IPT Framework: A Technical & Administrative Approach for IP Packets Traceback and Identifying Cyber Criminals
|
|
- Rosamund Adams
- 6 years ago
- Views:
Transcription
1 IPT Framework: A Technical & Administrative Approach for IP Packets Traceback and Identifying Cyber Criminals Abolfazl Amirkhan MSc student, Information Technology Management Payame Noor University Tehran Iran Amirkhanimonfared@yahoo.com Davood Vahdat Lecturer, Member of Information Technology Scientific Group Payame Noor University Tehran Iran vahdat@pnu.ac.ir Nasrollah Moghaddam Cherkari Assistance Professor, Computer Engineering Scientific Group Tarbiyat Modares University Tehran Iran Charkari@modares.ac.ir Abstract: In recent years the use of internet has become wider and include many financial transactions and business information too. And these usages have led to the increasing of abuse from the internet. Although a lot of security software and hardware are designed to prevent cyber attacks, the efficiency of these tools hasn t been fully reliable. As a result, the study around the topic of identifying cyber criminals becomes too important. But for achieving this goal it s needed to trace any internet packets and relate it s IP address to a real person. But there are a lot of limitations in the structure of the internet to trace any internet packets. Also because this structure, primarily established for information transfer in academic and scientific environments on the basis of mutual trust, no identity confirmation is applied for the parties in communication protocols of TCP/IP model. During the past 10 years, subtle techniques have been introduced for tracing IP packets; however, considering the lack of proper infrastructure, the process of applying them has not yet become administrative. In this paper IPT framework will be introduced as an effective and administrative method for traceback of IP packets and identification of cyber criminal specially for crimes lead to data theft. Keywords: Cyber attacks- data theft- IP traceback- identity confirmation- ISP- anonymizer proxy- public servicelog file 1- Introduction The spread of Internet has led to the emergence of a world information community and fast transfer of information among different parts of companies, partners, and providers. Also governments would benefit from this network to offer better services to the citizens at both national and international levels. Besides all these benefits, information transferring which is provided by the Internet has made conditions for the access of illegal individuals to this kind of information which they may steal or damage them. The biggest problem for preventing this attack is that there is no physical and traditional border in these attacks and they are done through the very broad network structure of the Internet, and attackers leave the slightest sign after the attack. As a result, an effective defense mechanism against these attacks is the greatest challenge in the cyber space development. Currently, different types of security software and hardware are designed to defend cyber threats (various firewalls and anti-malware software, etc.al). Also subtle defense strategies in the shape of standards and advises (like standard series of ISO 27000) are introduced to protect information and financial properties. The effectiveness of these security tools and defense strategies are becoming better each day, and in the case of suitable usage, will play an effective role in the reduction of Internet threats. Nevertheless, their function is not fully reliable [3]. The most important reason which has caused abuse of internet issues from the originality of the internet connections. An internet connection is based on mutual trust and cooperation and not according to mutual identity confirmation. In a common connection, just the IP address of both sides will remain [1]. In many cases, IP doesn t introduce the identity of the persons. Most people often communicate through public terminals. Too many connections perform through ISP and most of them use DHCP protocol to give temporal address to their ISSN: ISBN:
2 customers and after disconnection that IP will be transmitted to anyone else [2]. Moreover, existing software that make connection between internal and public networks, like proxy or NAT servers and also softwares which are designed especially for making anonymity with encoding techniques and making connecting tunnels, have made it difficult or even impossible to allocate one IP address to one individual. So criminals without being recognized do their crime actions without accepting any responsibility about making any damages. Hence, one of the effective solution for reducing internet threats is to establish some conditions to trace any attack and identify the attacker. Because by legal tracking, it makes the criminals responsible for their acts. But this goal requires some technical solutions and policies to remove existing barriers for IP address traceback to their original place and allocating it to a specific individual. 2- The limitation of existing IP traceback methods During recent years numerous studies has been conducted on IP address traceback and different techniques like Hop-by-Hop traceback, Backscatter, Centertrace, ITRACE, and Probably Packet Marking (PPM) have been introduced [4, 5, 6]. But all these methods use the capability of routers for logging any packets passed through and this capability hasn t been designed especially for traceback purpose. Also these methods are only efficient for attack that is continuous like denial of service (DOS) and they aren t effective to trace a single packet that occur in most attacks that cause data theft [7, 8]. To traceback a single packet it is necessary to save all packets passing through routers. But applying this method is too difficult in practice. Especially in routers that pass high traffic, saving all packets is impossible. However an approach has been introduced for resolving the problem of saving a high volume of information, called Hash Base Tracing which uses Hash algorithm and a saving technique named Bloomfilter [9] and by using this method, it is possible to reduce a given volume for saving up to 5%, but this method also has some limitations. Although Hash and Bloomfilter techniques reduce saved information volume, it still is not possible in routers passing a high traffic to store all information in a practical period of time and it may disorder the main function of routers. 3-IPT framework for packets traceback In this chapter, the IP traceback framework (IPT) is introduced for traceback action and identifying cyber criminals. This framework introduced to achieve two goals: Making possible to traceback any IP packet Delivering solutions for making it possible to identify actual criminal by IP address To traceback the actual origin of IP packets, storing capability of headers of IP packets from different layers of TCP/IP model in Network access system (NAS), Network address translation system (NAT), firewall or some other kinds of systems that used in the internet network will be used. These headers bear important information like origin and destination IP addresses, internal and external ports, and other information that are useful for traceback action [11]. IP traceback center (IPTC) performs as the central core of this framework. To perform traceback action, this center creates an exclusive communication with users and any ISP and anonymizer proxy. Figure 1 indicates proposal framework and its main elements. Anonymizer service Public service Physical connection User task ISP IPTC center Virtual private connection 1Fig.1: IPT framework and its elements This framework includes 3 main elements: user, IPTC center, service provider reaching the IPT objective by interaction with each other and doing defined tasks. Service providers include internet service provider(isp) and anonymizer service provider and Public service provider like service, file transferring service and instant message service. Internet service providers and anonymizer ISSN: ISBN:
