IPv6 and New Security Paradigm
|
|
- Barnaby Dawson
- 6 years ago
- Views:
Transcription
1 Doc. No. 79 IPv6 and New Security Paradigm 2 nd December 2003 NTT Communications IPv6 project Yasuki SAITO
2 2 Agenda 1. Introduction to IPv6 2. Security Myth 3. IPv6 s s security merit and demerit 4. New security paradigm 5. New mechanisms (P2P VPN and PIA)
3 3 Agenda 1. Introduction to IPv6 2. Security Myth 3. IPv6 s s security merit and demerit 4. New security paradigm 5. New mechanisms (P2P VPN and PIA)
4 4 Characteristics of IPv6 protocol Expansion of address space ( >2 128 ). Equipped with Security functions (IPsec). QoS (Quality of Service) functions. Plug and Play. Systematic address structure (routing becomes easy).
5 5 Characteristics of IPv6 Internet Free from NAT (Network Address Translation) Problem. Realization of true Peer to Peer model. Networking Non-PCs (Home appliances, cars, any products, environmental sensors and information itself!). Security and QoS. Broadband?
6 6 New Internet Model Global IP address Mobile equipment NAT IPv4 Data exchange Real-time data distribution Remote Control Mobile NW Secure End-to-End Communication LAN Remote Maintenance IPv6 Private address Home Network Home appliance OA equipment IPv4 : one-way communication due to NAT the business model is client & server. IPv6: two-way communication two-way communications between appliance and mobile new internet business models will be created
7 7 Agenda 1. Introduction to IPv6 2. Security Myth 3. IPv6 s s security merit and demerit 4. New security paradigm 5. New mechanisms (P2P VPN and PIA)
8 8 Internet is insecure myth 1. Internet is full of malicious crackers. 2. Open system is dangerous, closed system is safe. 3. Open source software is dangerous. 4. If you use cryptography, you can get safety. 5. It is always safe or dangerous (all or nothing argument). 6. You cannot avoid intrusion of viruses. 7. There is no escape from SPAM mails. 8. You cannot avoid port attack (such as DoS attack).
9 9 Myth 2: Open system is dangerous, closed system is safe. It is true that you do not get attacked from outside if your network is closed. But people inside often cause trouble. American statistics says 80% of information leak is from inside. Security awareness will be paralyzed if you think you are safe because your network is closed.
10 10 Agenda 1. Introduction to IPv6 2. Security Myth 3. IPv6 s s security merit and demerit 4. New security paradigm 5. New mechanisms (P2P VPN and PIA)
11 11 End-to-End secure communication (merit) Easy Easy to to setup setup IP-VPN between End-to-End terminals with with IPv6 IPv6 IPv4 Site to Site secure communications Private address segments Branch A IPsec Node NAT Global address segments Secure Transmission IPv4 Internet IPsec R R Node Private address segments NAT Branch B Low security in the LAN segments Low interoperability between deferent vendors Global address segments Secure Transmission IPv6 End to End secure communications Branch A R IPv6 Internet Secure Transmission R R Branch B End to End secure communications Easy to set up new connection Partner company
12 12 IPv6 s security threat (demerit) Crackers does not distinguish IPv4 and IPv6, so certain type of Internet threats continue even in IPv6 Internet World. Everything becomes reachable from anywhere.
13 13 Agenda 1. Introduction to IPv6 2. Security Myth 3. IPv6 s s security merit and demerit 4. New security paradigm 5. New mechanisms (P2P VPN and PIA)
14 14 Closed is safe to Open yet safe IPv6 s benefit is only appreciated when IPv6 network is open. If you stick to closeness, you may be safe, but you cannot enjoy many new features of IPv6 Internet. But open network is not completely safe without certain precautions and security assuring mechanisms.
