OTSDN What is it? Does it help?
|
|
- Julius Perry
- 5 years ago
- Views:
Transcription
1 OTSDN What is it? Does it help? Dennis Gammel Schweitzer Engineering Laboratories, Inc. Funded by the U.S. Department of Energy and the U.S. Department of Homeland Security cred-c.org
2 Important Aspects of Critical OT Networks Determinism and low latency Precise time Fast fault detection, isolation, and recovery Cybersecurity defense in layers Monitoring, self-testing, and alarming Maintainability, testing and diagnostics High MTBF hardware cred-c.org 2
3 Message Delivery Performance Criteria Defined by International Standards IED performance requirements IEC 61850, IEC 60834, IEC 15802, IEEE Latency specifications IEC 61850, IEC 60834, IEC 15802, IEEE Speed IEC cred-c.org 3
4 Message Delivery Quality Criteria Defined by International Standards Dependability and security requirements IEC 61850, IEC Availability requirements IEC 61850, IEC 60834, IEEE Reliability metrics IEC 61850, IEEE 1613, IEC cred-c.org 4
5 International Standards Dictate Protection Signal Exchange Acceptance Criteria Signal < 3 ms packet transit < 1 ms 99.99% of the time Signal <18 ms packet transit <15 ms 0.01% of the time Zero dropped GOOSE messages per year, <9 extra messages every 24 hours cred-c.org 5
6 Challenges With Traditional Ethernet Switching Designed for plug and play Conveniently does things we don t want Reactive failover Topology dependent performance Difficult to achieve 100% test coverage cred-c.org 6
7 Network Healing Using IEC RSTA C1 IED IED C2 S1 7 RSTA RSTA 1 S2 2 S3 RSTA 1 7 IED Peer-to-peer RSTP informs RSTA cred-c.org 7
8 Introducing SDN Traditional Ethernet Switch Individual Control and Data Planes Software-Defined Networking (SDN) Switch Centralized Control Plane, Individual Data Plane Traditional Eth Switch Control Plane Data Plane Centralized Control Plane SDN Ethernet Switch Data Plane cred-c.org 8
9 Introducing SDN and OpenFlow Application Layer OAM Applications Network Visualization Control Plane Open Flow Data Plane Configuration Programming Network Operating System Simple Packet- Forwarding Hardware Simple Packet- Forwarding Hardware Simple Packet- Forwarding Hardware cred-c.org 9
10 How SDN Works Data plane inspects each Ethernet packet and performs one or more Match fields match rule based on first 4 layers of the Ethernet packet Instructions perform one or more programmed actions Counters increment counters and send counter data to centralized point cred-c.org 10
11 Multilayer Match Rules Forward Packets SDN Flow Match Rule Ethernet Header Layer 2 IP Header Layer 3 TCP / UDP Header Layer 4 Payload cred-c.org 11
12 OTSDN vs Traditional SDN Static vs Reactive Flows Traditional SDN uses reactive flows to dynamically respond and adapt to changes in the network and traffic Focus is on bandwidth utilization and latency rather than determinism Continuous learning and flow management Uncertain network performance at any given time SDN Controller performance bottleneck cred-c.org 12
13 Reactive IT SDN in Operation IT Flow Controller Rule SDN Switch Server Rule SDN Switch Rule SDN Packet Switch IED Packet cred-c.org 13
14 OTSDN vs Traditional SDN Static vs Reactive Flows OTSDN is uses static flows for proactive engineering of known network configuration Static flows can be used because all traffic is known Networks never have new traffic or devices without official change order New or unexpected traffic will be dropped Network state and performance is always known and as designed cred-c.org 14
15 Proactive OT SDN in Operation OT Flow Controller Rule SDN Switch Server Rule SDN Switch Rule SDN Switch IED Packet IED cred-c.org 15
16 Design Traffic Where Paths Are Based on Requirements and Applications Flow Controller Is Not Required for Network Operation SDN Switch GOOSE 2 Relay Relay SDN Switch GOOSE 1 SDN Switch Combined SCADA SDN Switch Engineering Access Rugged Computer cred-c.org 16
17 OTSDN - Cybersecurity at Every Network Hop Only allow traffic that is required and only to the places it is needed. No ARP Cache poisoning No Broadcast storms No BPDU attacks Hosts only see traffic for destined them and nothing else cred-c.org 17
