DOCSLIB.ORG

An Information Security Framework for Web Services in Enterprise Networks

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
An Information Security Framework for Web Services in Enterprise Networks AN INFORMATION SECURITY FRAMEWORK FOR WEB SERVICES IN ENTERPRISE NETWORKS A THESIS SUBMITTED TO THE GRADUATE SCHOOL OF INFORMATICS THE MIDDLE EAST TECHNICAL UNIVERSITY BY BAHADIR GÖKHAN SARIKOZ IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF MASTER OF SCIENCE IN THE DEPARTMENT OF INFORMATION SYSTEM JANUARY 2015 AN INFORMATION SECURITY FRAMEWORK FOR WEB SERVICES IN ENTERPRISE NETWORKS Submitted by Bahadır Gökhan Sarıkoz in partial fulfilment of the requirements for the degree of Master of Science in Information Systems, Middle East Technical University by, Prof. Dr. Nazife Baykal Director, Informatics Institute Prof. Dr. Yasemin Yardımcı Çetin Head of Department, Information Systems Assoc. Prof. Dr. Banu Günel Supervisor, Information Systems, METU Examining Committee Members: Prof. Dr. Nazife Baykal IS, METU Assoc. Prof. Dr. Banu Günel IS, METU Prof. Dr. Şeref Sağıroğlu CENG, Gazi University Assist. Prof. Dr. Pekin Erhan Eren IS, METU Dr. Buğra Karabey META, Microsoft Date: June 21, 2015 I hereby declare that all information in this document has been obtained and presented in accordance with academic rules and ethical conduct. I also declare that, as required by these rules and conduct, I have fully cited and referenced all material and results that are not original to this work. Name, Surname: Bahadır Gökhan Sarıkoz Signature: iii ABSTRACT AN INFORMATION SECURITY FRAMEWORK FOR WEB SERVICES IN ENTERPRISE NETWORKS Sarıkoz, Bahadır Gökhan M.S., Department of Information Systems Keywords: Web Services, Cyber Security, Security Modeling, Security Controls, Security Measurement. Supervisor: Assoc. Prof. Dr. Banu GÜNEL January 2015, 197 pages Web Service, an open standard based on existing Internet protocols, provides a flexible solution to web application integration. It provides faster, more practical and more effective way of solutions for the organizational structures. Online shopping, billing, reservation and other way of standards provided to people mostly depend on web services. On the other hand, it provides corporate identity and functionality of an organization. Since the importance and the necessity of the web services increase day by day, the level of criticality also increases in the same level. In the meanwhile, the necessary measurements are to be taken into account in order to provide 7/24 productivity. Such measurements include several subjects from the load testing to effective coding for best service. However, cyber security attacks, one of the most important issues nowadays are the root cause in order to take vital measurements. Preventing web services from these cyber security attacks requires several aspects from different perspectives including network-based security, protocol-based security, signature-based security and other types of control mechanisms. In this study, an information security framework has been proposed in order to define the complete security aspects of a web service of an enterprise network. Within this framework, a sample information security modeling for a web service has been presented with iv respect to the several types of attacks. The mentioned modeling has been tested and measured for pre-defined and specified scenarios. v ÖZ KURUM AĞLARINDA WEB SERVİSLERİ İÇİN BİR BİLGİ GÜVENLİĞİ ÇERÇEVESİ Sarıkoz, Bahadır Gökhan Yüksek Lisans, Bilişim Sistemleri Bölümü Anahtar Kelimeler: Web Servisleri, Siber Güvenlik, Güvenlik Modellemesi, Güvenlik Kontrolleri, Güvenlik Ölçümleri. Tez Yöneticisi: Doçent Dr. Banu GÜNEL Ocak 2015, 197 sayfa Varolan internet protokolleri bazlı web servisi web uygulama entegrasyonuna esnek bir çözüm sağlamaktadır. Bu da organizasyonel yapılarda daha hızlı, daha pratik ve daha efektif çözüm yolları sağlamaktadır. İnsanlara sağlanan çevrimiçi alışveriş, fatura ödeme, rezervasyon ve diğer standartlar neredeyse tamamen web servislerine dayanmaktadır. Diğer taraftan kurumsal kimlik, organizasyon fonksiyonalitesini sağlar. Web servislerinin önemi ve gerekliliği gün geçtikçe arttığı için, aynı şekilde kritikliği de artmaktadır. Bu arada, 7/24 üretimin sağlanabilmesi açısından gerekli önlemler göz önünde bulundurulmaktadır. Bu önlemler en iyi hizmet açısından yük testinden efektif kodlamaya kadar bir çok konuyu içermektedir. Buna rağmen, günümüzün en önemli konularından biri olan siber saldırılar hayati önlemlerin alınması için kök nedendir. Siber saldırılardan web servislerini korumak ağ bazlı, protokol bazlı, imza bazlı güvenliği ve diğer kontrol mekanizmalarını içeren birçok durumu gerektirmektedir. Bu çalışmada, bir işletme ağında bulunan web servisinin bütün güvenlik durumunun sağlanılması için bir bilgi güvenliği çerçevesi önerilmiştir. Bu çerçevede bir çok