Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 17 of 17
Full-Text Articles in Entire DC Network
Managing Information Security Complexity, Murray Brand
Managing Information Security Complexity, Murray Brand
Australian Information Security Management Conference
This paper examines using a requirements management tool as a common thread to managing the complexity of information security systems. Requirements management provides a mechanism to trace requirements through to design, implementation, operating, monitoring, reviewing, testing, and reporting by creating links to associated, critical artefacts. This is instrumental in managing complex and dynamic systems where change can impact other subsystems and associated documentation. It helps to identify the affected artefacts through many layers. Benefits to this approach would include better project planning and management, improved risk management, superior change management, ease of reuse, enhanced quality control and more effective acceptance …
Risks And Responsibilities In Establishing A Wireless Network For An Educational Institution, Leigh Knights, Matt Fonceca, Georgina Mack, Andrew Woodward
Risks And Responsibilities In Establishing A Wireless Network For An Educational Institution, Leigh Knights, Matt Fonceca, Georgina Mack, Andrew Woodward
Australian Information Security Management Conference
A wireless network solution is generally implemented when the bounds of walls of buildings and the constraints of wires need to be broken. Wireless technologies provide the potential for freedom of mobility which is undoubtedly a convenience for organisations in today’s market. The security of a wireless network is crucial for data integrity, especially when the data is not secured by the insulation of wires. While data is being transferred across a wireless network, it is vulnerable. There is no room for error, neglect or ignorance from an organisation, as a breech of data integrity can be devastating for both …
An Assessment Of Threats Of The Physical And Mac Address Layers In Wimax/802.16, Krishnun Sansurooah
An Assessment Of Threats Of The Physical And Mac Address Layers In Wimax/802.16, Krishnun Sansurooah
Australian Information Security Management Conference
This paper investigates the risks and vulnerabilities associated to the security of the WiMAX/802.16 broadband wireless technology. One of the other aspects of this document will be to review all the associated weaknesses to the Medium Access Control (MAC) layer and at the physical (PHY) layer. The risks and impacts are assessed according to a systematic approach. The approach or methodology is used is according to the European Telecommunication Standards Institute (ETSI). These threats are enumerated and classified accordingly to their risk levels.
The Reality Of Risks From Consented Use Of Usb Devices, Marwan Al-Zarouni
The Reality Of Risks From Consented Use Of Usb Devices, Marwan Al-Zarouni
Australian Information Security Management Conference
Physical security is considered an integral part of information systems security. The idea that small devices pose a security threat for enterprises is well established. On the other hand, consented and supervised access to USB ports via USB flash drives is sometimes allowed. This paper will highlight the risk associated with this kind of access by devices such as IPods and USB flash drives. It will show a proof of concept USB device that runs automatically once connected to a personal computer and copies files and folders from the victim's computer to its storage and executes potentially harmful code on …
Security Issues Of Ieee 802.16 (Wimax), Jamshed Hasan
Security Issues Of Ieee 802.16 (Wimax), Jamshed Hasan
Australian Information Security Management Conference
Worldwide Interoperability for Microwave Access (WiMAX) is going to be an emerging wireless technology for the future. With the increasing popularity of Broadband internet, wireless networking market is thriving. Wireless network is not fully secure due to rapid release of new technologies, market competition and lack of physical infrastructure. In the IEEE 802.11 technology, security was added later. Iin IEEE 802.16, security has been considered as the main issue during the design of the protocol. However, security mechanism of the IEEE 802.16 (WiMAX) still remains a question. WiMAX is relatively a new technology; not deployed widely to justify the evidence …
Telemedicine And The Digital Door Doctor, Darren Webb, Patricia A. Williams
Telemedicine And The Digital Door Doctor, Darren Webb, Patricia A. Williams
Australian Information Security Management Conference