18 No traffic injection from unexpected locations Locked down flows restrict what traffic is allowed on the network at every point Spoofing a device MAC/IP address is difficult Packets that match flow rules must originate from predetermined location. Any attempt to spoof a device from an alternate location raises alert and tracked cred-c.org 18
19 Traditional Intrusion Detection System External with Slow Action Response WAN IDS Knowledge Database Gateway Switch Alarms & events Network Sensor Analysis Engine Switch IED Switch IED Network Sensor Network Sensor Response / Action cred-c.org 19
20 OTSDN Intrusion Detection System Integrated With Fast Dynamic Response WAN OTSDN Switch Dynamic change of security policies IDS Application OTSDN Switch OTSDN Controller OTSDN Switch OTSDN Switch IED IED cred-c.org 20
21 Targeted IDS All needed traffic is engineered to go where it is needed Any unmatched traffic can be easily be discarded or sent to an IDS IDS will ONLY see the traffic that was not already engineered IDS will be burdened much less than watching all traffic More scrutiny can be given to this unwanted traffic cred-c.org 21
22 Targeted Deep Packet Inspection Focus DPI processing only where it is needed Individual Flow(s) from individual switch(es) can easily be sent to a DPI processor. The DPI process can determine if the packets should be allowed on the network. If allowed, send it back to the OTSDN switch for further processing, otherwise drop/log. Reduces burden on the DPI device by only processing the chosen stream of data. cred-c.org 22
23 Conclusion OTSDN is standard technology with different methodology Purpose engineered networks allow deny-by-default cybersecurity at every hop in the network Deterministic failover with traffic metrics New approach to IPS, IDS, and DPI Multipath capable / Application based circuits Controlled change management and network access cred-c.org 23
24 facebook.com/credcresearch/ Funded by the U.S. Department of Energy and the U.S. Department of Homeland Security
Software-Defined Networking (SDN) Now for Operational Technology (OT) Networks SEL 2017
Software-Defined Networking (SDN) Now for Operational Technology (OT) Networks SEL 2017 Traditional Ethernet Challenges Plug-and-play Allow all ROOT D D D D Nondeterministic Reactive failover Difficult
More informationUpgrading From a Successful Emergency Control System to a Complete WAMPAC System for Georgian State Energy System
Upgrading From a Successful Emergency Control System to a Complete WAMPAC System for Georgian State Energy System Dave Dolezilek International Technical Director Schweitzer Engineering Laboratories SEL
More informationCybersecurity was nonexistent for most network data exchanges until around 1994.
1 The Advanced Research Projects Agency Network (ARPANET) started with the Stanford Research Institute (now SRI International) and the University of California, Los Angeles (UCLA) in 1960. In 1970, ARPANET
More informationSEL-5056 Software-Defined Network (SDN) Flow Controller
SEL-5056 Software-Defined Network (SDN) Flow Controller SDN Configuration, Orchestration, and Monitoring Software Major Features and Benefits The SEL-5056 SDN Flow Controller is enterprise software based
More informationLessons Learned and Successful Root Cause Analysis of Elusive Ethernet Network Failures in Installed Systems
Lessons Learned and Successful Root Cause Analysis of Elusive Ethernet Network Failures in Installed Systems D. Dolezilek, J. Dearien, and M. van Rensburg Schweitzer Engineering Laboratories, Inc. Presented
More informationICS 451: Today's plan
ICS 451: Today's plan ICMP ping traceroute ARP DHCP summary of IP processing ICMP Internet Control Message Protocol, 2 functions: error reporting (never sent in response to ICMP error packets) network
More informationUsing Defense in Depth to Safely Present SCADA Data for Read-Only and Corporate Reporting. Rick Bryson
Using Defense in Depth to Safely Present SCADA Data for Read-Only and Corporate Reporting Rick Bryson 2017 by Schweitzer Engineering Laboratories, Inc. All rights reserved. All brand or product names appearing
More informationSwitching & ARP Week 3
Switching & ARP Week 3 Module : Computer Networks Lecturer: Lucy White lbwhite@wit.ie Office : 324 Many Slides courtesy of Tony Chen 1 Ethernet Using Switches In the last few years, switches have quickly
More informationEnterasys K-Series. Benefits. Product Overview. There is nothing more important than our customers. DATASHEET. Operational Efficiency.
