Keywords: Snort, IDS, Intrusion Detection System, Intrusion. ABSTRACT Software and hardware components are parts of almost every Intrusion Detection System (IDS) which is able to monitor computer networks for any possible security incidents. Using Internet resources all over the world has been becoming as one of the most popular task among all people and this usage and connection to Internet creates security risk for many different network attacks. Since these attacks and threats can strongly affects network security. IDS has become one of the most useful network security system which helps users to protect their valuable resource and their, integrity and availability of information located in the protected part of any organization’s computer network. Therefore, IDS system has a very significant role protect users, companies or any institutions to detect cases. IDS can be designed as signature-based or anomaly-based detection system. Signature-based system is only eligible to detects attacks which are already known and anomaly-based systems are eligible to detect unknown attacks which give them functionality to be proactive i.e. to resolve attack before it harm specific protected system.

With the rapid increase in use of WLAN technology it is important to provide a secure communication over wireless network. This paper focuses on current security issues in Wi-Fi networks, and gives overview of already available set of security controls which can help organizations to secure their wireless LANs. The goal of this paper is to summarize existing means of securing Wi-Fi networks and to analyze the possible solutions for the Wi- Fi networks. Furthermore, the paper explains how the security mechanisms work and provide security in order to have best communication. Keywords: wlan, wi-fi, wireless, security, network, wi-fi security, wps

Recent history showed that world needs more mobility, smaller mobile devices, and if possible mobile devices which have multiple sensors. Wireless ad-hoc sensor network technology in 1997 by K. Pister called Smart Dust is on implementation of mobile ad hoc network (MANET) and wireless sensor network (WSN) which might be a solution for future applications. Smart Dust is a network which contains tiny sensor nodes called motes which are able to, use sensors to collects data, to communicate with each other and transfer collected data. While Smart Dust components have relatively high price (WSN classroom Kit starts at 6000 $) commercially available, they are still not in wide usage as education assets at universities because of their price, and due to technology changes. In this paper are presented simulated operation performances of three wireless ad-hoc routing protocols: AODV, DSDV, and OLSR (using NS-3 simulator) which can be used for Smart Dust applications. We used previous research results to recreate similar results of simulated AODV, DSDV, and OLSR and we their Key Performance Indicators (KPI) them with Aris MashZone. Aris MashZone allows easy KPI interpretation and represents them in Dash board as soon as data become available by quick filter adjustments.

Information security is topic of everyday interest, with mainstream media reports revealing information security incidents in many different areas. These reports demonstrate the importance to any organization of having an information security management system (ISMS). Foreseeing potential security risks is usually key to successful risk management. Available information security standards such as the ISO 27000 set of standards give a formal framework for successful information security management in any size of organisation or company. In this paper we draw on experience gained during a project leading to successful ISO 27001 certification at the Central Bank of Bosnia and Herzegovina in 2009. We review recent work on proactive damage prevention, and we propose methodology based on the GQM (Goal, Question, Metrics) paradigm for determining proactive steps for detection and resolution of different information security control violations. For creating proactive measurement metrics we use the well recognised standards ISO 27004:2009, and NIST 800-55. We present several examples of proactive metrics.

For the past few years in the face recognition research area are made very progressive improvements. This is because of the high level and versatile technologies in use nowadays, and high level of processors running on our machines and mobile phones. Available technologies provide mechanisms which use face recognition for security identification (user face) and authentication purposes. The aim of this paper is to present and propose client - server model and to compare it with the most recent client - server models for face recognition with a GPG infrastructure which uses security private key (symmetric encryption) with main purpose to securely transmit image (user face) over the network. Moreover in the face recognition algorithm is implemented Principle Component Analysis (PCA) algorithm for face recognition. Proposed system has been tested on the mobile phone with Android OS platform, using previous research experiences where system was initially developed for DROID emulator. The implementation of the PCA is done on the MATLAB side.

In last decade information security standards became well documented starting with ISO 27001:2005 which defines requirements for a organisation's Information Security Management System (ISMS). Other standards such as ISO 27004:2009, 27003, and 27005 are published later too. Organisational ISMS can be certifies for ISO 27001:2005 certificate and it adopts Plan-Do-Check-Act (PDCA) life cycle of constant system improvements. To be able to improve operations and information security ISO 27004:2009 standard has to be used to create useful Key Performance Indicators (KPI) in order to achieve constant improvements of the ISMS. During phase of maintenance every system needs infrastructure to collect data, analyse data and then to create KPI for constant improvements. In this paper is presented information security measurement infrastructure for KPI visualisation based on practical experience from production system in financial surrounding.

Telecom operators need business transformation towards the next generation model in order to achieve business process effectiveness. Enterprise architecture and production models have to be reviewed and optimised where possible. Service Oriented Architecture provides solution to the problem of deliverance of new and innovative services in rapid and flexible way. NGOSS provide specifications and guidelines which address business and technical concerns of operational and business support systems.

Everyday news reports reveal incidents and even largescale scandals in the business world related to improper information security handling. Despite available and existing relevant information security standards, incidents which could lead to real problems were not proactively prevented for numerous of reasons. One of the first and most important reasons was not implemented and observed relevant information security standards such as ISO 27001. This standard defines requirements for an organisation’s Information Security Management System (ISMS). Implementation of the ISMS is only the tip of the iceberg in managing information security since all system parts have to be well monitored and adjusted to prevent or minimize security risks. This process of monitoring and upgrading takes most of the resources dedicated to every ISMS. Standard such as ISO 27004:2009 which defines what has to be monitored also belongs to ISO 2700 series of standards. The ISO 27004:2009 standard does not define how measurement has to be done by using a specific kind of architecture and infrastructure for the Key Performance Indicator (KPI) measurement and monitoring. In this paper is presented holistic approach for implementing architecture and infrastructure to collect, analyse, and present information security KPIs, in order to achieve constant improvements of the ISMS. The same approach could be used for other business activities as well in central banks or other organisations.