çeşit siber saldırı göz önünde bulundurularak bir bilgi güvenliği modellemesi sunulmuştur. Belirtilen modelleme önceden belirlenmiş spesifik senaryolara istinaden test edilmiş ve sonuçları paylaşılmıştır. vi DEDICATION To my wife, and daughter vii ACKNOWLEDGEMENTS First of all, I would like to thank my supervisor Assoc. Prof Dr. Banu Günel for her extensive support, guidance and patience throughout the thesis studies. I am grateful for what she has done for me so far. I would like to express my gratitude to Murat Hüseyin Candan, Dr. Okan Yücel and all my colleagues in Barikat Information Security for their support, patience and encouragement for my studies. I am also grateful to Volkan Ertürk for his valuable suggestions and contributions in this study. I owe special thanks to my older brother Serdar Kürşat Sarıkoz for his valuable suggestions. Finally, I would like to thank my beloved wife Ayşegül Sarıkoz and my little daughter Nil Şevval Sarıkoz for their boundless love, patience and support during the thesis period. viii TABLE OF CONTENTS ABSTRACT ................................................................................................................ iv ÖZ… ........................................................................................................................... vi DEDICATION ........................................................................................................... vii ACKNOWLEDGEMENTS ...................................................................................... viii TABLE OF CONTENTS ............................................................................................ ix LIST OF TABLES ..................................................................................................... xii LIST OF FIGURES ................................................................................................... xv LIST OF ABBREVIATIONS AND ANCRONYMS ............................................... xvi 1. INTRODUCTION ............................................................................................... 1 1.1. STATEMENT OF THE PROBLEM ............................................................ 1 1.2. RELATED WORK ........................................................................................ 6 1.3. OBJECTIVE OF THIS STUDY ................................................................... 7 1.4. OUTLINE OF THE THESIS ........................................................................ 8 2. BASIC CONCEPTS OF WEB SERVICES ......................................................... 9 2.1. DEFINITION OF THE WEB SERVICE ...................................................... 9 2.2. IMPORTANCE OF THE WEB SERVICE IN ENTERPRISE NETWORKS ......................................................................................................... 10 2.3. WEB SERVICE ARCHITECTURE ........................................................... 11 2.3.1. The Message Oriented Model .............................................................. 13 2.3.2. The Service Oriented Model ................................................................ 14 2.3.3. The Resource Oriented Model ............................................................. 15 2.3.4. The Policy Model ................................................................................. 16 2.4. TYPE OF WEB SERVICES ....................................................................... 17 2.4.1. Extensible Markup Language (XML) .................................................. 18 2.4.2. Web Services Definition Language (WSDL) ...................................... 19 ix 2.4.3. Simple Object Access Protocol (SOAP) .............................................. 21 2.4.4. Universal Description, Discovery and Integration (UDDI) ................. 22 3. SECURITY CONCEPTS ................................................................................... 25 3.1 SECURITY ENGINEERING...................................................................... 25 3.2. BASIC TERMINOLOGY IN SECURITY ENGINEERING ..................... 28 3.3. SECURITY CONTROLS............................................................................ 30 4. AN INFORMATION SECURITY FRAMEWORK FOR THE WEB SERVICES.. ............................................................................................................... 37 4.1. PURPOSE AND SCOPE............................................................................. 37 4.2. ASSUMPTIONS ......................................................................................... 38 4.3. DEFINITION OF A FICTITIOUS WEB SERVICE DEPLOYMENT ...... 39 4.4. INFORMATION SECURITY FRAMEWORK .......................................... 44 4.4.1. Step 1 – Defining All the Criteria and Information Security Procedures for the Web Services .........................................................................................