3 service provider should connect with IPTC and run all defined technical and administrative policies of the IPTC. Public service provider should cooperate with IPTC and apply its policies. The steps of Traceback action in IPT are as follows. 1. User identify the event of any attack that lead to data leakage or data theft by traffic monitoring software and request traceback action from IPTC center by sending essential information like local and remote IP address, input and output port number, etc, extracted from that traffic. 2. IPTC will check IP address of remote side. If the address is not in the framework, it will identify the identity of owner's IP by using "Whois database". Whois database has been created by IANA organization that is responsible for delivering domain name and IP address to the companies and other applicants and perform this action around the world through some confirmed registers like AfriNIC, APNIC, ARIN, LACNIC and RIPE NCC. After recognizing the actual agent, IPTC may do more research or restrict the network activity of that agent or apply some legal punishment to compensate victim's loss. 3. If IP address be for one of internet service provider or anonymizer service provider, cooperating in IPT framework, required information is request from them. Depending on the type of provider, information can lead to identifying the main agent or may contain another IP address which in this case the trace back action returns to step 2 once more. 3-1 IPTC center IPTC center plays the base role in IPT framework and does the following tasks: Providing a secure path to communicate with users and service providers by Public key Infrastructure Designing software for connecting users and internet or anonymizer service providers to IPTC Defining the protocol and information type which should be interacted between the IPT framework elements. Identifying events which shows a kind of attack and appoint them as crime document and sending them for users. Teaching and enhancing user s knowledge about internet protocol and make them capable to detect event of data theft by providing efficient software for them. Defining policies and technical and administrative approaches for different service providers in order to remove current limitations for trackback IP packets. IPTC is connected with user's and service providers through the following structure. Master Responsible for Traceback (MRT): After receiving traceback request through CLIENT RT the MRT program checks the IP address of remote side. If this address is not among the IP of service providers in IPT framework, it will announce it, so the IPTC center will identify the owner of IP address by using Whois database and IPTC will do any appropriate actions related to its policies. If the IP address belongs to one of a service provider of the framework, the MRT will send a request to SRD of that service provider. DATABASE OF IP OF INTERNET SERVICE PROVIDER OR ANONYMIZER SERVICE PROVIDER COLLABORATING IN IPT FRAMEWORK SRD MRT Internet TRACEBACK LOG Client RT 2Fig.2: IPTC connection with other elements in IPT frame System Responsibe to Delivery data (SRD): this program is connected to log files of some different services and regarding to receive data from MRT, it will receive given information from the log files and will send it to MRT. Client Request to Traceback (Client RT): This program sends to the MRT, the traceback request for an IP address which the user's information has been sent to it illegally. For an address to become possible for trackback in addition to remote IP address, the user should send another important information including IP address of local system, input and output ports, and the time a logical connection is made and when it is finished with the other side. Essential information (such as local and remote IP address, the input and output port number and the time a logical connection starts and ends) and the amount of time passed from the interaction between two points, are two factors which play the main role in order to traceback an IP address successfully and to identify the main agent of a cyber theft. It is possible to ISSN: ISBN:
4 traceback and identify cyber criminals by having enough information about the connection which is caused the event of data theft in case not much time is passed from that connection, because in this case, important information needed to track and traceback is available at the log files of the servers in service providers. The elements in IPT framework use special structure to exchange required information for IP address traceback and identifying the identity of remote agent. In this structure the TCP protocol is used in transfer layer because it is reliable and the port number 72 is allocated to it. The information are encoded and signed digitally by SSL protocol in order to make it secure. In this way all information sent by MRT to Client RT or SRT, will be signed by private key of IPTC. Also the sent information to MRT will be encoded by the public key of IPTC so only MRT will be able to read the information. 3-2 Service provider in the IPT framework Internet service providers in IPT framework Internet Service Providers are the main service provider in IPT framework. An ISP makes it possible for subscribers to create an internet connection from different sources. Depending on the subscriber's demand, an ISP will provide services for subscribers by using analog, ISDN or DSL modems or frame relay or other high bandwidth techniques. Although transfering technology and some properties like bandwidth, reliability and cost are different in each of these services, at last they make it possible for subscribers to reach the internet. As any internet connection is made through an ISP, they play an important role in the IPT framework and have valuable information for tracing any IP address. network access systems (NAS) which are the input point for users to connect to the internet has log file that contain important information about physical connection point and start and finishing time of a connection to the internet made by users [12]. Many ISP give internet services to their subscribers dynamically using DHCP protocol. As in these servicing it may happen two different users in two distinctive times make connection with the same IP address, the information saved in this log file is so important to identify actual person who established a connection to the internet at the specified time. ISPs use accounting services for confirming identity and credit of the subscribers. These services connect to NAS services with Radious or +Taccas protocols [12]. As accounting service logs information of the identity, in case different users use the same physical point for connection, they play an important role in recognizing the main agent in traceback action. ISPs use NAT service Where there are too many subscribers and there is a limitation for allocating valid IP to all subscribers and also sometimes for enhancing interior security of the network [12]. NAT is between interior and internet network. In this topology, ISP offers private IP addresses to the subscribers dynamically or constantly. But all sent requests to the internet network will be sent with a valid IP address by NAT and received responses also will be changed to main IP after translation. NAT service uses different logical port numbers in 3 rd layer to distinguish received responses and sends each request with a distinctive port number. So remote sides see all made connections with a single IP with different port numbers and in the case of tracing an IP packet made by NAT service, that traceback will end to valid IP address of NAT. In this topology, logging of NAT events is essential in order to traceback And through these log files, it is possible to recognize to which interior IP a connection is related regarding output port. Also log file of the firewalls contain important information about connections created between interior and external points. Available information in this file can be used for receiving essential information when the user requests to know the information of all IP addresses communicate to its system in specific times and to know the kind of those connections. In IPT framework depending on the type of topology each ISP used, the process for IP address traceback differs. If ISP allocates a valid address to a person or organization constantly, this information will be saved in the database of SRD and when a traceback request for this IP address is received from MRT, information of the owner of that IP will be sent to MRT. If ISP serves subscribers dynamically, the log file of NAS contains information about time of internet connection and allocated IP address to each subscriber and phone number or dsl port with which connection has been made. This information has been given by SRD and will be sent to MRT. If ISP uses accounting service, SRD will be able to gain information of user s name and password in addition to above information. If ISP uses NAT service, when receiving a traceback request, first SRD finds characteristics of interior IP address from NAT log ISSN: ISBN:
5 file and then receive information about that IP from NAS or accounting service. Also log file of the firewalls can be used for receiving essential information when a user requests a complete traceback action. An SRD connection topology with different services in ISP is indicated in figure 3. this providers. So in order to trace an IP address successfully, cooperation of these service providers in IPT framework is essential, so that as long as traceback action end to them, they provide actual IP address for IPTC until the main target become recognized finally. To / from user Intranet network ANONYMIZER SERVER Intranet network Db of dedicated IP 3Fig.3: SRD connection topology in ISP MRT send a request on port 72 from public network to IP address which belongs to an ISP or anonymizer service provider in the framework. Listening on the port 72, SRD receives the request. Regarding to structure of ISP and data received from MRT, SRD use 5 state to find required information. These states have hierarchical in function as follows: Complete: SRD request the information of any IP addresses have made connection to given IP address in the specific time from log file of firewall Direct: in this state, SRD first searches information about given IP address in its database. NAT: is the second priority of SRD and if this mode is active, it finds IP address and port number of user side from NAT log file according to the received information. Accounting: SRD receives information of given IP address which has been sent directly from MRT or translated by NAT, through accounting service log file. This information includes phone number or user port, user s name and password and start and finish time of connection. NAS: is the lowest state of function. If accounting mode is not active, SRD will receive requested information including phone number or user port and start and finish time of connection through NAS log files Anonymizer service provider Unfortunately abuse of anonymizer proxy Services for doing crime actions is increasing. This capability makes it possible for cyber criminals to do their action and hide their identity without being worry of becoming recognized. Traceback the attacks done through these services lead to IP address of server of 4 Fig.4: SRD topology in anonymizer service When traceback of an IP address ends to anonymizer server, MRT receives information about actual IP address from these servers through SRD and follows its traceback according to actual IP address. If any of these providers don t cooperate in the IPT framework and traceback of IP address leads to the server owned by them, they ll be responsible. Also users of IPTC framework must use those anonymizer services which are confirmed by IPTC Structure of public services in IPT framework These services are used widely for cyber information theft. , FTP and IM servers offer 24 hours services, so criminals can gain given information from victim computer via them. Traceback these thefts leads to IP address of the server of these services. In many FTP services, uploading and downloading information anonymously is free, and in case of downloading robbed information it is not possible to accuse an individual as the agent of theft. In case of services, although user s name and password is essential for receiving and it is achievable through log file of IMAP or POP3 services to gain this information,but this information do not clarify the person s identity. Because during the creating an account, nothing is done for identity confirmation. However, these servers log the IP address through which information is read and it is possible to recognize the last target by using traceback approach. But if criminals used public places to have access to the network, the result of ISSN: ISBN:
6 this traceback will not work successfully. In General, if a server which gives services to different users generally and freely and without verification of identity, it is impossible to identify the real identity of the persons who use such services from public places. Therefore, a suitable strategy should be used and predict the appropriate policies in order to prevent these services being misused for malicious purposes. The method which is used within IPT framework for this purpose is based on prevention malwares to transfer information to public services. Also, IPTC apply the systematic limiting policies for public places of access to internet by which the offenders can not use such places to penetrate into the victim computer. These policies have been described later. The solution way used in IPT framework for prevention malwares to transfer information to public services is Captcha technique. Captcha denotes use of ambiguous phrases which are not readable by the machine but human may identify them only through adjustment them with the previous findings [13]. Currently, this technique is used in webmail (such Yahoo webmail) to prevent from spread of spams and some web pages to avoid identification of password through execution of several alternatives (Dictionary Attack) by the machine. But this given technique has not been predicted in SMTP, FTP, and IM. So to use these capabilities, some changes should be exerted in FTP, SMTP, and IM protocol. To implement these changes, Experts in IETF Organization who are responsible for interpretation of new protocols must to cooperate in IPT framework. Regarding to IM services, with respect to the fact that there is no any standard protocol for them and that different software companies use various techniques and specific exclusive protocols for them, IPTC shall oblige these companies to create such ability in their own products and warn the users against the risks which exist in IM software without Captcha ability. 3-3 Technical consideration for service providers within IPT framework In order to achieve IPTC goal, internet service providers should use hardware and software equipments with special capability and execute IPTC security policies as follows: Using firewalls and saving important information that is in header of packets, including origin and destination IP addresses, input and output ports, connection startup and termination times with W3c Standard Format in real time. These firewalls should be able to filter passing packets in Full State and should be able to filter them based on input and output IP address, input and output ports, Transfer and application layer protocol criteria. NAS equipment should save the information relating to the IP address include start and termination times of any internet connection and the connection terminal specification (telephone number, physical port, etc.al) in W3c Standard Format in real time. If internet service providers use NAT service, the information of internal IP addresses, external IP addresses, input and output ports and startup and termination time should be saved for each logical connection within W3c standard format. If internet service providers use their valid IP addresses for the normal subscribers (ones who only intend to use internet services), filter of firewall should be adjusted in such a way that it deletes the requests which are sent via internet to create a logical connection with these interior systems (SYC request in layer3). Considering that the systems with valid IP can be accessible throughout internet network, if some malware is installed on them and it activates a passive port, the victimized system is converted into a server, and malicious individuals may connect to this system at any point and extract its information. As it implied, if the attacker uses public places, tracking of such attacks will failed. This law guarantees that no normal system of ISP can be converted into a server. When one of subscribers would like to provide a service, only a port is opened which allocated for the given service and it is allowed to create a connection to the given port while the rest ports remain one- way. All internet service providers shall cooperate with IPTC and connect SRD software to log files of their own equipment according to the offered topology. Anonymizer service providers shall save all information of any actual IP addresses and actual ports, the altered IP addresses and ports, startup and termination times for each logical connection within W3c format. These service providers are also obliged to cooperate with IPTC and connect SRD program to log file of their servers and register their IP address and domain name in IPTC bank. and FTP service providers must use the modified protocol to give services to the subscribers ISSN: ISBN:
7 and register their IP address and domain name in IPTC database. Instant message service providers should use the software with Captcha ability and register their IP address and domain name in IPTC database. After verification by IPTC, a list of such IM software will be presented to users. In the case any of ISP, anonymizer or public service providers do not observe IPTC policies and would not cooperate with it, they will be responsible for any attack which ended to their IP addresses, and IPTC take the necessary measures to restrict their activity and or receiving any compensation for the losses incurred by users according to its regulations. 4- Conclusion The nature of communication protocols in TCP/IP model which is the prevalent model in the internet network is in such a way that no identity is verified for a transaction. Also, the existing of different kinds of services like anonymizer proxy, NAT, and DHCP services cause a failure for the traceback action of the IP address in most occasions. To limit cyber attacks, particularly ones that lead to users information theft, it requires offering a strategy for removing such limitations in order to make it possible to trace any IP addresses and identify attackers. In this paper IPT framework has been offered for making it possible to tracback the specified IP address, when a crime action occurred in TCP/IP based networks like internet and to identify it s agent. This goal achieved through communication and cooperation between IPTC and ISP service providers, anonymizer service providers and Public service providers. Implementation of this framework can be as an effective limiting factor for criminals who commit crime actions and threaten financial and intellectual capitals of users. available at: (Accessed: December 2009). [3] 2010 CyberSecurity Watch Survey, The Computer Crime Research Center (CCRC), available at: (Accessed: February 2010) [4] Alex C. Snoeren, et al, Hash-Based IP Traceback, Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications, Pages: 3-14 [5] Belenky, A. and Ansari, N., IP traceback with deterministic packet marking, IEEE Communications Magazine, v7 i [6] Andrey Belenky, Nirwan Ansari, Internet Deployment of DPM-based IP Traceback, Journal of Computing and Information Technology, 2008, CIT 16, 2, [7] Belenky, A. and Ansari, N., On IP traceback. IEEE Communications Magazine. v41 i [8] S.Karthik, V.PArunachlam, T.Ravichandran, A Comparative Study of Various IP Traceback Strategies and Simulation of IP Traceback, Asian Journal of Information Technolojy, 2008, 7(10), pp [9] Snoeren, C.A, et al., Single-Packet IP Traceback, IEEE/ACM Transactions on Networking (ToN), Volume 10, 2002, Pages: [10] Savage S, Wetherall D, Karlin A., Anderson T, Practical Network Support for IP Traceback. ACM SIGCOMM Computer Communication Review, Volume 30, 2003, Pages: [11] Cisco systems learning, Interconnecting Cisco Networking Devices, Cisco systems inc, 2007, part1, volume2. [12] Cisco systems learning, Building Scalable Cisco Internet works, Cisco systems inc, 2007, Volume1. [13] Rich Gossweiler, Maryam Kamvar, Shumeet Baluja, What s up CAPTCHA? A CAPTCHA Based On Image Orientation, ACM, Proceedings of the 18th International World Wide Web Conference, April 20 24, 2009, Pages: References: [1] Postel, RFC793: Transmission Control Protocol, Internet Engineering Task Force (IETF), available at: (Accessed: December 2009). [2] Droms, RFC 2131: Dynamic Host Configuration Protocol, Internet Engineering Task Force (IETF), ISSN: ISBN:
Discriminating DDoS Attacks from Flash Crowds in IPv6 networks using Entropy Variations and Sibson distance metric
Discriminating DDoS Attacks from Flash Crowds in IPv6 networks using Entropy Variations and Sibson distance metric HeyShanthiniPandiyaKumari.S 1, Rajitha Nair.P 2 1 (Department of Computer Science &Engineering,
More informationSchool of Computer Sciences Universiti Sains Malaysia Pulau Pinang
School of Computer Sciences Universiti Sains Malaysia Pulau Pinang Information Security & Assurance Assignment 2 White Paper Virtual Private Network (VPN) By Lim Teck Boon (107593) Page 1 Table of Content
More informationNetworking interview questions
Networking interview questions What is LAN? LAN is a computer network that spans a relatively small area. Most LANs are confined to a single building or group of buildings. However, one LAN can be connected
More informationProf. N. P. Karlekar Project Guide Dept. computer Sinhgad Institute of Technology
Volume 4, Issue 7, July 2014 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Advance Deterministic
More informationVirtual private networks
Technical papers Virtual private networks Virtual private networks Virtual private networks (VPNs) offer low-cost, secure, dynamic access to private networks. Such access would otherwise only be possible
More informationIdentifying Spoofed Packets Origin using Hop Count Filtering and Defence Mechanisms against Spoofing Attacks
Identifying Spoofed Packets Origin using Hop Count Filtering and Defence Mechanisms against Spoofing Attacks Israel Umana 1, Sornalakshmi Krishnan 2 1 M.Tech Student, Information Security and Cyber Forensic,
More informationYour projected and optimistically projected grades should be in the grade center soon o Projected: Your current weighted score /30 * 100
You should worry if you are below this point Your projected and optimistically projected grades should be in the grade center soon o Projected: Your current weighted score /0 * 100 o Optimistic: (Your
More informationAn Authentication Based Source Address Spoofing Prevention Method Deployed in IPv6 Edge Network
An Authentication Based Source Address Spoofing Prevention Method Deployed in IPv6 Edge Network Lizhong Xie, Jun Bi, and Jianpin Wu Network Research Center, Tsinghua University, Beijing, 100084, China
More informationProxy server is a server (a computer system or an application program) that acts as an intermediary between for requests from clients seeking
NETWORK MANAGEMENT II Proxy Servers Proxy server is a server (a computer system or an application program) that acts as an intermediary between for requests from clients seeking resources from the other
More informationNetworks and Communications MS216 - Course Outline -
Networks and Communications MS216 - Course Outline - Objective Lecturer Times Overall Learning Outcomes Format Programme(s) The objective of this course is to develop in students an understanding of the
More informationA Survey on Different IP Traceback Techniques for finding The Location of Spoofers Amruta Kokate, Prof.Pramod Patil
www.ijecs.in International Journal Of Engineering And Computer Science ISSN: 2319-7242 Volume 4 Issue 12 Dec 2015, Page No. 15132-15135 A Survey on Different IP Traceback Techniques for finding The Location
More informationA hybrid IP Trace Back Scheme Using Integrate Packet logging with hash Table under Fixed Storage
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 2, Issue. 12, December 2013,
More informationSpoofer Location Detection Using Passive Ip Trace back
Spoofer Location Detection Using Passive Ip Trace back 1. PALDE SUDHA JYOTHI 2. ARAVA NAGASRI 1.Pg Scholar, Department Of ECE, Annamacharya Institute Of Technology And Sciences,Piglipur, Batasingaram(V),
More informationVirtual Private Networks (VPNs)
CHAPTER 19 Virtual Private Networks (VPNs) Virtual private network is defined as customer connectivity deployed on a shared infrastructure with the same policies as a private network. The shared infrastructure
More informationDoS Attacks. Network Traceback. The Ultimate Goal. The Ultimate Goal. Overview of Traceback Ideas. Easy to launch. Hard to trace.
