Mcafee foundstone fs 805

Sucursales La estructura organizacional de Makro Computo S. Sucursal Cali Av. Sucursal Barranquilla Carrera 43 No. Segundo Semestre Jaime Quiroga Gerente de Mercadeo.

Makro Computo S. Respaldo carga completa: 2. Respaldo carga completa: 5. Respaldo carga completa: 6. Respaldo carga completa: 8. Respaldo carga completa: 5 min. Respaldo carga completa: Respaldo carga completa: 4. Maribel Arismendy P. E-mail: st01 hotmail. Precios sujetos a cambios sin previo aviso.

ARCserve Windows r Onda PWM. Panel LCD. Respaldo entre 18 y 20 minutos a media carga y entre 8 y 12 minutos a full carga. Factor de potencia: 0. Onda SENO. Respaldo entre 14 y 20 minutos a media carga y entre 5 y 8 minutos a full carga. Respaldo de 15 minutos a media carga y de 5 minutos a full carga. Vamos hasta KVA bajo solicitud. Carolina Triana Ext. Los bundles aplican par a las familias y Carro Angosto.

Carro Ancho. Pantalla a color 2. Pantalla a color C11CA 2. RJ45 Wireless Opcional. Wireless Opcional. Wireless Incluido. No Incluye Lente. Formato: A4. Unidad Transparencias 35mm. App connects to server using https connection which is self signed certificate as it is test site. I checked application log and it connects fine when no ssl proxy is set up. When i keep ssl proxy setting then i get something like "IO no peer certificate error".

Can see encrypted request and response in charles proxy. FYI, working on emulator google api 17, 4. Thoughts: 1. Working on an emulator is going to be very different. I only test on actual rooted phones usually Cyanogenmod roms as I can easily setup proxydroid and route traffic. If you want to use an emulator look into setting up a rooted emulator build of cyanogenmod.

I know one FS con has it setup and working he said there are some quirks but he was able to test. Only use burp 1. Although an app I just tested still had errors with burp, I just used charles instead 3. You can try adding the self signed cert to android as well you will not see this in the trusted list. This is more likely the problem as there is no trust chain involved. When I ran through proxy issues like this it turned into trial and error. International Journal of Computer Applications 4 7 , 30—35 Thair, K.

Chiang, C. Wei, W. It has been greatly acknowledged the emergence of the wireless sensor network WSN in many applications such as military, environmental and health applications. The use of asymmetric keys is nowadays feasible due to advances in WSN hardware. In this paper, Chord A scalable peer to peer lookup service is used for storing and looking up public keys in a clustered mobile agent WSN to protect sensor nodes from malicious agents.

Cluster heads act as a distributed key storage and lookup facility forming a ring overlay net- work. A wireless sensor network is an infrastructure less ad hoc network consisting of distributed small sized, low cost and power constrained sensor nodes named motes.

The con- straints associated with WSN lead to complexity in dealing with such network. A multitude of middleware approaches have been proposed to overcome some of these complexities by providing some features that can improve the performance of WSNs [1]. Examples of such middlewares are distributed database, message oriented, application driven, virtual machine and mobile agent MA middle- ware architectures [2]. Through the use of mobile agents, the sensor network A.

Amer, A. Abdel-Hamid, and M. El-Nasr can implement tasks as modules of the application helping consume less power, support multipurpose WSN and update network dynamics [1]. A Mobile agent is a computer program or software that migrate from a node to execute on another node on behalf of its dispatcher.

Reliance on mobile agents is a promising approach that increases the utility of WSN due to the following: 1 the network overhead is decreased by moving the computation to the data not vice versa; 2 the network latency is lessened by using smart mobile agents that respond quickly to the changing environment in real time applications; 3 robustness and fault tolerance are increased by providing programmer control over self healing during node failure; 4 adaptation to user requirements, since new agents can be added with the required functionality [3].

Hence, security is an important concern when it comes to mobile agents migrating from a node to another in a WSN, where mobile agents may attack each other or the host itself and vice versa.

However, authenticating these mobile agents requires requesting keys in every migration of the agent. Therefore, this paper addresses such concern by employing an overlay network, where cluster heads CHs join a ring to store and lookup security keys using Chord algorithm [7].