DATASHEET Enterasys K-Series Product Overview The Enterasys K-Series is the most cost-effective, flow-based switching solution in the industry. Providing exceptional levels of automation, visibility and
More informationSoftware-Defined Networking Redefines Performance for Ethernet Control Systems
Software-Defined Networking Redefines Performance for Ethernet Control Systems Mark Hadley Pacific Northwest National Laboratory David Nicol University of Illinois at Urbana-Champaign Rhett Smith Schweitzer
More informationCCNA 1 Chapter 5 v5.0 Exam Answers 2013
CCNA 1 Chapter 5 v5.0 Exam Answers 2013 1 2 A host is trying to send a packet to a device on a remote LAN segment, but there are currently no mappings in its ARP cache. How will the device obtain a destination
More informationChapter 8 roadmap. Network Security
Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity 8.4 Securing e-mail 8.5 Securing TCP connections: SSL 8.6 Network layer security: IPsec 8.7 Securing
More information2. What is a characteristic of a contention-based access method?
CCNA 1 Chapter 5 v5.0 Exam Answers 2015 (100%) 1. Which statement is true about MAC addresses? MAC addresses are implemented by software. A NIC only needs a MAC address if connected to a WAN. The first
More informationSoftware Defined Networking
Software Defined Networking Daniel Zappala CS 460 Computer Networking Brigham Young University Proliferation of Middleboxes 2/16 a router that manipulatees traffic rather than just forwarding it NAT rewrite
More informationConfiguring Dynamic ARP Inspection
21 CHAPTER This chapter describes how to configure dynamic Address Resolution Protocol inspection (dynamic ARP inspection) on the Catalyst 3560 switch. This feature helps prevent malicious attacks on the
More informationInternetwork Expert s CCNA Security Bootcamp. Mitigating Layer 2 Attacks. Layer 2 Mitigation Overview
Internetwork Expert s CCNA Security Bootcamp Mitigating Layer 2 Attacks http:// Layer 2 Mitigation Overview The network is only as secure as its weakest link If layer 2 is compromised, all layers above
More informationData Link Layer. Our goals: understand principles behind data link layer services: instantiation and implementation of various link layer technologies
Data Link Layer Our goals: understand principles behind data link layer services: link layer addressing instantiation and implementation of various link layer technologies 1 Outline Introduction and services
More informationDesign and development of the reactive BGP peering in softwaredefined routing exchanges
Design and development of the reactive BGP peering in softwaredefined routing exchanges LECTURER: HAO-PING LIU ADVISOR: CHU-SING YANG (Email: alen6516@gmail.com) 1 Introduction Traditional network devices
More informationInternet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.
Internet Layers Application Application Transport Transport Network Network Network Network Link Link Link Link Ethernet Fiber Optics Physical Layer Wi-Fi ARP requests and responses IP: 192.168.1.1 MAC:
More information10X: Power System Technology 10 Years Ahead of Industry International Standards- Based Communications
10X: Power System Technology 10 Years Ahead of Industry International Standards- Based Communications David Dolezilek International Technical Director Information Technology (IT) Methods Jeopardize Operational
More informationDesigned, built, and tested for troublefree operation in extreme conditions
SEL-2730M Managed 24-Port Ethernet Switch Designed, built, and tested for troublefree operation in extreme conditions Highest mean time between failures (MTBF) in the industry provides years of reliable
More informationSoftware-Defined Networking (Continued)
Software-Defined Networking (Continued) CS640, 2015-04-23 Announcements Assign #5 released due Thursday, May 7 at 11pm Outline Recap SDN Stack Layer 2 Learning Switch Control Application Design Considerations
