits Secret 4.... In PAGE 76: ... The Bluetooth security checklist addresses these vulnerabilities. Table4 -4. Key Problems with Existing (Native) Bluetooth Security Security Issue or Vulnerability Remarks 1 Strength of the challenge-response pseudo- random generator is not known.... In PAGE 83: ... 4.6 Bluetooth Security Checklist Table4 -5 provides a Bluetooth security checklist. The table presents guidelines and recommendations for creating and maintaining a secure Bluetooth wireless network.... In PAGE 84: ...4-21 Table4 -5. Bluetooth Security Checklist Checklist Security Recommendation Best Practice Should Consider Status Management Recommendations 1 Develop an agency security policy that addresses the use of wireless technology including Bluetooth technology.... In PAGE 86: ...4-23 Table4 -6. Bluetooth Security Summary Security Recommendation Security Need, Requirement, or Justification 1.... ..."

"... In PAGE 19: ...1.2 Vulnerability Scanner Test Case Comparison Table4 below summarizes the features claimed by each vulnerability scanner developer. It provides a useful comparison of the potential for the tested and untested tools to detect security issues in VoIP implementations.... ..."

"... In PAGE 18: ... According to Table 5, with a 30% malicious packet percentage, about 2 or 3 security violations occur in a 1-year period for 50% firewall processor utilization and a non-firewall workload of up to 10%. Over a 1-year period, Table4 shows approximately 7.4 reported vulnerabilities for RedHat Linux.... In PAGE 18: ...orkload of up to 10%. Over a 1-year period, Table 4 shows approximately 7.4 reported vulnerabilities for RedHat Linux. The reported security vulnerabilities in Table4 and error-caused security violations in Tables 5 and 6 are caused by different phenomena, the former by software bugs and the latter by transient errors in the Table 5 Rates of error-caused security violations, firewall processor utilization = 50% Rate of error-caused security violation (1 per year) Non-firewall workload = 0%a Non-firewall workload = 10%a 20% 30% 40% 20% 30% 40% Due to TSV 1.24 2.... ..."

"... In PAGE 20: ... According to Table 5, with a 30% malicious packet percentage, about 2 or 3 security violations occur in a 1-year period for 50% firewall processor utilization and a non-firewall workload of up to 10%. Over a 1-year period, Table4... In PAGE 21: ....22 1.29 2.14 3.16 The reported security vulnerabilities in Table4 and error-caused security violations in Table 5 and Table 6 are caused by different phenomena, the former by software bugs and the latter by transient errors in the system. Once a security-related software bug is discovered, all machines running on the same version of an operating system are susceptible to this bug until the corresponding patch is applied.... ..."

"... In PAGE 21: ... Threat Untested Tested BorderWare SIPassure SecureLogix VoIP Firewall TippingPoint UnityOne DoS Attacks X X X Eavesdropping X Call redirection X SPIT X X Spoofing X Malformed Message Attacks X X X RTP Session Hijacking X RTP Injection X Legacy network interaction vulnerabilities X 4.4 Mitigated Vulnerabilities Table6 below lists all of the vulnerabilities from section 2, and the tools from section 3 that claim to mitigate these risks. As can be seen, very few of the threats identified in this paper are addressed by any VoIP security tools available today.... ..."

"... In PAGE 2: ... Lack of security awareness can be found at all levels of the industry from developers of systems and software that control the power grid to the operators of the power control systems and the power engineers themselves [15]. Table1 shows a checklist of the known vulnerabilities documented in [13] that still exist and have been observed in recent assessment visitations conducted by the authors of this paper. It can be seen that all prior vulnerabilities still exist, and new ones, associated with emerging technologies and business needs, have come to bear.... ..."

"... In PAGE 15: ...Security evaluation In this section we present experimental results when using our memory allocator to protect applications with known vulnerabilities against existing exploits. Table4 contains the results of running several exploits against known vul- nerabilities when these programs were compiled using dlmalloc and dnmalloc respectively. When running the exploits against dlmalloc, we were able to exe- cute a code injection attack in all cases.... ..."