Cluster heads joining this network are chosen as the nodes with the highest residual energy to maintain keys in a distributed hash table DHT with Chord- based load balancing.

Hence, CHs act as a distributed key storage and look up facility. The contributions of this paper can be summarized as follows.

Second, only cluster heads are in charge of implementing Chord to look up keys on behalf of their members to help conserve their resources, where all nodes pub- lic keys are stored at the cluster heads according to Chord distribution. Third, keys are stored in DHT signed by the base station to assure their authenticity and integrity. Finally, cluster heads act as a distributed key storage and lookup facility for their cluster members to eliminate the overhead of communicating with a single centralized node or base station, acting as a single point of failure.

Section 2 highlights background and related work. Section 3 describes the proposed Chord-enabled key storage and lookup scheme. Section 4 illustrates performance evaluation results. Finally, the conclusion and the projected future work is covered in section 5. Section 2. Mobile agents are computer programs or software that process data during their migration from node to another to perform some tasks on behalf of their dispatcher [9].

They are composed of three components: 1 code: program or software that is dispatched to perform a certain task on behalf of the dispatcher; 2 state: execution state of the running program; 3 data: data gathered as a result of the agent execution on the nodes. Agent migration is done through cloning or moving [10], it moves by carrying its state, data and code and resumes executing on the new node and no longer exist on the original node.

Agent clones by copying its state, data and code to another node and resumes executing on both nodes. Mobile agents systems have added more capabilities to WSN by employing mobile agents that facilitates application re-tasking, local and information processing [9].

Baumann et al. El-Nasr before in securing mobile agents and their host but not over WSN as seen in [13][14] i. There are many DHT based protocols e. Chord has also been used before for key establishment as seen in CBKE [19], to establish secret session keys between communicating nodes.

But, symmetric keys provide less services than public keys. Related work shows that Chord protocol proved to be appropriate over WSN and its limited constraints and resources.

The idea of protecting the agent from the environment where it is executing is relatively a complex one, since the host has total control over the agent residing on it [14]. In this work, the problem of protecting the agent host against the malicious agent is addressed. Where the agent movement represents a threat on the host, since host and mobile code bear separate id entities.

Since, the mobile agent is exposed through the network. Thus, the host must verify the integrity of the agent it just received [13]. Consequently, this work aims at ensuring the authenticity and integrity of the mobile agents. System and Node View Figure 1a depicts the whole system view as a set of layers where the application layer contains a number of mobile agents dispatched by the BS to visit a number of nodes according to the task given.

The application layer interacts with a logical layer Chord layer in terms of two messages to put a certain key putkey or get a key getkey and the Chord layer responds by takekey message. CHs only join this Chord layer and from Chord viewpoint, two nodes maybe viewed as neighbour nodes, while at the physical layer there are multiple hops in between them. El-Nasr 2. Only cluster heads are responsible for implementing the Chord keys lookup on behalf of other nodes their cluster members since they have a higher residual energy in order not to consume all nodes power and resources.

The node model, shown in Figure 1b, is designed to give a detailed view of the node, where each node can support multiple agents. In addition, it performs two main tasks: security management task and key lookup task. The security management task is handled at normal nodes as a mobiles agent migrate from a node to another.

Where keys are preassigned to each MAP at each node with Chord distribution algorithm. The WSN is clustered 2. Mobile agents are created, dispatched and signed only by the base station. The MAPs at all normal nodes and cluster heads are preloaded with their key pair private and public keys and base station public key at the initialization phase.

Chord algorithm does not include caching keys at sensor nodes. The code signing technique uses digital signature and one-way hash function [14], therefore it does not reveal much about what the code can do and guarantees that the code is safe to use.

In phase 1, the MAP at the base station signs the code after setting its itinerary and dispatches it to the target node. On the other hand, if a cluster head is voluntarily leaving the ring, it will transfer all the keys it is storing to its immediate successor. Findsucc message: between CHs to get the successor of a certain key based on Chord protocol for key lookup.