Load more

Recommended publications
  • Bakalářská Práce 2013
    Masarykova univerzita Filozofická fakulta Ústav české literatury a knihovnictví Kabinet informa čních studií a knihovnictví Bakalá řská diplomová práce 2013 Alena Brožová Masarykova univerzita Filozofická fakulta Kabinet informa čních studií a knihovnictví Informa ční studia a knihovnictví Alena Brožová AntiSec: hacktivistická kampa ň za svobodu na internetu Bakalá řská diplomová práce Vedoucí práce: PhDr. Pavla Ková řová 2013 Prohlašuji, že jsem diplomovou práci vypracovala samostatn ě s využitím uvedených pramen ů a literatury. …………………………………………….. Podpis autora práce Zde bych cht ěla pod ěkovat vedoucí práce PhDr. Pavle Ková řové za pomoc a cenné rady v pr ůběhu tvorby bakalá řské diplomové práce. Bibliografický záznam BROŽOVÁ, Alena. AntiSec: hacktivistická kampa ň za svobodu na internetu . Brno: Masarykova univerzita, Filozofická fakulta, Ústav české literatury a knihovnictví, Kabinet informa čních studií a knihovnictví, 2013, 59 s. Vedoucí bakalá řské práce PhDr. Pavla Ková řová. Anotace Bakalá řská diplomová práce „AntiSec: hacktivistická kampa ň za svobodu na internetu“ se zabývá hackerskými útoky v rámci operace AntiSec, které byly uskute čněny pod záštitou propagace svobodného internetu, svobody informací a svobody projevu. Práce se zabývá etickou oprávn ěností provedení útok ů v souvislosti s pravidly definovaných etických teorií a kodex ů. Pro toto hodnocení jsou využity principy dimenzionální analýzy. Výsledkem práce je souhrn informací o prob ěhnuté operaci s důrazem na eti čnost provedených útok ů. Annotation Bachelor thesis „AntiSec: hacktivism campaign for freedom on the internet“ deals with hacker attacks in Operation AntiSec which were made under the auspices of promoting free internet, freedom of information and freedom of expression. The work deals with the ethical legitimacy of carrying out attacks in relation to the rules of defined ethical theories and codes.
    [Show full text]
  • Commander Cialis
    E­Paper | Today's Paper | SmartInvestor.in | B2B Connect | Apps | BS Products Sign in | Register Thursday, January 15, 2015 | 06:40 PM IST News Stock Quote Authors Advanced Search Home Markets Companies Opinion Politics Technology Specials Personal Finance Portfolio My Page Overview News Features Gadgets & Gizmos People Personal Technology Technology » Columns » Columns Emerging global cyberlaw trends in 2014 2014 was the year when dark web started emerging, primarily due to the iCloud hacking of celebrities' pictures Pavan Duggal January 5, 2015 Last Updated at 13:37 IST Add to My Page Related News Careless and online Keeping it safe Should you worry about the Gmail hack? Now, Ankit Fadia plans to pen a fiction novel Is India prepared to tackle a Sony like cyber attack? Globally, the year 2014 was a year that was dedicated to cybercrimes and hacking. In fact, cybercrime as a phenomenon loomed large and predominant on the firmament of cyberspace landscape. Looking at the predominant events that happened in 2014 across the world, one gets an intrinsic feeling that the year 2014 was a year to remind the world that cyber criminal activities and breaches of cybercrime are going to be an integral part of our day­to­day lives. Seen from another perspective, the predominant existing landscape also demonstrates an ongoing struggle between the digital haves and the digital have­nots. The worlds saw one of the biggest hacking attacks in the form of Sony hacking. In the said case, hackers reportedly infiltrated the computer network of Sony Pictures Entertainment, a major Hollywood movie studio.