More informationCIT 380: Securing Computer Systems. Network Security Concepts
CIT 380: Securing Computer Systems Network Security Concepts Topics 1. Protocols and Layers 2. Layer 2 Network Concepts 3. MAC Spoofing 4. ARP 5. ARP Spoofing 6. Network Sniffing Protocols A protocol defines
More informationImportance of Interoperability in High Speed Seamless Redundancy (HSR) Communication Networks
Importance of Interoperability in High Speed Seamless Redundancy (HSR) Communication Networks Richard Harada Product Manager RuggedCom Inc. Introduction Reliable and fault tolerant high speed communication
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 20: Intrusion Prevention Department of Computer Science and Engineering University at Buffalo 1 Lecture Overview Firewalls purpose types locations Network perimeter
More informationSlicing a Network. Software-Defined Network (SDN) FlowVisor. Advanced! Computer Networks. Centralized Network Control (NC)
Slicing a Network Advanced! Computer Networks Sherwood, R., et al., Can the Production Network Be the Testbed? Proc. of the 9 th USENIX Symposium on OSDI, 2010 Reference: [C+07] Cascado et al., Ethane:
More informationAccess Rules. Controlling Network Access
This chapter describes how to control network access through or to the ASA using access rules. You use access rules to control network access in both routed and transparent firewall modes. In transparent
More informationInternetwork Expert s CCNP Bootcamp. Hierarchical Campus Network Design Overview
Internetwork Expert s CCNP Bootcamp Hierarchical Campus Network Design Overview http:// Hierarchical Campus Network Design Overview Per Cisco, a three layer hierarchical model to design a modular topology
More information20-CS Cyber Defense Overview Fall, Network Basics
20-CS-5155 6055 Cyber Defense Overview Fall, 2017 Network Basics Who Are The Attackers? Hackers: do it for fun or to alert a sysadmin Criminals: do it for monetary gain Malicious insiders: ignores perimeter
More informationCSCD 433/533 Advanced Networks
CSCD 433/533 Advanced Networks Lecture 2 Network Review Winter 2017 Reading: Chapter 1 1 Topics Network Topics Some Review from CSCD330 Applications Common Services Architecture OSI Model AS and Routing
More informationIP Packet Switching. Goals of Todayʼs Lecture. Simple Network: Nodes and a Link. Connectivity Links and nodes Circuit switching Packet switching
IP Packet Switching CS 375: Computer Networks Dr. Thomas C. Bressoud Goals of Todayʼs Lecture Connectivity Links and nodes Circuit switching Packet switching IP service model Best-effort packet delivery
More informationOutline. SC/CSE 3213 Winter Sebastian Magierowski York University. ICMP ARP DHCP NAT (not a control protocol) L9: Control Protocols
SC/CSE 3213 Winter 2013 L9: Control Protocols Sebastian Magierowski York University 1 Outline ICMP ARP DHCP NAT (not a control protocol) 2 1 Control Protocols IP is used to transfer data Network layer
More informationFundamental Issues. System Models and Networking Chapter 2,3. System Models. Architectural Model. Middleware. Bina Ramamurthy
System Models and Networking Chapter 2,3 Bina Ramamurthy Fundamental Issues There is no global time. All communications are by means of messages. Message communication may be affected by network delays
More informationIn modern computers data is usually stored in files, that can be small or very, very large. One might assume that, when we transfer a file from one
In modern computers data is usually stored in files, that can be small or very, very large. One might assume that, when we transfer a file from one computer to another, the whole file is sent as a continuous
More informationCMPE 150 Winter 2009
CMPE 150 Winter 2009 Lecture 9 February 3, 2009 P.E. Mantey CMPE 150 -- Introduction to Computer Networks Instructor: Patrick Mantey mantey@soe.ucsc.edu http://www.soe.ucsc.edu/~mantey/ / t / Office: Engr.