Reqkey message: between a node and its cluster head, to request the key of a certain node. Getkey message: between CHs to get a key from the hash table. Case 1 : This case is a 2 message cost Reqkey and its reply, where the receiving node discovers that its own cluster head stores in its DHT the public key of the sending node 2. According to the three cases, equation 2 shows a general case for calculating the total number of control messages and their replies in the system M.

El-Nasr its limited resources. More- over, CBKE have also worked on using Chord algorithm for storing symmetric keys and establishing session keys. But, public keys provide more security ser- vices than symmetric keys, for example low storage, low communication cost and scalability. More- over, all lookups are resolved in O logN , so communication cost is decreased. Section 4. Performance evaluation will be based on the following experiments: Section 4.

Finally, section 4. Nodes 0, 8, 16, 24 are selected as the cluster heads, since they have the highest residual energy in their cluster. Each cluster head stores a number of keys according to its ID. At each key storage in the DHT, the base station communicates with an arbitrary cluster head to lookup for the successor holder of that key it needs to store according to Chord pre- distribution. El-Nasr message to cluster head 8 and waits for the reply, thus four control messages are invoked.

Case 3 here is emphasized by six control messages since the max of Findsucc message is 1 in addition to the reply. However, the agents itinerary shows inter and intra-cluster moves. Thus, simulation results seen in Figure 5 are validated with the output obtained from equation 2.

Experiments were conducted for 10 times to get their average, on a processor Intel Core 2 Duo 2. The resulting execution time shows an acceptable overhead concerning cryptographic operations. Table 1. Execution time of cryptographic operation in sec Operation Average time Signing data at node A 0.

Scenario 1 : Sending an agent from node to another without cryptographic operations done at sender or receiver base scenario. In order to verify the results obtained from this experiment. For each operation an estimate run time is assumed. Finally, the estimate run time per itinerary is also calculated.

Table 3 shows percentage ratios, where ratios obtained in Scenario2 are in references to values obtained in Scenario1. In scenario3, RS3 ,I1 represents the minimum overhead, since the key lookup process resulted in 1 control message, RS3 ,I3 represents the maximum overhead in case of adding the key lookup process since I3 is the itinerary where each itinerary step results in 3 control messages.

Finally, RS3 ,I4 is an intermediate percentage between the four itineraries since it includes the 3 cases mentioned in section 3. In conclusion, the overhead of adding Chord lookup in the 4 itineraries is low in comparison to the overhead obtained from cryptographic operations, which is still acceptable overhead in order to obtain the security needed.

In future, we plan to compare key lookup using Chord with lookup keys from centralised node BS. Future work also includes highlighting in details the operation of the proposed scheme in case of cluster heads joining, leaving and failure. El-Nasr References 1. Henricksen, K. Tong, S.

Chen, M. Journal of Computers 1 1 , 14—21 4. Qi, H. Daniel, T. Fok, C. Stoica, I. Mpitziopoulos, A. In: Auto- nomic Computing and Networking, pp. IEEE Trans. Baumann, J. In: Rothermel, K. MA Vijil, E. Sharma, S. Borselius, N. Wander, A. Baqer, M. In: Enokido, T. EUC Workshops Yu, J. Ali, M. Zhang, F. Usman, M. ACM Trans. Potlapally, N. Jansma, N. Ametller, J. Ismail, L. Journal of Communications 3 2 Piotrowski, K. Meulenaer, G. Taylor, I. These advancements include multi- core processor chips, ultra large main memories and batteries that last for hours even when running modern applications such as file transfer, voice communica- tion and video streaming … etc.

In this paper, we shed the light on recent and future trends of hardware advancements for mobile devices, and their impact on MANET developments. In addition, the effect of such advancements is investi- gated on application and different research areas.

Keywords: Ad hoc Networks, batteries, processing power, mobile devices capabilities. MANETs do not depend on centralized infrastructure; their strength is in using mobile wireless devices. MANET devices communicate directly with each other when they are within the same communication range. Otherwise, they rely on their neighbors to route messages. Due to the open medium and wide distribution of devices, MANETs are vulnerable to a wide range of security threats. Therefore, developing lightweight proto- cols and security mechanisms were considered as a challenge.