    [Show full text]
  • الجريمة اإللكرتونية يف املجتمع الخليجي وكيفية مواجهتها Cybercrimes in the Gulf Society and How to Tackle Them
    مسابقة جائزة اﻷمير نايف بن عبدالعزيز للبحوث اﻷمنية لعام )2015م( الجريمة اﻹلكرتونية يف املجتمع الخليجي وكيفية مواجهتها Cybercrimes in the Gulf Society and How to Tackle Them إعـــــداد رامـــــــــــــي وحـــــــــــــيـد مـنـصــــــــــور باحـــــــث إســـتراتيجي في الشــــــئون اﻷمـــنـــية واﻻقتصـــــــــاد الســــــــياسـي -1- أ ت جملس التعاون لدول اخلليج العربية. اﻷمانة العامة 10 ج إ الجريمة اﻹلكترونية في المجتمع الخليجي وكيفية مواجهتها= cybercrimes in the Gulf:Society and how to tackle them إعداد رامي وحيد منصور ، البحرين . ـ الرياض : جملس التعاون لدول اخلليج العربية ، اﻷمانة العامة؛ 2016م. 286 ص ؛ 24 سم الرقم املوحد ملطبوعات اجمللس : 0531 / 091 / ح / ك/ 2016م. اجلرائم اﻹلكرتونية / / جرائم املعلومات / / شبكات احلواسيب / / القوانني واللوائح / / اجملتمع / مكافحة اجلرائم / / اجلرائم احلاسوبية / / دول جملس التعاون لدول اخلليج العربية. -2- قائمة املحتويات قائمة احملتويات .......................................................................................................... 3 قائمــة اﻷشــكال ........................................................................................................10 مقدمــة الباحــث ........................................................................................................15 مقدمة الدراســة .........................................................................................................21 الفصل التمهيدي )اﻹطار النظري للدراسة( موضوع الدراســة ...................................................................................................... 29 إشــكاليات الدراســة ................................................................................................
    [Show full text]
  • Geneva Information Security Day
    Geneva Information Security Day 17 September 2013 ©2011 High-Tech Bridge SA – www.htbridge.ch # whoami Frédéric BOURLA Chief Security Specialist Head of Ethical Hacking & Computer Forensics Departments High-Tech Bridge SA ~13 years experience in Information Technologies GXPN, LPT, CISSP, CCSE, CCSA, ECSA, CEH, eCPPT GREM, CHFI RHCE, RHCT, MCP [[email protected]] ©2011 High-Tech Bridge SA – www.htbridge.ch # readelf prez Slides in English. Talk in French. 3 rounds of 20’ [not including Q&A] focused on the offensive angle. No need to take notes, the whole slides and demos will be published on High-Tech Bridge website. Given the very short time and the heterogeneous attendees, slides will not dive to far in the technique. Nevertheless, I will also publish an additional low level and step by step guide for all of you who may be interested by the technical part of those hacking principles. ©2011 High-Tech Bridge SA – www.htbridge.ch # readelf prez The first two parts are server-side oriented, whereas the third one focuses on client-side attacks. If you missed previous conferences, you can learn more on server-side attacks here: https://www.htbridge.com/publications/frontal_attacks_fro m_basic_compromise_to_advanced_persistent_threat.ht ml And here are the slides which introduced client-side attacks: https://www.htbridge.com/publications/client_side_threat s_anatomy_of_reverse_trojan_attacks.html ©2011 High-Tech Bridge SA – www.htbridge.ch Table of contents 0x00 - About me 0x01 - About this conference 0x02 - Round 1: Web Servers vs. SQL Injections 0x03 - Round 2: Web Servers vs. Blind SQL Injections 0x04 - Round 3: Web Users vs. Cross-Site Scripting 0x05 - Conclusion ©2011 High-Tech Bridge SA – www.htbridge.ch SQL Injection On 5th February 2011, the security firm HBGary was compromised by LulzSec using a SQL Injection in their CMS-driven website.
    [Show full text]
  • Reporting, and General Mentions Seem to Be in Decline
    CYBER THREAT ANALYSIS Return to Normalcy: False Flags and the Decline of International Hacktivism By Insikt Group® CTA-2019-0821 CYBER THREAT ANALYSIS Groups with the trappings of hacktivism have recently dumped Russian and Iranian state security organization records online, although neither have proclaimed themselves to be hacktivists. In addition, hacktivism has taken a back seat in news reporting, and general mentions seem to be in decline. Insikt Group utilized the Recorded FutureⓇ Platform and reports of historical hacktivism events to analyze the shifting targets and players in the hacktivism space. The target audience of this research includes security practitioners whose enterprises may be targets for hacktivism. Executive Summary Hacktivism often brings to mind a loose collective of individuals globally that band together to achieve a common goal. However, Insikt Group research demonstrates that this is a misleading assumption; the hacktivist landscape has consistently included actors reacting to regional events, and has also involved states operating under the guise of hacktivism to achieve geopolitical goals. In the last 10 years, the number of large-scale, international hacking operations most commonly associated with hacktivism has risen astronomically, only to fall off just as dramatically after 2015 and 2016. This constitutes a return to normalcy, in which hacktivist groups are usually small sets of regional actors targeting specific organizations to protest regional events, or nation-state groups operating under the guise of hacktivism. Attack vectors used by hacktivist groups have remained largely consistent from 2010 to 2019, and tooling has assisted actors to conduct larger-scale attacks. However, company defenses have also become significantly better in the last decade, which has likely contributed to the decline in successful hacktivist operations.