15 15 Agenda 1. Introduction to IPv6 and NTT Communications IPv6 activities 2. Security Myth 3. IPv6 s s security merit and demerit 4. New security paradigm 5. New mechanisms (P2P VPN and PIA)
16 16 IPv6 P2P VPN (MyNet Manager) IPsec IPsecpolicy server server to to provide provide IPsec IPsecpolicy file file to to each each peer peer on on demand demand - - Effortless Effortless setup: setup: No No or or low low skill skill requirements requirements Just Just register register your your communication communication partner partner on on the the web web - - Adaptable Adaptable to to all all communication communication mode mode : : Client-Server, Client-Server, Peer-to-Peer, Peer-to-Peer, Mobile Mobile - - Secure Secure instant instant communication communication : : Connect Connect instantly, instantly, while while achieving achieving end-to-end end-to-end security security Branch Office :A VERIO VERIO Data Data Center Center CA IPsec Policy Server Headquarters IPsec Policy Strategic Team IPsec NTT/VERIO IPv6 Global Backbone Branch office :B IPsec IPsec Server IPsec?? HOTSPOT Digital Certificate Jointly developed by cracker
17 17 Case study : Remote control for Data Center Data Center Data Center IPv6 Internet IPsec Operation center center Data Data Center Camera Thermometer Monitor and control the Data Center Fan
18 18 Case study : Building Monitoring Solution Monitoring Monitoring solution solution provider provider controls controls devices devices over over secure secure channel channel IPv6 Internet IPsec Operation Operation center center Office Office Building Building Camera, Camera, door door key, key, safe safe are are controlled controlled by by IPv6 IPv6 IPsec. IPsec. Also, Also, air air conditioning, conditioning, lighting lighting can can be be controlled controlled remotely remotely to to save save energy energy consumption. consumption.
19 19 Case Study: Personal Remote Access IPv4 (conventional model) Access from MANY Home Home / SOHO SOHO LAN Access from IN-side to OUT-side IPv4 Internet Web server Mail server Company s Intranet IPv6 (improved model) outside Home Home / SOHO SOHO Access from OUT-side to IN-side LAN IPv6 Internet Mobile Network Access from ONLY Myself
20 PIA (Plug-and-Play IPsec Architecture) 1. Configuration-less Plain IP communications, at first Configuration-less 2. Protected by IPsec after a while (Authentication-less, and vulnerable to man-in-the-middle at this phase) 3 (optional). Each device has unique ID and shares symmetry key Trusted Server with the trusted server 20 -Proved to be man-in-the-middle free -Authenticated -Authorized -Logged
21 21 IPsec Discovery 1/2 IPsec Discovery does not affect communications with legacy systems IPsec Discovery supported host Legacy host #1 TCP SYN IP header IPsec Discovery bit (inside IP header, can be in TOS for v4 and flow label for v6 for example) #2 IP header TCP SYN ACK #3 TCP ACK IP header The peer replies to #1 in the ordinary way if IPsec Discovery is not supported
22 IPsec Discovery 2/2 Key Exchange triggered by IPsec Discovery IPsec Discovery supported HOST-A IPsec Discovery supported HOST-B #1 #2 TCP SYN IP header IP header TCP SYN ACK Receiving a packet with IPsec Discovery bit set, HOST-B kicks off Background Key Exchange #3 TCP ACK IP header IP header UDP SPIi, g^i mod p #4 #5 #6 Data Data TCP TCP ESP IP header IP header IP header TCP SPIi, SPIr, g^r mod p, Nr Data UDP IP header IP header UDP SPIi, SPIr, Nr 22 #7 Encrypted with IPsec IP header TCP Data Encrypted with IPsec IPsec SAs and Security Policy is installed according to Background Key Exchange
23 23 Conclusions IPv6 movement is a shift from current Internet practice to completely new way of thinking about security. IPv6 Internet is inherently open network, and you must consider security in this open context. Even within open network, if you use various mechanisms, you can guarantee security. So, let s stop thinking closed is safe, and seek for a new paradigm open yet safe!
24 24 Thank you very much for your attention! URL : Mail : ipv6@ntt.com
25 25 About NTT Group and NTT Communications Group Total Operating Revenues 2002 : $86 Billion Stock Holding Company 100% 100% 67% 54% NTT Data Local Telecoms in Japan 100% Mobile Systems Development 100% Long Distance, International And Internet Services Other Subsidiaries International Data Service, IP Service Data Center & Web Hosting in the U.S. and Europe
26 26 NTT/VERIO s Evolution in IPv6 activities p2p application trial MyNetManager Join European Project 6net Application layer Join Chinese Project 6TNet Join Japanese National Project Research Phase Trial Phase Commercial Service Phase - NTT Labs started global IPv6 research network - Verio joined 6bone in the U.S. - NTT Com obtained stla address - NTT/VERIO started the world s first commercial IPv6 service in Japan Network layer OCN Tunneling Trial (200 users) Services in Japan - NTT MCL started commercial IPv6-IX service in the U.S. NTT Europe IPv6 Trial (400 users) Service in Europe Service in Hong Kong Services in Malaysia / Australia Services in Korea, Taiwan, and The U.S.