The extensive use of mobile devices has phenomenally pushed the limits of hardware development in micro-processing devices. Exploring the usage of Graphics Processor Unit GPU as a general-purpose co-processor to accelerate compute- intensive applications has been an active research subject in the past few years [1].

This can be noticeably seen at non-professional end users in playing games, capturing and editing videos scenes, or even more in watching HD or 3D videos. On top of that, large enterprises are working very hard to provide ubiquity solutions to their industry professionals to be at their fingertips.

This is to cope with the rapidly growing market A. We can ob- viously see this now in common solutions that were implemented to let professionals interact with their emails, chat, or do minimal jobs with their business colleagues wherever they are. This helps mobile market to continuously expand. This has also encouraged mobile manufacturers to build mobile devices as general business computers; in order to replace the desktop or even small or medium scale servers.

The experimental investigations in [1] confirm that a mobile GPU, although designed primarily for low power rather than maximum performance, can provide significant performance speedup for vision tasks on a mobile platform.

This is similar to the role of its high performance counterparts in the desktop and server systems. In this paper, we focus on recent hardware advancements for mobile devices and their impact on applications and different research areas of MANETs. The remainder of this paper is organized as follows. Section 2 focuses on recent Advancement in hardware. Practical implementations of such hardware advancements and their impacts on MANETs research are presented in section 3 and section 4 respectively.

Finally, in section 5, we conclude this paper. In section A and B, the processing and batteries advancements are presented respectively.

The re- sults of our comparison from [2] are summarized in Table 1. One released in year and the most recent one that released in This is apart from other noticeable advancements in other components such as screen, memory, GPS, batteries … etc.

The magazine also mentions that faster bit processor will appear in servers, high-end smartphones and tablets. Hence, we can anticipate remarkable turn over in micro-processing advancements. ElBanna et al. Figure 1 [2] shows a comparison between three market leaders in manufacturing mobile phones. It shows batteries advancements have growing exponentially for last few years.

However, in light of the recent developments, we believe that batteries capabilities are adequate to implement some practical applications based on The Smartphones now have evolved to encompass different type of applications and circuitry. A combination of these applications can function simultaneously very well for at least good four hours on Samsung Galaxy, Nexus, HTC, or iPhone for example.

If we consider a real life scenario of using ad hoc networking for collabora- tion between users in a class session or a business meeting, these four hours can be good enough. Four or five hour per day is again quite adequate considering that the average driving hours per day are four hours in a city like Cairo.

Illustrated the battery manufacturing advancement made over year in terms of capacity per different vendors [2] Most of the Smartphones nowadays support many types of wireless technologies, especially: 3G, WiFi and Bluetooth. We are focusing mainly on the power utilization over WiFi The standard has different versions, each with a different power utilization profile.

It is important to assess for how long, in terms of hours, would the devices be able to re- main functional? Table 2 [5] illustrates the different versions of the It provides the values for power, current, temperature, signal strength and CPU usage. In Table 3 [6], re- searchers used a Nokia N95 smartphone to measure the power utilization for different wireless communications technologies. Agilent is a hardware device that offers several features ideal for testing wireless and battery powered devices.

A node in ad hoc networks can bear the responsibility of sharing internet connections or acting as a gateway to another type of networks. The same paper covered these results. Figure 2 [6] illustrates the power utilization as measured from a mobile phone utilizing an individual communication technology or the equivalent summed up energy consumed for utilizing a combination of these technologies, e. Table 3. They demonstrated the device capabilities from the power point of view with respect to time or to the amount of data transferred.

Both aspects were proof that a node can handle a relatively high load suitable for practical implementations. In ad hoc networks: nodes would operate approximately four to five hours dealing with data transfer on WiFi. WiFi transferred 5. This section demonstrates the impact of this on real life MANET implementations and projects that benefit from modern mobile devices.

These events lead to disconnect people form current mobile infrastructure oriented approach. Another situation for implementing such a project is for population in nomadic and remote locations who are not served well. Mobile companies may not invest in infrastructure implementation, as it is not economically feasible. The system, which could operate in these circumstances, should be use free, not licensed — spectrum WiFi , operate on WiFi enabled cell phones as the only network hardware component , relay calls without a carrier, without telephone numbers alloca- tion from authority and is completely self-organizing.