    [Show full text]
  • Turkey Under Cyber Fire
    TURKEY UNDER CYBER FIRE The theater of cyberwar is changing and evolving by the minute. New threats, new attacks, and new actors are emerging daily, with Turkey likely being both the target and the attacker in many cyber attacks. Its young population, the nation’s increasing use of technology, and growing nationalist ideas could place Turkish hackers as one of the main actors in the global cyberwar. However, a number of factors could doom Turkey to only have several different cyber militias rather than a well organized cyber army. Attacks targeting Turkey and the region could speed up the organization of such cyber attack capabilities. Alper Başaran* Spring 2017 * Alper Başaran is the Founder of Garnizon Bilgi Guvenligi, a company specialized in penetration testing and cybersecurity consulting services working with government agencies and enterprises in Turkey. 95 VOLUME 16 NUMBER 1 ALPER BAŞARAN yber attacks have become part of our daily lives. The last great offen- sive occurred on 12 May 2017 in a global attack that compromised over a quarter million computers worldwide. A ransomware (a mali- C cious software that encrypts files on the computer it infects and asks for money to decrypt them) caused delays on German railways, almost halted the UK’s National Health Services, and stopped production in some major French fac- tories. This scenario unfolded on a global scale within a few hours.1 This ransomware was built using an exploit developed by the National Security Agency (NSA) and was leaked by Wikileaks, both of which are key actors in the current arena of cyber warfare.
    [Show full text]
  • Ethical Hacking
    Ethical Hacking Alana Maurushat University of Ottawa Press ETHICAL HACKING ETHICAL HACKING Alana Maurushat University of Ottawa Press 2019 The University of Ottawa Press (UOP) is proud to be the oldest of the francophone university presses in Canada and the only bilingual university publisher in North America. Since 1936, UOP has been “enriching intellectual and cultural discourse” by producing peer-reviewed and award-winning books in the humanities and social sciences, in French or in English. Library and Archives Canada Cataloguing in Publication Title: Ethical hacking / Alana Maurushat. Names: Maurushat, Alana, author. Description: Includes bibliographical references. Identifiers: Canadiana (print) 20190087447 | Canadiana (ebook) 2019008748X | ISBN 9780776627915 (softcover) | ISBN 9780776627922 (PDF) | ISBN 9780776627939 (EPUB) | ISBN 9780776627946 (Kindle) Subjects: LCSH: Hacking—Moral and ethical aspects—Case studies. | LCGFT: Case studies. Classification: LCC HV6773 .M38 2019 | DDC 364.16/8—dc23 Legal Deposit: First Quarter 2019 Library and Archives Canada © Alana Maurushat, 2019, under Creative Commons License Attribution— NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) https://creativecommons.org/licenses/by-nc-sa/4.0/ Printed and bound in Canada by Gauvin Press Copy editing Robbie McCaw Proofreading Robert Ferguson Typesetting CS Cover design Édiscript enr. and Elizabeth Schwaiger Cover image Fragmented Memory by Phillip David Stearns, n.d., Personal Data, Software, Jacquard Woven Cotton. Image © Phillip David Stearns, reproduced with kind permission from the artist. The University of Ottawa Press gratefully acknowledges the support extended to its publishing list by Canadian Heritage through the Canada Book Fund, by the Canada Council for the Arts, by the Ontario Arts Council, by the Federation for the Humanities and Social Sciences through the Awards to Scholarly Publications Program, and by the University of Ottawa.