More informationChapter 3 Part 2 Switching and Bridging. Networking CS 3470, Section 1
Chapter 3 Part 2 Switching and Bridging Networking CS 3470, Section 1 Refresher We can use switching technologies to interconnect links to form a large network What is a hub? What is a switch? What is
More informationOptimizing Ethernet Access Network for Internet Protocol Multi-Service Architecture
1 Optimizing Ethernet Access Network for Internet Protocol Multi-Service Architecture Author: Mikael Forsten TeliaSonera Sonera Carrier Networks Supervisor: Docent Timo O. Korhonen Instructor: M.Sc Jari
More informationMobile Ad-hoc Networks
Mobile Ad-hoc Networks Fred Baker 1 The manet problem Mobile Random and perhaps constantly changing Ad-hoc Not engineered Networks Elastic data applications which use networks to communicate 2 Examples
More informationRouting protocols in WSN
Routing protocols in WSN 1.1 WSN Routing Scheme Data collected by sensor nodes in a WSN is typically propagated toward a base station (gateway) that links the WSN with other networks where the data can
More informationConfiguring Dynamic ARP Inspection
Finding Feature Information, page 1 Restrictions for Dynamic ARP Inspection, page 1 Understanding Dynamic ARP Inspection, page 3 Default Dynamic ARP Inspection Configuration, page 6 Relative Priority of
More informationNetworking interview questions
Networking interview questions What is LAN? LAN is a computer network that spans a relatively small area. Most LANs are confined to a single building or group of buildings. However, one LAN can be connected
More informationProtecting the Platforms. When it comes to the cost of keeping computers in good working order, Chapter10
Chapter10 Protecting the Platforms Painting: The art of protecting flat surfaces from the weather and exposing them to the critic. Ambrose Bierce (1842 1914) When it comes to the cost of keeping computers
More informationIntroduction. Network Architecture Requirements of Data Centers in the Cloud Computing Era
Massimiliano Sbaraglia Network Engineer Introduction In the cloud computing era, distributed architecture is used to handle operations of mass data, such as the storage, mining, querying, and searching
More informationConnecting to the Network
Connecting to the Network Networking for Home and Small Businesses Chapter 3 1 Objectives Explain the concept of networking and the benefits of networks. Explain the concept of communication protocols.
More informationFerdinand von Tüllenburg Layer-2 Failure Recovery Methods in Critical Communication Networks
Ferdinand von Tüllenburg Layer-2 Failure Recovery Methods in Critical Communication Networks Dependable Communication for Critical Infrastructures Electricity Health Transport Finance Dependable Communication
More informationCS519: Computer Networks. Lecture 1 (part 2): Jan 28, 2004 Intro to Computer Networking
: Computer Networks Lecture 1 (part 2): Jan 28, 2004 Intro to Computer Networking Remember this picture? How did the switch know to forward some packets to B and some to D? From the address in the packet
More informationTHETARAY ANOMALY DETECTION ALGORITHMS ARE A GAME CHANGER
Utility Network UPGRADES MADE SIMPLE MATHEMATICAL EVOLUTIONS FOR RISK MANAGEMENT: THETARAY ANOMALY DETECTION ALGORITHMS ARE A GAME CHANGER WHITEPAPER 1 THE UTILITY TELECOMMUNICATIONS INFRASTRUCTURE The
More informationConfiguring EIGRP. 2001, Cisco Systems, Inc.
Configuring EIGRP 4-1 EIGRP Overview 4-2 What Is EIGRP? IPX Routing Protocols IP Routing Protocols AppleTalk Routing Protocol Enhanced IGRP IP Routing Protocols AppleTalk Routing Protocol IPX Routing Protocols
More informationVXLAN Overview: Cisco Nexus 9000 Series Switches
White Paper VXLAN Overview: Cisco Nexus 9000 Series Switches What You Will Learn Traditional network segmentation has been provided by VLANs that are standardized under the IEEE 802.1Q group. VLANs provide
More informationNetworking for Data Acquisition Systems. Fabrice Le Goff - 14/02/ ISOTDAQ
Networking for Data Acquisition Systems Fabrice Le Goff - 14/02/2018 - ISOTDAQ Outline Generalities The OSI Model Ethernet and Local Area Networks IP and Routing TCP, UDP and Transport Efficiency Networking
More informationDDoS Testing with XM-2G. Step by Step Guide
DDoS Testing with XM-G Step by Step Guide DDoS DEFINED Distributed Denial of Service (DDoS) Multiple compromised systems usually infected with a Trojan are used to target a single system causing a Denial
More informationIP: Addressing, ARP, Routing
IP: Addressing, ARP, Routing Network Protocols and Standards Autumn 2004-2005 Oct 21, 2004 CS573: Network Protocols and Standards 1 IPv4 IP Datagram Format IPv4 Addressing ARP and RARP IP Routing Basics