As described in the project, the telephone numbers self- allocation and distribution form untrusted environment. All introduced approaches that proposed to overcome this issue depend on the person who uses the system not the system itself. We think that this is not enough especially in such abnormal situa- tions, we discussed before, in which this type of communication operates.

The voice application consists of an embedded open source PBX software suite Asterisk The System was tested in a three simulation cases: a Rescue mission, providing coverage to several square kilometers to be able to contact unreal lost person. For the third test, they provided mobile telephone service for the first time to a village in a matter of 20 minutes. In addition, they delivered an alternate landline service to re- mote administration building from the open space around the village.

All three use cases were simulated by a fly-in-fly-out team in less than eight hours. The mesh telephony function was tested without support from any infrastructure using several HTC Dream Android phones; this is shown in Table 4. Mobile phones can run for approximately hours on the mesh depending on how much they are used. This is considered as an appropriate time to access these types of networks. One of the teams [8] is working on gathering statistics about bat- tery life in different mobile phones.

Table 4. CoCo [10] is a US software company. They develop and deploy MANET solutions to provide reliable, secure, and scalable communica- tions solutions for mobile and fixed environments. Coast Guard, U.

Army and U. Navy, could be installed on a variety of mobile phones, Windows and Linux systems. It creates instant networks that do not depend on centralized infrastructure. Devices share their network connectivity with the rest of the network automatically.

Devices are protected by certificate based security, which secure network communications on the network level, not the application layer. This protects the network against man in the middle and other attacks. CoCo stack fits between existing OSI layer 2 and layer 3. It is divided into four layers: Routing, Circuit, Identity, and Addressing. They are presented in sections 1, 2, and 3 respectively. Nodes usually have limited power sources which deplete very quickly with time and need to be recharged.

Hence as seen in Table 1, the speci- fications of recent mobile devices, manufactured in , are very highly developed compared to their counterparts from five years in with the same manufacturers.

Accordingly, we can elaborate here that processing and batteries capabilities should no longer considered a big concern for efficient routing protocols. It is a position based routing protocol. This requires certain level of Quality of Service QoS. QoS is defined as a set of bounds such as latency, jitter, throughput, and packet loss to be maintained by the network for a particular data flow [13].

Utilizing the new hardware capabilities to enhance MANETs QoS will have positive impacts on many applications such as phone calls, the practical implementation shown in section 3.

As in [15], IDS architectures can be categorized into three: a standalone, b cooperative, and c hierarchical. Therefore, all previous researchers were very conservative in implement- ing IDSs. They did not want to overload nodes with IDS processing. On contrary in recent days, with these remarkable advancements in processing and batteries, we believe that those IDS solutions should be revisited to increase their efficiency and accuracy.

The hardware advancements opened the door also for Cryptography. These two algorithms are quite known with complex computation complexity.

Throughout this paper, we presented the tremendous advancements in mobile phones capabilities, such as processing power and batteries developments. We also considered specifications of modern mobile phones that belong to different mobile phone manu- facturers. Case studies have shown that batteries could last for six hours on average during real life applications. It is concluded that we should not be worried about node capabilities and power consumption when developing different solutions for MANET.

Further- more, it is noteworthy to revisit all previous solutions that have been implemented for mobile devices with low capabilities with their limited energy; as these limitations should not resemble a concern any longer. A special attention will be given to specially location based routing as almost all manufactured devices come out with GPS devices enabled. Kwang-Ting, C. Shah, A. Moore, G. Nguyen, V. Perrucci, G. Kalic, G.

Gardner-Stephen, P. Johnson, D. CoCo , C. Safdar, G. Macintosh, A. Crawley, E. Mishra, A. Panos, C. Shakshuki, E. Selby, A. Seys, S. Computer network worms are one of the most significant malware threats and have gained wide attention due to their increased virulence, speed and sophistication in successive Internet-wide outbreaks. In order to detect and defend against network worms, a safe and convenient environment is required to closely observe their infection and propagation behaviour.