DoS Attacks Network Traceback Eric Stone Easy to launch Hard to trace Zombie machines Fake header info The Ultimate Goal Stopping attacks at the source To stop an attack at its source, you need to know
More informationDistributed Denial of Service (DDoS)
Distributed Denial of Service (DDoS) Defending against Flooding-Based DDoS Attacks: A Tutorial Rocky K. C. Chang Presented by Adwait Belsare (adwait@wpi.edu) Suvesh Pratapa (suveshp@wpi.edu) Modified by
More informationIEEE 802.1x, RADIUS AND DYNAMIC VLAN ASSIGNMENT
IEEE 802.1x, RADIUS AND DYNAMIC VLAN ASSIGNMENT Hüseyin ÇOTUK Information Technologies hcotuk@etu.edu.tr Ahmet ÖMERCİOĞLU Information Technologies omercioglu@etu.edu.tr Nurettin ERGİNÖZ Master Student
More informationBloom Filters. References:
Bloom Filters References: Li Fan, Pei Cao, Jussara Almeida, Andrei Broder, Summary Cache: A Scalable Wide-Area Web Cache Sharing Protocol, IEEE/ACM Transactions on Networking, Vol. 8, No. 3, June 2000.
More informationA Review Paper on Network Security Attacks and Defences
EUROPEAN ACADEMIC RESEARCH Vol. IV, Issue 12/ March 2017 ISSN 2286-4822 www.euacademic.org Impact Factor: 3.4546 (UIF) DRJI Value: 5.9 (B+) A Review Paper on Network Security Attacks and ALLYSA ASHLEY
More informationHow does the Internet Work? The Basics: Getting a Web Page. The Basics: Getting a Web Page. Client-Server model. The Internet: Basics
How does the Internet Work? When you type a URL (Uniform Resource Locator) into a Web Browser and press Return, what do you think happens? That is, what steps do you think are required to obtain a web
More informationThe Internet is not always a friendly place In fact, hosts on the Internet are under constant attack How to deal with this is a large topic
CSE 123 Computer Networking Fall 2009 Network security NAT, Firewalls, DDoS Geoff Voelker Network security The Internet is not always a friendly place In fact, hosts on the Internet are under constant
More informationn Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network
Always Remember Chapter #1: Network Device Configuration There is no 100 percent secure system, and there is nothing that is foolproof! 2 Outline Learn about the Security+ exam Learn basic terminology
More informationAparna Rani Dept. of Computer Network Engineering Poojya Doddappa Appa College of Engineering Kalaburagi, Karnataka, India
Capturing the Origins of IP Spoofers Using Passive IP Traceback Aparna Rani Dept. of Computer Network Engineering Poojya Doddappa Appa College of Engineering Kalaburagi, Karnataka, India aparna.goura@gmail.com
More informationInternet Protocol Addresses What are they like and how are the managed?
Internet Protocol Addresses What are they like and how are the managed? Paul Wilson APNIC On the Internet, nobody knows you re a dog by Peter Steiner, from The New Yorker, (Vol.69 (LXIX) no. 20) On the
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationAn Overview of Mobile Security
An Overview of Mobile Security Dr. Fan Wu Professor, Department of Computer Science, College of Business and Information Science (CBIS) Director, Center of Information Assurance Education (CIAE) Interim
More informationNetworks and the Internet A Primer for Prosecutors and Investigators
Computer Crime & Intellectual Property Section Networks and the Internet A Primer for Prosecutors and Investigators Computer Crime and Intellectual Property Section () Criminal Division, U.S. Department
More informationSecure VPNs for Enterprise Networks
Secure Virtual Private Networks for Enterprise February 1999 Secure VPNs for Enterprise Networks This document provides an overview of Virtual Private Network (VPN) concepts using the. Benefits of using
More informationSpecial Action Plan on Countermeasures to Cyber-terrorism of Critical Infrastructure (Provisional Translation)
Special Action Plan on Countermeasures to Cyber-terrorism of Critical Infrastructure (Provisional Translation) December 15, 2000 1. Goals of the Special Action Plan The goal of this action plan is to protect
More informationModern IP Communication bears risks
Modern IP Communication bears risks How to protect your business telephony from cyber attacks Voice-over-IP (VoIP) provides many new features over PSTN. However, the interconnection with your IT infrastructure
More informationLesson-1 Computer Security
Threats to computer Security: What do they mean by a threat? Lesson-1 Computer Security A threat, in the context of computer security, refers to anything that has the potential to cause serious harm to
More informationFull file at Chapter 2: Technology Infrastructure: The Internet and the World Wide Web
Chapter 2: Technology Infrastructure: The Internet and the World Wide Web TRUE/FALSE 1. Computer networks and the Internet form the basic technology structure that underlies all electronic commerce. T
More informationAPNIC s role in stability and security. Adam Gosling Senior Policy Specialist, APNIC 4th APT Cybersecurity Forum, 3-5 December 2013
APNIC s role in stability and security Adam Gosling Senior Policy Specialist, APNIC 4th APT Cybersecurity Forum, 3-5 December 2013 Overview Introducing APNIC Working with LEAs The APNIC Whois Database
More informationELEC / COMP 177 Fall 2015
ELEC / COMP 177 Fall 2015 Thursday, December 10 th 8am- 11am Same format as midterm Open notes, open computer, open internet 1 programming problem using Python Time limited 3 hours max Bring your Linux
More informationFireware-Essentials. Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7.