More informationHomework 3 Discussion
Homework 3 Discussion Address Resolution Protocol (ARP) Data Link Layer Network Layer Data Link Layer Network Layer Protocol Data Unit(PDU) Frames Packets Typical Device Switch/Bridge Router Range Local
More informationPassTorrent. Pass your actual test with our latest and valid practice torrent at once
PassTorrent http://www.passtorrent.com Pass your actual test with our latest and valid practice torrent at once Exam : 352-011 Title : Cisco Certified Design Expert Practical Exam Vendor : Cisco Version
More information6.1.2 Repeaters. Figure Repeater connecting two LAN segments. Figure Operation of a repeater as a level-1 relay
6.1.2 Repeaters A single Ethernet segment can have a maximum length of 500 meters with a maximum of 100 stations (in a cheapernet segment it is 185m). To extend the length of the network, a repeater may
More informationCSE 123: Computer Networks
CSE 123: Computer Networks Homework 3 Out: 11/19 Due: 11/26 Instructions 1. Turn in a physical copy at the beginning of the class on 11/26 2. Ensure the HW cover page has the following information clearly
More informationOPENFLOW & SOFTWARE DEFINED NETWORKING. Greg Ferro EtherealMind.com and PacketPushers.net
OPENFLOW & SOFTWARE DEFINED NETWORKING Greg Ferro EtherealMind.com and PacketPushers.net 1 HUH? OPENFLOW. What is OpenFlow? From the bottom up. With big words. How OpenFlow does stuff. Then WHY we want
More informationCIS 632 / EEC 687 Mobile Computing
CIS 63 / EEC 687 Mobile Computing IP Software: Routing Prof. Chansu Yu Network Protocols for Wired Network: Ethernet Ethernet address 48-bit, also called hardware/physical/mac/layer address Globally unique:
More informationConfiguring IP Services
This module describes how to configure optional IP services. For a complete description of the IP services commands in this chapter, refer to the Cisco IOS IP Application Services Command Reference. To
More informationNetwork Layer (1) Networked Systems 3 Lecture 8
Network Layer (1) Networked Systems 3 Lecture 8 Role of the Network Layer Application Application The network layer is the first end-to-end layer in the OSI reference model Presentation Session Transport
More informationTCP/IP THE TCP/IP ARCHITECTURE
TCP/IP-1 The Internet Protocol (IP) enables communications across a vast and heterogeneous collection of networks that are based on different technologies. Any host computer that is connected to the Internet
More informationTyphoon: An SDN Enhanced Real-Time Big Data Streaming Framework
Typhoon: An SDN Enhanced Real-Time Big Data Streaming Framework Junguk Cho, Hyunseok Chang, Sarit Mukherjee, T.V. Lakshman, and Jacobus Van der Merwe 1 Big Data Era Big data analysis is increasingly common
More informationCSC 6575: Internet Security Fall Attacks on Different OSI Layer Protocols OSI Layer Basic Attacks at Lower Layers
CSC 6575: Internet Security Fall 2017 Attacks on Different OSI Layer Protocols OSI Layer Basic Attacks at Lower Layers Mohammad Ashiqur Rahman Department of Computer Science College of Engineering Tennessee
More informationFIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others
FIREWALLS 1 FIREWALLS Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others FIREWALLS: WHY Prevent denial of service attacks: SYN ooding: attacker
More informationConfiguring Advanced Firewall Settings
Configuring Advanced Firewall Settings This section provides advanced firewall settings for configuring detection prevention, dynamic ports, source routed packets, connection selection, and access rule
More informationDeterministic Communications for Protection Applications Over Packet-Based Wide-Area Networks
Deterministic Communications for Protection Applications Over Packet-Based Wide-Area Networks Kenneth Fodero, Christopher Huntley, and Paul Robertson Schweitzer Engineering Laboratories, Inc. 2018 SEL
More informationUnderstanding and Configuring Dynamic ARP Inspection
29 CHAPTER Understanding and Configuring Dynamic ARP Inspection This chapter describes how to configure Dynamic ARP Inspection (DAI) on the Catalyst 4500 series switch. This chapter includes the following
More informationChapter 4 Network Layer: The Data Plane
Chapter 4 Network Layer: The Data Plane A note on the use of these Powerpoint slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you see
More informationNetwork Security. Thierry Sans
Network Security Thierry Sans HTTP SMTP DNS BGP The Protocol Stack Application TCP UDP Transport IPv4 IPv6 ICMP Network ARP Link Ethernet WiFi The attacker is capable of confidentiality integrity availability
More informationInterconnecting Cisco Networking Devices Part1 ( ICND1) Exam.