27 NTT/VERIO Global IPv6 Backbone and services NTT/VERIO IPv6 Backbone NSPIXP6 JPNAP6 PAIX S-IX EQUI6IX UK6X LINX AMS-IX Korea Korea Hong Kong Hong Kong Taiwan Taiwan Japan Japan The U.S. The U.S. Malaysia Malaysia Australia Australia Europe Europe 27 OCN in Japan IPv6&IPv4 DUAL ADSL IPv6 over IPv4 TUNNEL IPv6 NATIVE transit Our Strength Global IPv6 networks covering Asia, US, Europe Providing commercial IPv6 transit services in Japan (Apr 01-), in Europe (Feb 03-) in U.S. (June 03-) and many Asia-Pacific countries (June 03-) More than 3 year s experience in running 24x7 monitoring and operations by NTT/VERIO dual NOC in Japan and U.S. Main IPv6-IX Connection Optimal IPv6 routes
28 28 Other activities:
Stan Barber Vice President Product Management & Engineering Verio Network Services. Setting IPv6 In Motion
Stan Barber Vice President Product Management & Engineering Verio Network Services Setting IPv6 In Motion NTT/VERIO Global IPv6 Backbone and Services NSPIXP6 JPNAP6 PAIX S-IX EQUI6IX UK6X LINX AMS-IX S.
More informationNew IPv6 Connectivity Services
New Connectivity Services 46 New Connectivity Services Expansion of Global Services by NTT Communications Corporation Shinichi Ezaka Toshihito Shibata OVEVIEW: Protocol Version 6 () has been proposed as
More informationUnited States IPv6 Summit: Reston, VA STAN BARBER December 10, 2004
IPv6 Maturity from an ISP's Perspective United States IPv6 Summit: Reston, VA STAN BARBER December 10, 2004 1 NTT Communications IPv6 Service History 1996: NTT Labs started one of the world s largest global
More informationImpact of IPv6 On By Default in ISP
Impact of IPv6 On By Default in ISP VIETNAM IPV6 DAY 2014 NTT Communications Corporation Network Services Yasuhiro Shirasaki 2014-05-06 Agenda 1. Background 2. How we turned On IPv6 3. The impact of IPv6
More informationIPv6 in Service - NTT Communications case
in Service - NTT Communications case VIETNAM IPV6 DAY 2013 NTT Communications Corporation Network Services Seiji Ariga 2013-05-06 GIN ( Global IP Network ) and our capacity NTT
More informationIPv6 Deployment Status in Japan
IPv6 Deployment Status in Japan IPv6 Promotion Council Tomy Issa 2005/5/26 IPv6 Promotion Council of Japan 1 Agenda Overview of e-japan (2001 2005) A glimpse of u-japan (2006-2010) A sample of vendors
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.
More informationExecutive Summary...1 Chapter 1: Introduction...1
Table of Contents Executive Summary...1 Chapter 1: Introduction...1 SSA Organization... 1 IRM Strategic Plan Purpose... 3 IRM Strategic Plan Objectives... 4 Relationship to Other Strategic Planning Documents...
More informationExecutive Vice President, General Manager of Solution Business Division NTT Communications Corp. Cyberspace Security for Aviation Security
Aviation Security and IT Technologies Masayuki Nomura Executive Vice President, General Manager of Solution Business Division NTT Communications Corporation Jun 30th, 2004 Agenda Company Overview Cyberspace
More informationIPv6 migration challenges and Security
IPv6 migration challenges and Security ITU Regional Workshop for the CIS countries Recommendations on transition from IPv4 to IPv6 in the CIS region, 16-18 April 2014 Tashkent, Republic of Uzbekistan Desire.karyabwite@itu.int
More informationVision & Way Forward
2 It takes Passion & Patience! 3 Perception: IPv4 is Innovation - IPv6: an Upgrade Political Goodwill Yv4 Not needed Yv6 Needed? Business Drivers Innovation Upgrade Technology Value Powerful Same & More
More informationAbout NTT. NTT - A global IPv6 deployment case study. IPv6 beyond the transition. Adoption considerations An Adoption how-to
About NTT NTT - A global IPv6 deployment case study Adoption considerations An Adoption how-to IPv6 beyond the transition Hikari-TV Earthquake warning service 2 AT&T Verizon Communications NTT* 118.9 93.7
More information2010/TEL41/DSG/WKSP2/013 Agenda Item: Demo. Our IPv6 Challenges. Submitted by: Japan
2010/TEL41/DSG/WKSP2/013 Agenda Item: Demo Our IPv6 Challenges Submitted by: Japan Workshop for IPv6: Transforming the Internet Chinese Taipei 8 May 2010 Agenda 2010 May 8 th Nguyen Huu Bach NTT Communications
More informationASREN Arab States Research and Education Network