Fireware-Essentials Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7.0 http://www.gratisexam.com/ Fireware Essentials Fireware Essentials Exam Exam A QUESTION 1 Which
More informationLab10: NATing. addressing conflicts, routers must never route private IP addresses.
Introduction These are reserved private Internet addresses drawn from the three blocks shown in the figure. These addresses are for private, internal network use only. Packets containing these addresses
More informationLarge-Scale Internet Crimes Global Reach, Vast Numbers, and Anonymity
Computer Crime and Intellectual Property Section Large-Scale Internet Crimes Global Reach, Vast Numbers, and Anonymity Anthony V. Teelucksingh Computer Crime and Intellectual Property Section (CCIPS) Criminal
More informationChapter 10: Security and Ethical Challenges of E-Business
Chapter 10: Security and Ethical Challenges of E-Business Learning Objectives Identify several ethical issues in IT that affect employment, individuality, working condition, privacy, crime health etc.
More informationComputer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks
Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition Chapter 3 Investigating Web Attacks Objectives After completing this chapter, you should be able to: Recognize the indications
More informationEnhancing the Reliability and Accuracy of Passive IP Traceback using Completion Condition
Enhancing the Reliability and Accuracy of Passive IP Traceback using Completion Condition B.Abhilash Reddy 1, P.Gangadhara 2 M.Tech Student, Dept. of CSE, Shri Shiridi Sai Institute of Science and Engineering,
More informationIJSER. Virtualization Intrusion Detection System in Cloud Environment Ku.Rupali D. Wankhade. Department of Computer Science and Technology
ISSN 2229-5518 321 Virtualization Intrusion Detection System in Cloud Environment Ku.Rupali D. Wankhade. Department of Computer Science and Technology Abstract - Nowadays all are working with cloud Environment(cloud
More informationPTLGateway Acceptable Use Policy
1 PTLGateway Acceptable Use Policy Last Updated Date: 02 March 2018 Acceptable Use Policy Your use of our Services must fall within our Acceptable Usage Policy. Contents Key details... 1 COVERAGE OF THIS
More informationFirewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003
Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003 A system or combination of systems that enforces a boundary between two or more networks - NCSA
More informationChoosing The Best Firewall Gerhard Cronje April 10, 2001
Choosing The Best Firewall Gerhard Cronje April 10, 2001 1. Introduction Due to the phenomenal growth of the Internet in the last couple of year s companies find it hard to operate without a presence on
More informationCritical Issues in IP Addressing
Critical Issues in IP Addressing PITA 14th AGM and Conference Critical issues 27 April 2010 Paul Wilson Director General, APNIC Overview Introduction The main game IPv4 Consumption Transition to IPv6 Security
More informationCase Study: CCNA Cap Stone
Case Study: CCNA Cap Stone TOPICS COVERED Advanced Routing WAN simulation Frame Relay ISDN PPP DDR CHAP VLANS NAT DHCP Trunking Access Lists Security Copyright 2005 by Lukasz Tomicki PGP
More informationTable of Contents. Cisco How NAT Works
Table of Contents How NAT Works...1 This document contains Flash animation...1 Introduction...1 Behind the Mask...2 Dynamic NAT and Overloading Examples...5 Security and Administration...7 Multi Homing...9
More informationInvestigating . Tracing & Recovery
Investigating Email Tracing & Recovery Overview Email has become a primary means of communication. Email can easily be forged. Email can be abused Spam Aid in committing a crime Threatening email, Email
More informationPURPOSE STATEMENT FOR THE COLLECTION AND PROCESSING OF WHOIS DATA
PURPOSE STATEMENT FOR THE COLLECTION AND PROCESSING OF WHOIS DATA The GDPR requires that the collection and processing of personal data be for specified, explicit and legitimate purposes. (Article 5(1)(b).
More informationBroadband Internet Access Disclosure
Broadband Internet Access Disclosure This document provides information about the network practices, performance characteristics, and commercial terms applicable broadband Internet access services provided
More informationAltitude Software. Data Protection Heading 2018
Altitude Software Data Protection Heading 2018 How to prevent our Contact Centers from Data Leaks? Why is this a priority for Altitude? How does it affect the Contact Center environment? How does this
More informationTraining UNIFIED SECURITY. Signature based packet analysis
Training UNIFIED SECURITY Signature based packet analysis At the core of its scanning technology, Kerio Control integrates a packet analyzer based on Snort. Snort is an open source IDS/IPS system that
More informationStep-by-Step Configuration
Step-by-Step Configuration Kerio Technologies C 2001-2004 Kerio Technologies. All Rights Reserved. Printing Date: April 25, 2004 This guide provides detailed description on configuration of the local network
More informationArdmore Telephone Network TRANSPARENCY statement
Ardmore Telephone Network TRANSPARENCY statement Ardmore Telephone ( Ardmore Telephone or Company ) provides this Network Transparency Statement in accordance with the FCC s Restore Internet Freedom Rules
More informationNT1210 Introduction to Networking. Unit 9:
NT1210 Introduction to Networking Unit 9: Chapter 9, The Internet Objectives Identify the major needs and stakeholders for computer networks and network applications. Identify the classifications of networks
More informationRussian Cyber Attack Warning and Impact on AccessEnforcer UTM Firewall
Russian Cyber Attack Warning and Impact on AccessEnforcer UTM Firewall 1 U.S. and U.K. authorities last week alerted the public to an on-going effort to exploit network infrastructure devices including
More informationGeographical Division Traceback for Distributed Denial of Service
Journal of Computer Science 8 (2): 216-221, 2012 ISSN 1549-3636 2012 Science Publications Geographical Division Traceback for Distributed Denial of Service 1 Viswanathan, A., 2 V.P. Arunachalam and 3 S.