Cisco 640-822 Interconnecting Cisco Networking Devices Part1 ( ICND1) Exam TYPE: DEMO http://www.examskey.com/640-822.html Examskey Cisco 640-822 exam demo product is here for you to test quality of the
More informationLECTURE 9. Ad hoc Networks and Routing
1 LECTURE 9 Ad hoc Networks and Routing Ad hoc Networks 2 Ad Hoc Networks consist of peer to peer communicating nodes (possibly mobile) no infrastructure. Topology of the network changes dynamically links
More informationCopyright Link Technologies, Inc.
3/15/2011 Mikrotik Certified Trainer / Engineer MikroTik Certified Dude Consultant Consulting Since 1997 Enterprise Class Networks WAN Connectivity Certifications Cisco, Microsoft, MikroTik BGP/OSPF Experience
More informationChapter 2 - Part 1. The TCP/IP Protocol: The Language of the Internet
Chapter 2 - Part 1 The TCP/IP Protocol: The Language of the Internet Protocols A protocol is a language or set of rules that two or more computers use to communicate 2 Protocol Analogy: Phone Call Parties
More informationSoftware Defined Networking
CSE343/443 Lehigh University Fall 2015 Software Defined Networking Presenter: Yinzhi Cao Lehigh University Acknowledgement Many materials are borrowed from the following links: https://www.cs.duke.edu/courses/spring13/compsc
More informationEthernet Network Redundancy in SCADA and real-time Automation Platforms.
Ethernet Network Redundancy in SCADA and real-time Automation Platforms www.copadata.com sales@copadata.com Content 1. ABSTRACT... 2 2. INTRODUCTION... 2 IEC 61850 COMMUNICATION SERVICES... 2 APPLICATION
More informationSEL-2730M. Reliably Control and Monitor Your Substation and Plant Networks. Managed 24-Port Ethernet Switch
SEL-2730M Managed 24-Port Ethernet Switch Reliably Control and Monitor Your Substation and Plant Networks Features and Benefits Tough Designed, built, and tested for trouble-free operation in extreme conditions,
More informationLab 9.8.1: Address Resolution Protocol (ARP)
Topology Diagram Addressing Table Device Interface IP Address Subnet Mask Default Gateway R1-ISP R2-Central S0/0/0 10.10.10.6 255.255.255.252 N/A Fa0/0 192.168.254.253 255.255.255.0 N/A S0/0/0 10.10.10.5
More informationBGP Policy Accounting
Border Gateway Protocol (BGP) policy accounting measures and classifies IP traffic that is sent to, or received from, different peers. Policy accounting is enabled on an input interface, and counters based
More informationPacketExpert PDF Report Details
PacketExpert PDF Report Details July 2013 GL Communications Inc. 818 West Diamond Avenue - Third Floor Gaithersburg, MD 20878 Phone: 301-670-4784 Fax: 301-670-9187 Web page: http://www.gl.com/ E-mail:
More informationChapter 11. High Availability
Chapter 11. High Availability This chapter describes the high availability fault-tolerance feature in D-Link Firewalls. Overview, page 289 High Availability Mechanisms, page 291 High Availability Setup,
More informationCS 457 Lecture 11 More IP Networking. Fall 2011
CS 457 Lecture 11 More IP Networking Fall 2011 IP datagram format IP protocol version number header length (bytes) type of data max number remaining hops (decremented at each router) upper layer protocol
More informationICS 351: Networking Protocols
ICS 351: Networking Protocols IP packet forwarding application layer: DNS, HTTP transport layer: TCP and UDP network layer: IP, ICMP, ARP data-link layer: Ethernet, WiFi 1 Networking concepts each protocol
More informationCN-100 Network Analyzer Product Overview
CN-100 Network Analyzer Product Overview CN-100 network analyzers offer an extremely powerful yet cost effective solution for today s complex networking requirements. Test Ethernet or ATM networks with
More informationInter-networking. Problem. 3&4-Internetworking.key - September 20, LAN s are great but. We want to connect them together. ...