The same facility can also be employed in testing candidate worm countermeasures. This paper presents the design, implementation and commissioning of a novel virtualized malware testing environment, based on virtualization technologies provided by VMware and open source software. The novelty of this environment is its scal- ability of running virtualised hosts, high fidelity, confinement, realistic traffic generation, and efficient log file creation.

This paper also presents the results of an experiment involving the launch of a Slammer-like worm on the testbed to show its propagation behaviour. Keywords: Worms, malware, Slammer, testbed, virtualization, VMware. The high rate of propagation of worms and their ability to self-replicate make them highly infectious.

A zero-day worm is a type of worm that uses a zero-day exploit; a publically un- known and un-patched vulnerability in network daemon software [1]. SQL Slammer is considered to be the fastest zero-day random scanning worm in history as it in- fected more than 75K hosts in less than 10 minutes [2]. The Stuxnet worm is a recent addition to this class of malware that spies on and subverts supervisory control and data acquisition SCADA systems and was the first network worm to include a pro- grammable logic controller PLC rootkit [3].

Whilst other experimental malware testbeds have been reported, further improve- ments in this area will allow greater effort to be exerted in the development of mal- ware defense techniques, such as worm countermeasures.

Physical network setup [4, 5, 6, 7], simulation [8, 9, 10, 11], emulation [12, 13, 14] and virtualization [15, 16, 17, 18, 19, 20, 21] are some of key techniques previously reported for creating such experimental testbeds.

The major challenges in implementing such a test environment are fidelity, scalability, confinement, realistic benign and malicious traffic generation, A. These diverse require- ments of network and security experimental research are not well met by any single existing testbed. Competing methods remain popular because each tries to cover some portion of these requirements. Hence there is a need to design, implement and eva- luate a novel virtual testing environment which incorporates increased granularity and instrumentation functionality.

With the aim of addressing these points, this paper presents the design, implemen- tation and commissioning of a novel virtualized malware testbed, which employs VMware virtualisation technology and a range of open source software. The novelty of this envi- ronment is its scalability, high fidelity, confinement, realistic traffic generation, and efficient log file creation.

The paper also presents the results of an experiment involv- ing the launch of a Slammer-like worm within VMT, to show the propagation beha- vior of the worm, and to validate the operation of the testbed.

The remainder of paper is presented as follows: Section 2 summarises the relevant previous work; Section 3 details the design, implementation and commissioning of VMT; Section 4 presents the experimental methodology and results of launching the Slammer-like pseudo-worm; and finally Section 5 concludes the paper with a discus- sion summarizing the findings and identifying any limitations, as well as summarising potential future work in this area.

Emulab [4] was a distributed physical network setup, implemented for conducting research experiments. It consists of physical nodes distributed between two US universities. Netbed [4] is a simulation environment im- plemented on Emulab that provides time and space sharing and employs ns-2 [11] for research and development. Shahzad, S. Woodhead, and P. Bakalis testbed, consisting of high end workstations and a control software. It uses high-performance VLAN-capable switches to dynamically create nearly arbitrary topologies among the nodes.

It was the first testbed to be remotely accessible through the public internet infrastructure. These simulators allow an arbitrary subject network configuration to be specified consisting of scan rate, topology and background traffic.

On the basis of defined input parameters, various types of outputs such as number of infected hosts in any given instance, sub-millisecond granularity of network event statistics or a global snapshot of the entire system are produced.

Ediger reported the development of the Network Worm Simulator NWS [9], which implements a finite sate machine concept to simu- late network worm behavior. Tidy et al [10] have reported a large scale network worm simulator aimed at the investigation of fast scanning network worms and can- didate countermeasures.

ModelNet [12] and PlanetLab [13] are two emulated testbeds, implemented for gener- al networking and distributed system experiments. In ModelNet, unmodified applica- tions run on edge nodes, configured to route all their packets through a scalable core dedicated server cluster, by emulating the characteristics of a special target topology. PlanetLab was developed for the purpose of creating world-wide distributed systems, and has a dual nature of being used by developers and clients.

