Semester of Graduation
Fall, 2020
Degree
Master of Science in Computer Science (MSCS)
Department
Computer Science
Document Type
Thesis
Abstract
The security posture of critical network appliances, such as routers, switches, and firewalls, is crucial as these devices provide the first line of defense against malicious actors. As there is typically no endpoint security software, such as anti-virus available for these devices, it is crucial that vendors release timely updates for vulnerabilities and that customers apply them quickly. The research effort documented in this thesis describes a developed methodology for triaging known vulnerabilities in network devices, assessing the security posture of device vendors, and locating likely weak points in released firmware images. To highlight this methodology, the Anonabox security appliance was analyzed. Anonabox provides built-in VPN and Tor protocol support and ensures that all network traffic routed through the device is directed through Tor or a VPN service. This provides strong privacy and security protections as it allows bypassing of local network monitoring, website and web service censorship, and geolocation tracking. The goal was to perform a security analysis of the Anonabox Pro router over many releases and to apply the developed methodology. FACT was used to perform the analysis, and as shown in the results, Anonabox shows significant weaknesses in its handling of software updates and patching of security vulnerabilities.
Recommended Citation
Vempati, Devi Sowjanya, "Security Analysis of the Anonabox Pro" (2020). LSU Master's Theses. 5212.
https://repository.lsu.edu/gradschool_theses/5212
Committee Chair
Dr. Golden G. Richard III
DOI
10.31390/gradschool_theses.5212