Devices and appliances such as transformers, mobile phones and GSM antennas, or electro motors, produce, electromagnetic fields (EMF) around them during their operation. According to an International Commission on Non-Ionizing Radiation Protection (ICNIRP) levels above 2000 milligauss (mG) or 200 microtesla (μT) for occupants in general premises are considered as dangerous for human health. While this is international standard, national standards have different acceptable value levels of EMF strengths around devices and antennas. Scientists from 1979 are still trying to prove connection between serious health risk and EMF. As a step to make more clear this area of research in this paper is presented new application model for monitoring dynamic changes of EMF strength levels. This became more important after European Council and World Health Organization (WHO) in the May of 2011 changed their policies related to EMF and health risk. In this paper the health risk of EMF is not proven, and that was not an intention. Our concerns are EMF strength levels around devices and appliances and more specifically GSM antennas, and how strength levels can be monitored and controlled dynamically because of new knowledge by which EMF is connected to health risk. This paper presents new application model for collecting data about EMF strengths levels around devices and antennas which radiate EMF in dynamic manner using smart dust technology.

Identifying and detecting security threats such as Trojans, resource starvation, and Denial of Service (DoS) attacks in their early stages are major challenges in delivering computer security because starvation of specific resource such as hard disk as an example does not necessary deny specific service on the network. As with any computer application, installation of a Trojan leaves a “footprint” on the systems resources such as MIB data base explained and referenced in this paper. Effects of resource starvation and DoS attacks can be resolved proactively by monitoring communication traffic. The detector must be able to recognize the symptoms against a background of a range of other (“safe”) activities, which also consume system resources. Therefore, we wished to explore the potential of an economical approach that explicitly takes into account resources used. We presented general phases of above described attacks which can be used for creating metrics to measure proactive capabilities of similar systems for intrusion detection / prevention.

Smart Dust network is composed of tiny sensor nodes called motes. Motes can collect data using sensors and communicate with other motes using wireless connections to transfer data to a data collection point. Motes for Smart Dust are commercially available, but they are still not in wide usage as education assets at universities because of their price and available applications. Simulation applications for Smart Dust environment will contribute in further development for future Smart Dust applications. This paper presents initial simulation application which can be used and upgraded to simulate Smart Dust operations. One of goals of this research was to simulate communication capabilities for Sleep-Awake Probabilistic Forwarding Protocol (SW-PFR) which is communication protocol used in Smart Dust environments. This communication protocol is designed to resolve power usage issues what is interesting area in other computer communication environments. In this paper we do not claim that we developed fully operational simulation application, instead we developed component which can be used for further development of simulation tool. In order to make new improvements in this area there has to be available technology to work with it, and simulation environments such as software components presented in this paper will give knowledge contribution.

Every new computer or other electronic and electric device is delivered with technical documentation. This documentation in most cases do not have precise data about Electro Magnetic Field (EMF) strengths which specific device emits during operation. Information about EMF levels should be included in documentation because inappropriate equipment orientation could create “hot spots” (points in which EMF exceeds acceptable values reported by different research reports) with higher levels of EMF than generally expected as healthy, this is especially important because specific environments are already saturated with other EMF sources such as GSM antennas. For the purpose to present what technical documentation should contain experiment were conducted. In this paper the health risk of EMF is not proven, but measurements presented show the potential of creating hotspots in home and office surroundings where occupants can be exposed to EMF for several hours.

Identifying and detecting Trojans (malicious software installed and run on a host, without the acquiescence of the host's owner) is a major element in delivering computer security. As with any computer application, installation of a Trojan leaves a “footprint” on the systems resources. However, detection is non-trivial: the detector must be able to recognize the symptoms against a background of a range of other (“safe”) activities, which also consume system resources. Furthermore, such detection activity should be at least resource neutral (in other words, the resources consumed by the detection process should not be more than the resources saved in detection). Therefore, we wished to explore the potential of an economical approach that explicitly takes into account resources used. In order to achieve our aim, we explore the possibility of making use of the existing widely deployed Management Information database (the MIB) as the basis for detecting attempts to install Trojan software on networked systems. We identify the characteristics of typical attacks in respect of the impact they have on particular MIB objects, and propose a decision-tree based algorithm which can detect Trojan activity. We identify the likely effectiveness of this system, with particular reference to the need for such information to be gathered in a timely manner.

Resource starvation Denial of Service (DoS) attacks cause the attacked services to be denied to legitimate users. This paper introduces an approach to proactively detect such a DoS attack in its early development stages and therefore avoid damage. Our approach uses the set of data in the Management Information Base (MIB) retrieved by the Simple Network Management Protocol (SNMP). MIB traffic data (such as origin/destination; TCP connection state) and process table content (memory/CPU utilisation by specific processes) are used to construct performance profiles over long and short time scales. We define appropriate indicators and identifiable steps (check points) where resource starvation DoS attacks are recognised and stopped before they affect a system. By detecting in the early development stages, it is possible to avoid service interruption, system availability problems and other related effects, such as system and bandwidth performance degradation caused by legitimate operations.