More informationIPv6 migration challenges and Security
IPv6 migration challenges and Security ITU Regional Workshop for the CIS countries Recommendations on transition from IPv4 to IPv6 in the CIS region, 16-18 April 2014 Tashkent, Republic of Uzbekistan Desire.karyabwite@itu.int
More informationThe Challenge of Spam An Internet Society Public Policy Briefing
The Challenge of Spam An Internet Society Public Policy Briefing 30 October 2015 Introduction Spam email, those unsolicited email messages we find cluttering our inboxes, are a challenge for Internet users,
More informationCCNA 4 - Final Exam (A)
CCNA 4 - Final Exam (A) 1. A network administrator is asked to design a system to allow simultaneous access to the Internet for 250 users. The ISP for this network can only supply five public IPs. What
More informationNEW INNOVATIONS NEED FOR NEW LAW ENFORCEMENT CAPABILITIES
NEW INNOVATIONS NEED FOR NEW LAW ENFORCEMENT CAPABILITIES Kristina Doda & Aleksandar Vanchoski Budapest, CEPOL conference 2017 New technologies - new social interactions and economic development - need
More informationBEST PRACTICES FOR PERSONAL Security
BEST PRACTICES FOR PERSONAL Email Security Sometimes it feels that the world of email and internet communication is fraught with dangers: malware, viruses, cyber attacks and so on. There are some simple
More informationWAFA X3 Evolution Grade of Service. 13 October 2008
Evolution Grade of Service 13 October 2008 1 Grades of Service at a glance The following table (Figure 1) highlights the various Grades of Service that are available on the Evolution Service. It enables
More informationSURVEY ON NETWORK ATTACK DETECTION AND MITIGATION
SURVEY ON NETWORK ATTACK DETECTION AND MITIGATION Welcome to the da/sec survey on network attack detection and mitigation. Network-based attacks pose a strong threat to the Internet landscape and academia
More informationIt s still very important that you take some steps to help keep up security when you re online:
PRIVACY & SECURITY The protection and privacy of your personal information is a priority to us. Privacy & Security The protection and privacy of your personal information is a priority to us. This means
More informationDenial of Service, Traceback and Anonymity
Purdue University Center for Education and Research in Information Assurance and Security Denial of Service, Traceback and Anonymity Clay Shields Assistant Professor of Computer Sciences CERIAS Network
More informationPKI-An Operational Perspective. NANOG 38 ARIN XVIII October 10, 2006
PKI-An Operational Perspective NANOG 38 ARIN XVIII October 10, 2006 Briefing Contents PKI Usage Benefits Constituency Acceptance Specific Discussion of Requirements Certificate Policy Certificate Policy
More informationCYBERCRIME AS A NEW FORM OF CONTEMPORARY CRIME
FACULTY OF LAW DEPARTEMENT: CIVIL LAW MASTER STUDY THEME: CYBERCRIME AS A NEW FORM OF CONTEMPORARY CRIME Mentor: Prof. Ass. Dr. Xhemajl Ademaj Candidate: Abdurrahim Gashi Pristinë, 2015 Key words List
More informationA Comprehensive CyberSecurity Policy
A Comprehensive CyberSecurity Policy Review of ALL NGFW Capabilities Attack Surface Reduction From Complex to Comprehensive Before and After of a PANW customer 1 2 1 Enhanced Policy on the L7 layer Leverage
More informationIT220 Network Standards & Protocols. Unit 9: Chapter 9 The Internet
IT220 Network Standards & Protocols Unit 9: Chapter 9 The Internet 3 Objectives Identify the major needs and stakeholders for computer networks and network applications. Identify the classifications of
More informationGeneral Data Protection Regulation. May 25, 2018 DON T PANIC! PLAN!
General Data Protection Regulation May 25, 2018 DON T PANIC! PLAN! Protect the human behind the data record. On May 25, 2018 the General Data Protection Regulation (GDPR) is entering into force. It requires
More informationInter-domain routing validator based spoofing defence system
University of Wollongong Research Online Faculty of Informatics - Papers (Archive) Faculty of Engineering and Information Sciences 2010 Inter-domain routing validator based spoofing defence system Lei
More informationNetworks and the Internet A Primer for Prosecutors and Investigators
Computer Crime & Intellectual Property Section Networks and the Internet A Primer for Prosecutors and Investigators Al Rees Trial Attorney Computer Crime and Intellectual Property Section () Criminal Division,
More informationAN IPSWITCH WHITEPAPER. The Definitive Guide to Secure FTP
AN IPSWITCH WHITEPAPER The Definitive Guide to Secure FTP The Importance of File Transfer Are you concerned with the security of file transfer processes in your company? According to a survey of IT pros
More informationAsheville-Buncombe Technical Community College Department of Networking Technology. Course Outline
Course Number: NET 226 Course Title: Routing and Switching II Class Hours: 1 Lab Hours: 4 Credit Hours: 3 Course Description: This course introduces WAN theory and design, WAN technology, PPP, Frame Relay,
More informationA Lightweight IP Traceback Mechanism on IPv6
A Lightweight IP Traceback Mechanism on IPv6 Syed Obaid Amin, Myung Soo Kang, and Choong Seon Hong School of Electronics and Information, Kyung Hee University, 1 Seocheon, Giheung, Yongin, Gyeonggi, 449-701
More informationCOSC 301 Network Management
COSC 301 Network Management Lecture 21: Firewalls & NAT Zhiyi Huang Computer Science, University of Otago COSC301 Lecture 21: Firewalls & NAT 1 Today s Focus How to protect an intranet? -- Firewall --
More informationMeeting 39. Guest Speaker Dr. Williams CEH Networking
Cyber@UC Meeting 39 Guest Speaker Dr. Williams CEH Networking If You re New! Join our Slack ucyber.slack.com Feel free to get involved with one of our committees: Content, Finance, Public Affairs, Outreach,
More informationIPv6 Security (Theory vs Practice) APRICOT 14 Manila, Philippines. Merike Kaeo
IPv6 Security (Theory vs Practice) APRICOT 14 Manila, Philippines Merike Kaeo merike@doubleshotsecurity.com Current IPv6 Deployments Don t break existing IPv4 network Securing IPv6 Can t secure something
More informationAcceptable Use Policy (AUP)
Acceptable Use Policy (AUP) Questions regarding this policy and complaints of violations of this policy by PLAINS INTERNET users can be directed to support@plainsinternet.com. Introduction Plains Internet
More informationSecurity & Phishing
Email Security & Phishing Best Practices In Cybersecurity Presenters Bill Shieh Guest Speaker Staff Engineer Information Security Ellie Mae Supervisory Special Agent Cyber Crime FBI 2 What Is Phishing?