    [Show full text]
  • ICT Cyber Desk Review
    ICT Cyber-Desk PERIODIC REVIEW Cyber-Terrorism Activities Report No. 12 January – March 2015 International Institute for Counter Terrorism (ICT) Additional resources are available on the ICT Website: www.i ct.org.il Highlights This report covers the period of January - March 2015 and covers two main subjects: cyber- terrorism (offensive, defensive, and the media, and the main topics of jihadist discourse) and cyber- crime, whenever and wherever it is linked to jihad (funding, methods of attack). The following are among the issues covered in this report: During January-March 2015, a prominent activist calling himself “The Islamic State’s Technology Expert”, and who is affiliated with the Islamic State (IS) on social networks, published several guidebooks and precautions on topics including, how to operate securely and secretly on social networks, how to maintain anonymity and encryption of cellular devices, how to use TOR technology on various devices form desktops to laptops, how to secure and encrypt information on personal computers, etc. Since the beginning of 2015 there has been in increase in cyberattacks by elements affiliated with the IS, including the defacement of Web sites and Twitter accounts, as well as information leaks. The attacks were carried out by various groups using the organization’s logo, such as the CyberCaliphate, or by parties acting on behalf of the organization, such as the Islamic State Hacking Division. The terrorist attack against the French magazine, Charlie Hebdo, in Paris led to mutual cyber- attacks with supporters of the IS attacking various targets, mainly in France. On the other hand, members of ‘Anonymous’ increased the fight against the IS and acted to disrupt activities on forums and Internet sites affiliated with the organization.
    [Show full text]
  • Yegen / E-Journal of Intermedia, 20141(1) 118-132
    118 Yegen / E-Journal of Intermedia, 20141(1) 118-132 E-journal of Intermedia, Fall 2014 1(1) DİJİTAL AKTİVİZMİN BİR TÜRÜ OLARAK HACKTİVİZM VE “RedHack” HACKTIVISM AND “RedHack” AS A SORT OF DIGITAL ACTIVISM Arş. Gör. Ceren Yegen 1 Muş Alparslan Üniversitesi, İletişim Fakültesi, Gazetecilik Bölümü, Muş Özet: Özellikle 21.yüzyılda hızla gelişen iletişim teknolojileri, iletişim olgusunun kendi içerisinde değişip dönüşmesine sebep olurken, toplumsal gündelik yaşam pratiklerinin de değişip dönüşmesine neden olmaktadır. İletişim teknolojileri ile yerel olandan küresel olana doğru bir dönüşüm seyretmekle birlikte, bu durum birçok alanı da etkilemektedir. İletişim ve internet teknolojilerinin gelişim ve dönüşümü ile beraber birçok toplumsal pratik sosyal mecralardan dijital mecralara taşınmaktadır. Bireyler bireysel ya da toplumsal birçok pratiği iletişim ve internet teknolojilerinden yararlanarak dijital ortamlarda yapmakta, bu sayede daha fazla kitleye, daha kısa sürede ulaşabilmektedir. Böylelikle ayrıca geleneksel iletişimin tek yönlü duruşuna artık etkileşimden söz eden ve çift yönlü işleyen bir iletişim ortam ile algısı noktasında bir alternatif getirilmektedir. Bununla birlikte örgütleme pratiği de büyük bir önem kazanmış ve insanlar internet üzerinden daha çabuk ve etkili şekilde örgütlenebilir olmuştur. Bu anlamda önemli bir toplumsal pratik olan aktivizm de internet teknolojileri ile dönüşmüş ve aktivizmin internet üzerinden yapılmasını ifade eden dijital aktivizm önemli bir kavram olarak ortaya çıkmıştır. Bu yüzden bu çalışmada sınırlı kalmak adına bir dijital aktivizm pratiği olan ve özellikle Türkiye'de 1997 yılında kurulan ve Kızıl Hackerlar Birliği olarak anılan "RedHack" isimli hacker grubu ile öne çıktığı varsayılan "hacktivizm" kavramı RedHack'in 2012 ile 2013 arasında yaptığı eylemler (toplam 33 eylem) çerçevesinde tartışılacak, politik gerekçeler ile hackleme eylemi yapma anlamına gelen hacktivizm kavramının yeni medya destekli olarak nasıl yorumlandığı betimsel bir analiz dahilinde irdelenecektir.
