Please use this identifier to cite or link to this item: http://hdl.handle.net/123456789/985
Title: Enhanced Pro active and Management Services for Computer Emergency Response Teams (CERTs)
Authors: Sari Sultan 
Supervisor: Prof. Ayad Salman
Degree Awarded: Computer Engineering Master
Keywords: Enhanced Proactive;Computer Emergency;Response Teams
Issue Date: 2019
Publisher:  Kuwait university - college of graduate studies
Abstract: Computer Emergency Response Teams (CERTs) services are categorized as proactive, reactive, and management services. The goal of this thesis is to enhance a subset of CERTs’ proactive and management services. (i) The first service is vulnerability scanning, which belongs to the proactive domain. Traditional scanning methods are time-consuming, inaccurate, and negatively affect network performance. To ameliorate the aforementioned, we present push-based vulnerability scanner (PBVS), which is time-efficient, simple, accurate, and safe. We compared PBVS scanner with renown scanners such as Nessus and Nexpose. Compared to Nessus, PBVS reduced scanning time by an average of 83% for the worst-case scenario and 99.75% for the best-case scenario. Compared to Nexpose, PBVS reduced scanning time by an average of 30% for the worst-case scenario and 98.96% for the best-case scenario. In this context, the worst-case refers to scanning a service for the first time, and best-case scenario means scanning a service that has been scanned previously. (ii) The second contribution of this thesis focuses on enhancing CERT’s training and educational services. We propose forensic course toolkit (FCT), which is a novel educational tool designed for file systems digital forensics. To the best of our knowledge, FCT is the first educational toolkit for file systems digital forensics. Additionally, current exam creation methods are lengthy and produce static exams that are tightly coupled to a specific forensic disk image. Changing that image will render the exam useless in most cases. Hence, we implemented a secure and dynamic examination system in FCT. It allows generating exams automatically based on a predefined template that adapts questions/answers based on live forensic images. Our results showed that FCT reduced the teaching time by an average of 42%. FCTs examination server can serve securely an average of 334 exam requests and 420 exams submissions per second in a realistic examination setup. The proposed enhancements herein (i.e., PBVS and FCT) should enhance and facilitate CERTs’ services.
URI: http://hdl.handle.net/123456789/985
Appears in Programs:0612 Computer Engineering

Files in This Item:
File Description SizeFormat 
SariSultan 216129673 FullThesis.pdf2,25 MBAdobe PDFView/Open    Request a copy
Show full item record

Page view(s)

44
Last Week
1
Last month
5
checked on Sep 26, 2020

Download(s) 50

30
checked on Sep 26, 2020

Google ScholarTM

Check


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.