More information20-CS Cyber Defense Overview Fall, Network Basics
20-CS-5155 6055 Cyber Defense Overview Fall, 2017 Network Basics Who Are The Attackers? Hackers: do it for fun or to alert a sysadmin Criminals: do it for monetary gain Malicious insiders: ignores perimeter
More informationGarry Mukelabai Communications Authority Zambia
Garry Mukelabai Communications Authority Zambia ICT in Zambia. Current and Future Legislations. Way Forward? Pop 12 million. Zambia pioneers of internet in region. Over 10 Internet Service Providers Internet
More informationGrades of Service at a glance
1st August 2013 Grades of Service at a glance The following table (Figure 1) highlights the various Grades of Service that are available on the Bentley X3 Evolution Service. It enables people to easily
More informationSegmentation for Security
Segmentation for Security Do It Right Or Don t Do It At All Vidder, Inc. Segmentation for Security 1 Executive Summary During the last 30 years, enterprises have deployed large open (flat) networks to
More informationETNO Reflection Document on the EC Proposal for a Directive on Network and Information Security (NIS Directive)
ETNO Reflection Document on the EC Proposal for a Directive on Network and Information Security (NIS Directive) July 2013 Executive Summary ETNO supports the European Commission s global approach to cyber-security
More informationON-LINE EXPERT SUPPORT THROUGH VPN ACCESS
ON-LINE EXPERT SUPPORT THROUGH VPN ACCESS P. Fidry, V. Rakotomanana, C. Ausanneau Pierre.fidry@alcatel-lucent.fr Alcatel-Lucent, Centre de Villarceaux, 91620, Nozay, France Abstract: As a consequence of
More informationINTRODUCTORY INFORMATION TECHNOLOGY COMMUNICATING OVER NETWORKS. Faramarz Hendessi
INTRODUCTORY INFORMATION TECHNOLOGY COMMUNICATING OVER NETWORKS Faramarz Hendessi INTRODUCTORY INFORMATION TECHNOLOGY Lecture 6 Fall 2010 Isfahan University of technology Dr. Faramarz Hendessi Overview
More informationFRONT RUNNER DIPLOMA PROGRAM Version 8.0 INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months
FRONT RUNNER DIPLOMA PROGRAM Version 8.0 INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months MODULE: INTRODUCTION TO INFORMATION SECURITY INFORMATION SECURITY ESSENTIAL TERMINOLOGIES
More informationInformation Security Management Criteria for Our Business Partners
Information Security Management Criteria for Our Business Partners Ver. 2.1 April 1, 2016 Global Procurement Company Information Security Enhancement Department Panasonic Corporation 1 Table of Contents
More informationLECTURE WK4 NETWORKING
LECTURE WK4 NETWORKING Workbook and Quiz Workbook o Due in WK5 o Must hand in a hard copy to the tutor as well as an online submission Quiz o In the practical class o 30mins to complete the quiz o Short,
More informationFixed Internetworking Protocols and Networks. IP mobility. Rune Hylsberg Jacobsen Aarhus School of Engineering
Fixed Internetworking Protocols and Networks IP mobility Rune Hylsberg Jacobsen Aarhus School of Engineering rhj@iha.dk 1 2011 ITIFN Mobile computing Vision Seamless, ubiquitous network access for mobile
More informationIngate Firewall & SIParator Product Training. SIP Trunking Focused
Ingate Firewall & SIParator Product Training SIP Trunking Focused Common SIP Applications SIP Trunking Remote Desktop Ingate Product Training Common SIP Applications SIP Trunking A SIP Trunk is a concurrent
More informationFintech District. The First Testing Cyber Security Platform. In collaboration with CISCO. Cloud or On Premise Platform
Fintech District The First Testing Cyber Security Platform In collaboration with CISCO Cloud or On Premise Platform WHAT IS SWASCAN? SWASCAN SERVICES Cloud On premise Web Application Vulnerability Scan
More informationIP TRACEBACK (PIT): A NOVEL PARADIGM TO CATCH THE IP SPOOFERS
IP TRACEBACK (PIT): A NOVEL PARADIGM TO CATCH THE IP SPOOFERS Edama Naga sunitha #1 and G. Karunakar *2 # STUDENT, DEPT OF C.S.E, NRI INSTITUTE OF TECHNOLOGY,AGIRIPAALI, A.P, INDIA *2 Asst. Prof., DEPT
More informationHX Grade of Service W3a & Sesat2 Middle East. 16 Jan 2008
HX Grade of Service W3a & Sesat2 Middle East 16 Jan 2008 1 Grades of Service at a glance The following table (Figure 1) highlights the various Grades of Service that are available on the BENTLEY HX Service.
More informationQ-Balancer Range FAQ The Q-Balance LB Series General Sales FAQ
Q-Balancer Range FAQ The Q-Balance LB Series The Q-Balance Balance Series is designed for Small and medium enterprises (SMEs) to provide cost-effective solutions for link resilience and load balancing
More informationNISCC Technical Note 06/02: Response to Distributed Denial of Service (DDoS) Attacks
NISCC Technical Note 06/02: Response to Distributed Denial of Service (DDoS) Attacks Background This NISCC technical note is intended to provide information to enable organisations in the UK s Critical
More informationAbstract. main advantage with cloud computing is that, the risk of infrastructure maintenance reduces a
Abstract Cloud computing is the key technology widely used across most of the organizations. The main advantage with cloud computing is that, the risk of infrastructure maintenance reduces a lot. Most
More informationINTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY
Gayatri Chavan,, 2013; Volume 1(8): 832-841 T INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY A PATH FOR HORIZING YOUR INNOVATIVE WORK RECTIFIED PROBABILISTIC PACKET MARKING
More information