Honeypots such as Honeyd [14] can also be classified as an emulation system as it has been used in many recent security systems for malware detection and capture. ReVirt [15] is an advanced VM- based forensic platform which enhances individual virtual machines with efficient logging and replay capabilities, by redirecting log files from the guest OS to the host OS, for intrusion analysis purposes, thereby making it possible for malware analysis researchers to replay the malware exploitation process in an intrusion by intrusion fashion.

ViSe [19] provides a virtualization platform where malware exploits can be tested against the entire range of x86 based operating sys- tems under controlled conditions, while being monitored by a NIDS. It provides a virtual environment to run any application written in Java, independent of the type of host operating system.

System behavior can be moni- tored in this environment by adding different Java plug-in extensions. Isolation of the test envi- ronment from the management network with remote access also seems to be a prob- lem. It is also noted that no previous reported work has produced infection and propa- gation analysis of any fast random scanning worm such as SQL Slammer in a real network with real world slammer exploitable conditions. Our goals of implementing VMT were experimental scalability, fidelity, repeatability, programmability, remote access and efficient log file creation.

Bakalis 3. It also uses Quagga [30] to provide a software routing suite. It consists of a server farm with five servers, a management server and Ethernet switches. One network interface card in each server farm machine is connected to a logically isolated management network along with the management server; thereby allowing access to all resources from one interface.

Multiple virtual topologies can be created within the server farm by using virtual local area networks VLANs and Quagga. Table 1 summarizes the hardware and operating systems which make up the VMT infrastructure. A Quagga A minimum rebuild and configuration time are key goals of any security testing environment. VMware vCenter Server provides PowerCLI [32]; a command line in- terface tool that allows administrators to create simple and robust scripts to automate the main tasks, including virtual machines cloning.

This daemon listens on UDP port and upon receiving a datagram with an appropriate authentication string included for safety reasons , it begins generating UDP datagrams addressed to port and to random IP addresses. The speed of datagram generation per second, and the pool from which the random destination IP addresses are chosen are configur- able parameters.

We have also implemented a logging server. These four subnets are connected through a cen- tral router by using RIP, configured on Quagga. Bakalis are implemented one for each subnet. DSL is installed with the pseudo-worm dae- mon on each of the susceptible virtualised hosts. Moore et al. They also observed that the Slammer worm exhibited an average scan rate of 4, datagrams per infected host per second. Each worm daemon was configured to scan within a single class A network In order to avoid overloading the server farm hardware in which case we would have been measuring the effect of the hardware restrictions, rather than the properties of the worm we scaled back the aver- age worm scanning rate by a factor of Therefore, based on an average scan rate reported by Moore et al of scans per second, we configured the Slammer-like network daemons to scan at 50 scans per seconds in our experiment.

This time is directly comparable with that reported in [2] for the real Slammer event of We have also plotted available data from [2] for the event, in Figure 3 empirical data is only available for the first 4 minutes of infection , and it can be seen that the VMT experimental results are again, broadly comparable. Experimental Results for Slammer-Like Worm Infection on VMT 5 Discussion The cyber-epidemiological analysis of zero-day internet worms remains a significant challenge and use of virtualized testbeds remains a viable tool for such research.

We have also demonstrated its feasibility for epidemiological experimentation for a Slammer—like pseudo-worm. Bakalis In comparison with other network and security testing environments, VMT pro- vides an effective, scalable, remotely manageable and isolated environment, which also incorporates efficient log creation. It is expected that VMT will be a useful expe- rimentation environment for epidemiological investigations of existing and hypotheti- cal zero-day worms, as well as the investigation and evaluation of candidate counter- measures.

The experimentation has also been limited to the scale of a single class A network circa 16M hosts. In terms of future work, we shall be exploring the use of VMT to explore the sto- chastic properties of worms, as well as its ability to investigate other types of network worm. We also expect to experiment with a range of candidate worm countermea- sures, and to explore the applicability of VMT for charactering the epidemiology of more sophisticated malware threats, such as Stuxnet.

Weaver, N. Moore, D. Langner, R. White, B. Benzel, T. Lippmann, R. Rossey, L. Perumalla, K. ACSA 9.