1 Inter-networking COS 460 & 540 2 Problem 3 LAN s are great but We want to connect them together...across the world Inter-networking 4 Internet Protocol (IP) Routing The Internet Multicast* Multi-protocol
More informationThe Interconnection Structure of. The Internet. EECC694 - Shaaban
The Internet Evolved from the ARPANET (the Advanced Research Projects Agency Network), a project funded by The U.S. Department of Defense (DOD) in 1969. ARPANET's purpose was to provide the U.S. Defense
More informationConfiguring OpenFlow 1
Contents Configuring OpenFlow 1 Overview 1 OpenFlow switch 1 OpenFlow port 1 OpenFlow instance 2 OpenFlow flow table 3 Group table 5 Meter table 5 OpenFlow channel 6 Protocols and standards 7 Configuration
More informationIEC Test Equipment Requirements
OMICRON K02 03 20060309 IEC 61850 Test Equipment Requirements Dr. Alexander Apostolov K02 03 20060309 Page: 1 Intelligent Substation Automation Systems OMICRON K02 03 20060309 Page: 2 Intelligent Sensor
More informationComputer Science 425 Distributed Systems CS 425 / ECE 428. Fall 2013
Computer Science 425 Distributed Systems CS 425 / ECE 428 Fall 2013 Indranil Gupta (Indy) October 10, 2013 Lecture 14 Networking Reading: Chapter 3 (relevant parts) 2013, I. Gupta, K. Nahrtstedt, S. Mitra,
More information1756-EN2TP Parallel Redundancy Protocol Module Network Redundancy
1756-EN2TP Parallel Redundancy Protocol Module Network Redundancy PUBLIC Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 1 1756-EN2TP Parallel Redundancy Protocol Module The 1756-EN2TP Parallel
More informationTaking Full Control of Your Process Bus LAN Using New Ethernet Packet Transport Technologies
Taking Full Control of Your Process Bus LAN Using New Ethernet Packet Transport Technologies D. Dolezilek Schweitzer Engineering Laboratories, Inc. Presented at the International Conference and Exhibition
More informationApplication of SDN: Load Balancing & Traffic Engineering
Application of SDN: Load Balancing & Traffic Engineering Outline 1 OpenFlow-Based Server Load Balancing Gone Wild Introduction OpenFlow Solution Partitioning the Client Traffic Transitioning With Connection
More informationCSC 4900 Computer Networks: Network Layer
CSC 4900 Computer Networks: Network Layer Professor Henry Carter Fall 2017 Chapter 4: Network Layer 4. 1 Introduction 4.2 What s inside a router 4.3 IP: Internet Protocol Datagram format 4.4 Generalized
More informationprecise rules that govern communication between two parties TCP/IP: the basic Internet protocols IP: Internet protocol (bottom level)
Protocols precise rules that govern communication between two parties TCP/IP: the basic Internet protocols IP: Internet protocol (bottom level) all packets shipped from network to network as IP packets
More informationIntegrating WX WAN Optimization with Netscreen Firewall/VPN
Application Note Integrating WX WAN Optimization with Netscreen Firewall/VPN Joint Solution for Firewall/VPN and WX Platforms Alan Sardella Portfolio Marketing Choh Mun Kok and Jaymin Patel Lab Configuration
More informationActivating Intrusion Prevention Service
Activating Intrusion Prevention Service Intrusion Prevention Service Overview Configuring Intrusion Prevention Service Intrusion Prevention Service Overview Intrusion Prevention Service (IPS) delivers
More informationConfiguring Banyan VINES
Configuring Banyan VINES This chapter describes how to configure Banyan VINES and provides configuration examples. For a complete description of the VINES commands in this chapter, refer to the Banyan
More informationDevoFlow: Scaling Flow Management for High Performance Networks
DevoFlow: Scaling Flow Management for High Performance Networks SDN Seminar David Sidler 08.04.2016 1 Smart, handles everything Controller Control plane Data plane Dump, forward based on rules Existing
More informationCisco Cisco Certified Network Associate (CCNA)
Cisco 200-125 Cisco Certified Network Associate (CCNA) http://killexams.com/pass4sure/exam-detail/200-125 Question: 769 Refer to exhibit: Which destination addresses will be used by Host A to send data
More information- Hubs vs. Switches vs. Routers -
1 Layered Communication - Hubs vs. Switches vs. Routers - Network communication models are generally organized into layers. The OSI model specifically consists of seven layers, with each layer representing
More informationThe CANoe.Ethernet Solution
Use in Praxis V1.0 2016-11-23 Agenda 1. Ethernet the Newcomer in Automotive 2. Why an Automotive Ethernet Option for CANoe? 3. Brief Look to CANoe 4. First Hand Usecase from Field 2/20 Network Topology
More information