Telemedicine is changing the way medicine can be practiced, and how medical knowledge is communicated, learnt and researched in today’s technologically oriented society. The adoption of internet based communication has significantly expanded the patients’ ability to access a multitude of world class medical information. Research has shown that patients would welcome the ability to consult a doctor using the same computing tools they use to communicate with family, friends and work colleagues. This paper discusses the use of telemedicine today and how it could be used to access medical services from home. Further, it investigates the incentives and barriers to …
Taxonomy Of Computer Forensics Methodologies And Procedures For Digital Evidence Seizure, Krishnun Sansurooah
Taxonomy Of Computer Forensics Methodologies And Procedures For Digital Evidence Seizure, Krishnun Sansurooah
Australian Digital Forensics Conference
The increase risk and incidence of computer misuse has raised awareness in public and private sectors of the need to develop defensive and offensives responses. Such increase in incidence of criminal, illegal and inappropriate computer behavior has resulted in organizations forming specialist teams to investigate these behaviors. There is now widespread recognition of the importance of specialised forensic computing investigation teams that are able to operate. Forensics analysis is the process of accurately documenting and interpreting information more precisely digital evidence for the presentation to an authoritative group and in most cases that group would be a court of law. …
Enterprise Computer Forensics: A Defensive And Offensive Strategy To Fight Computer Crime, Fahmid Imtiaz
Enterprise Computer Forensics: A Defensive And Offensive Strategy To Fight Computer Crime, Fahmid Imtiaz
Australian Digital Forensics Conference
As days pass and the cyber space grows, so does the number of computer crimes. The need for enterprise computer forensic capability is going to become a vital decision for the CEO’s of large or even medium sized corporations for information security and integrity over the next couple of years. Now days, most of the companies don’t have in house computer/digital forensic team to handle a specific incident or a corporate misconduct, but having digital forensic capability is very important and forensic auditing is very crucial even for small to medium sized organizations. Most of the corporations and organizations are …
Mobile Handset Forensic Evidence: A Challenge For Law Enforcement, Marwan Al-Zarouni
Mobile Handset Forensic Evidence: A Challenge For Law Enforcement, Marwan Al-Zarouni
Australian Digital Forensics Conference
Mobile phone proliferation in our societies is on the increase. Advances in semiconductor technologies related to mobile phones and the increase of computing power of mobile phones led to an increase of functionality of mobile phones while keeping the size of such devices small enough to fit in a pocket. This led mobile phones to become portable data carriers. This in turn increased the potential for data stored on mobile phone handsets to be used as evidence in civil or criminal cases. This paper examines the nature of some of the newer pieces of information that can become potential evidence …
An Information Operation Model And Classification Scheme, D T. Shaw, S Cikara
An Information Operation Model And Classification Scheme, D T. Shaw, S Cikara
Australian Information Warfare and Security Conference
Information systems are used in overt and covert conflict and information operations target an opponent’s ability to manage information in support of operations for political, commercial and military advantage. System level attacks are complicated by logistic problems that require resources, command and control. Node level attacks are practical but of limited value. Collocated equipment comprises a temporary node that may be feasibly attacked. Estimation of IW operation merits may founder on the difficulty of predicting the net benefit for the costs. Starting from with Shannon’s model, a simple costbenefit model is discussed. Existing models are extended by an IW attack …
Mediated Identification, D T. Shaw
Mediated Identification, D T. Shaw
Australian Information Warfare and Security Conference
Identity and identification are linked by variable meanings and applications and are essential in many remote transactions. Identification relying on mediation or third party intervention may be modified or withdrawn at will. Creating or reestablishing identity may require time and resources including artefacts such as the identity card usually sourced from a third party. The characteristics of the identification process and artefacts are discussed and the requirements of usermediated identification artefacts are explored. The implicit link between user identity and artefact identity may be broken under certain circumstances.