    [Show full text]
  • The Cyber Security Scene in Turkey
    0111000010110010100010001111 0100011000101110010101100101A Primer on Cyber Security in Turkey and the Case of Nuclear Power / 22 0001000111101010110001011100 0010110010100010001111010001 1000101110010101100101000100 0111101010110001011100001011 00101 THE CYBER 000100011110 10001 SECURITY SCENE 1000101 11001 IN TURKEY 0101100101000 10001Assoc. Prof. Salih Bıçakcı 111 Faculty Member, International Relations - 01010Kadir Has University 110 00101F.Doruk Ergun 110 00010Research Fellow – EDAM 110 Prof. Mitat Çelikpala 01010Dean, Graduate School of Social Sciences - 001 00011Kadir Has University 110 1000110001011100101011001010 0010001111010101100010111000 0101100101000100011110100011 0001011100101011001010001000 111101010110001011100001011 001010001000111101000110001 0111000010110010100010001111011100001011001010001000111 0100011000101110010101100101101000110001011100101011001A Primer on Cyber Security in Turkey and the Case of Nuclear Power / 23 1. Introduction 0001000111101010110001011100010001000111101010110001011The advent of the cyber realm brought along multiple security challenges to both users and security agencies of nation states. Cyber attackers have the potential to wreak havoc by targeting financial institutions, accessing and leaking national secrets, and as multiple 00101100101000100011110100011000010110010100010001111010examples, including the Stuxnet worm against Iranian nuclear facilities have shown, by causing actual physical damage akin to a kinetic attack to national infrastructure. Cyber-attacks are 1000101110010101100101000100001100010111001010110010100harder
    [Show full text]
  • The Day of the Cyber Wolf
    Regis University ePublications at Regis University All Regis University Theses Fall 2014 The aD y of the Cyber Wolf Ryan K. Buch Regis University Follow this and additional works at: https://epublications.regis.edu/theses Part of the Criminology and Criminal Justice Commons Recommended Citation Buch, Ryan K., "The aD y of the Cyber Wolf" (2014). All Regis University Theses. 210. https://epublications.regis.edu/theses/210 This Thesis - Open Access is brought to you for free and open access by ePublications at Regis University. It has been accepted for inclusion in All Regis University Theses by an authorized administrator of ePublications at Regis University. For more information, please contact [email protected]. Regis University College for Professional Studies Graduate Programs Final Project/Thesis Disclaimer Use of the materials available in the Regis University Thesis Collection (“Collection”) is limited and restricted to those users who agree to comply with the following terms of use. Regis University reserves the right to deny access to the Collection to any person who violates these terms of use or who seeks to or does alter, avoid or supersede the functional conditions, restrictions and limitations of the Collection. The site may be used only for lawful purposes. The user is solely responsible for knowing and adhering to any and all applicable laws, rules, and regulations relating or pertaining to use of the Collection. All content in this Collection is owned by and subject to the exclusive control of Regis University and the authors of the materials. It is available only for research purposes and may not be used in violation of copyright laws or for unlawful purposes.
    [Show full text]
  • Hacker, Hoaxer, Whistleblower, Spy: the Story of Anonymous
    hacker, hoaxer, whistleblower, spy hacker, hoaxer, whistleblower, spy the many faces of anonymous Gabriella Coleman London • New York First published by Verso 2014 © Gabriella Coleman 2014 The partial or total reproduction of this publication, in electronic form or otherwise, is consented to for noncommercial purposes, provided that the original copyright notice and this notice are included and the publisher and the source are clearly acknowledged. Any reproduction or use of all or a portion of this publication in exchange for financial consideration of any kind is prohibited without permission in writing from the publisher. The moral rights of the author have been asserted 1 3 5 7 9 10 8 6 4 2 Verso UK: 6 Meard Street, London W1F 0EG US: 20 Jay Street, Suite 1010, Brooklyn, NY 11201 www.versobooks.com Verso is the imprint of New Left Books ISBN-13: 978-1-78168-583-9 eISBN-13: 978-1-78168-584-6 (US) eISBN-13: 978-1-78168-689-8 (UK) British Library Cataloguing in Publication Data A catalogue record for this book is available from the British library Library of Congress Cataloging-in-Publication Data A catalog record for this book is available from the library of congress Typeset in Sabon by MJ & N Gavan, Truro, Cornwall Printed in the US by Maple Press Printed and bound in the UK by CPI Group Ltd, Croydon, CR0 4YY I dedicate this book to the legions behind Anonymous— those who have donned the mask in the past, those who still dare to take a stand today, and those who will surely rise again in the future.
    [Show full text]