Security Risk Assessment: Group Approach To A Consensual Outcome, Ben Beard, David J. Brooks
Security Risk Assessment: Group Approach To A Consensual Outcome, Ben Beard, David J. Brooks
Australian Information Warfare and Security Conference
AS/NZS4360:2004 suggests that the risk assessment process should not be conducted or information gathered in isolation. This insular method of data collection may lead to inaccurate risk assessment, as stakeholders with vested interests may emphasise their own risks or game the risk assessment process. The study demonstrated how a consensual risk assessment approach may result in a more acceptable risk assessment outcome when compared to individual assessments. The participants were senior managers at a West Australian motel located on the West Coast Highway, Scarborough. The motel consists of four three storey blocks of units, resulting in a total of 75 …
Honeypots: How Do You Know When You Are Inside One?, Simon Innes, Craig Valli
Honeypots: How Do You Know When You Are Inside One?, Simon Innes, Craig Valli
Australian Digital Forensics Conference
This paper will discuss honeypots and their use and effectiveness as a security measure in an IT environment. It will specifically discuss various methods of honeypot implementations. Furthermore, this paper will look into the weaknesses within a honeypot system. This will include attacks against honeypots and methods a hacker may use to detect the presence of a honeypot or the fact that he/she is actually inside one. Finally this paper will discuss methods of further securing honeypots and ways the community is dealing with security flaws as they are identified
Structural Analysis Of The Log Files Of The Icq Client Version 2003b, Kim Morfitt
Structural Analysis Of The Log Files Of The Icq Client Version 2003b, Kim Morfitt
Australian Digital Forensics Conference
Instant messenger programs can generate log files of user interactions which are of interest to forensic investigators. Some of the log files are in formats that are difficult for investigators to extract useful and accurate information from. The official ICQ client is one such program. Users log files are stored in a binary format that is difficult to understand and often changes with different client versions. Previous research has been performed that documents the format of the log files, however this research only covers earlier versions of the client. This paper explores the 2003b version of the ICQ client. It …
A Forensic Log File Extraction Tool For Icq Instant Messaging Clients, Kim Morfitt, Craig Valli
A Forensic Log File Extraction Tool For Icq Instant Messaging Clients, Kim Morfitt, Craig Valli
Research outputs pre 2011
Instant messenger programs such as ICQ are often used by hackers and criminals for illicit purposes and consequently the log files from such programs are of interest in a forensic investigation. This paper outlines research that has resulted in the development of a tool for the extraction of ICQ log file entries. Detailed reconstruction of data from log files was achieved with a number of different ICQ software. There are several limitations with the current design including timestamp information not adjusted for the time zone, data could be altered, and conversations must be manually reconstructed. Future research will aim to …
Honeypots: How Do You Know When You Are Inside One?, Simon Innes, Craig Valli
Honeypots: How Do You Know When You Are Inside One?, Simon Innes, Craig Valli
Research outputs pre 2011
This paper will discuss honeypots and their use and effectiveness as a security measure in an IT environment. It will specifically discuss various methods of honeypot implementations. Furthermore, this paper will look into the weaknesses within a honeypot system. This will include attacks against honeypots and methods a hacker may use to detect the presence of a honeypot or the fact that he/she is actually inside one. Finally this paper will discuss methods of further securing honeypots and ways the community is dealing with security flaws as they are identified
Leading Hackers Down The Garden Path, Suen Yek
Leading Hackers Down The Garden Path, Suen Yek
Research outputs pre 2011
Can a hacker be controlled by predetermined deception? Limiting the decision making capabilities of hackers is one technique of network countermeasure that a honeynet enables. By furnishing a honeynet with a realistic range of services but restricted vulnerabilities, a hacker may be forced to direct their attacks to the only available exploits. This research discusses the deployment of a honeynet configured with a deceptive TELNET and TFTP exploit. Four hackers were invited to attack the honeynet and the analysis of their compromise identified if they engaged in a guided pathway to the intended deception. Hand trace analysis was performed on …