ASREN Arab States Research and Education Network IPv6 & NREN Internet2 Middle East Regional Interest Group Meeting Amman Jordan 13 Dec. 2011 Alaa AL-Din Al-Radhi IPv6, Cyber Security & Emerging Technologies:
More informationDistributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013
Distributed Systems 27. Firewalls and Virtual Private Networks Paul Krzyzanowski Rutgers University Fall 2013 November 25, 2013 2013 Paul Krzyzanowski 1 Network Security Goals Confidentiality: sensitive
More informationDeploying IPv6 Services
Deploying IPv6 Services gogo6.com gogonet.gogo6.com January 2010 gogo6 2010 1 Company Overview IPv6 products, community and services Hardware and software for network operators to go v6 Social network
More informationSchool of Computer Sciences Universiti Sains Malaysia Pulau Pinang
School of Computer Sciences Universiti Sains Malaysia Pulau Pinang Information Security & Assurance Assignment 2 White Paper Virtual Private Network (VPN) By Lim Teck Boon (107593) Page 1 Table of Content
More informationCONTENTS. vii. Chapter 1 TCP/IP Overview 1. Chapter 2 Symmetric-Key Cryptography 33. Acknowledgements
CONTENTS Preface Acknowledgements xiii xvii Chapter 1 TCP/IP Overview 1 1.1 Some History 2 1.2 TCP/IP Protocol Architecture 4 1.2.1 Data-link Layer 4 1.2.2 Network Layer 5 1.2.2.1 Internet Protocol 5 IPv4
More informationIPv6 Deployment Overview & Policy Update
IPv6 Deployment Overview & Policy Update Takuya MIYOSHI Internet Policy Office Ministry of Internal Affairs and Communications, Japan 24 th February, 2005 History and Acceleration of Japan s IT Strategy
More informationFinancial Results for 1 st Half of Fiscal Year Ending March 31, November 9, 2011
Financial Results for 1 st Half of Fiscal Year Ending March 31, 2012 November 9, 2011 The forward-looking statements and projected figures concerning the future performance of NTT Com, its parent company
More informationIPv6 Deployment Status in Japan
IPv6 Deployment Status in Japan Takashi L. Nakamura IPv6 Promotion Council of Japan / Mitsubishi Research Institute, INC. Agenda 1. Governmental Activities 2. IPv6 Application and Service 3. Conclusion
More informationCisco RV180 VPN Router
Cisco RV180 VPN Router Secure, high-performance connectivity at a price you can afford. Figure 1. Cisco RV180 VPN Router (Front Panel) Highlights Affordable, high-performance Gigabit Ethernet ports allow
More informationIPv6 & Home Appliances - New Trend of the Internet -
International Telecommunication Union IPv6 & Home Appliances - New Trend of the Internet - Makoto Saito NTT Communications Internet and the New Trend Conventional (IPv4) PC Developed (IPv6) Home Appliances
More informationNetwork. Arcstar Universal One
Network Universal One ARCSTAR UNIVERSAL ONE Universal One Enterprise Network NTT Communications' Universal One is a highly reliable, premium-quality network service, delivered and operated in more than
More informationIPCOM EX Series for Realizing Network Stability and Safety
IPCOM EX Series for Realizing Stability and Safety V Shoji Temma (Manuscript received June 8, 2007) Stability and safety are essential requirements in today s enterprise IT systems. This paper discusses
More informationPublic Cloud Connection for R&E Network. Jin Tanaka APAN-JP/KDDI
Public Cloud Connection for R&E Network Jin Tanaka APAN-JP/KDDI 45th APAN Meeting in Singapore 28th March 2018 Hyper Scale Public cloud and research & science data NASA EOSDIS(Earth Observing System Data
More informationIPv6 Security Vendor Point of View. Eric Vyncke, Distinguished Engineer Cisco, CTO/Consulting Engineering
IPv6 Security Vendor Point of View Eric Vyncke, evyncke@cisco.com Distinguished Engineer Cisco, CTO/Consulting Engineering 1 ARP Spoofing is now NDP Spoofing: Threats ARP is replaced by Neighbor Discovery
More informationNumerics I N D E X. 3DES (Triple Data Encryption Standard), 48
I N D E X Numerics A 3DES (Triple Data Encryption Standard), 48 Access Rights screen (VPN 3000 Series Concentrator), administration, 316 322 Action options, applying to filter rules, 273 adding filter
More informationIPV6 THE NEXT GENERATION INTERNET PROTOCOL. Oulu, March 2006
Electronic Communications Committee (ECC) within the European Conference of Postal and Telecommunications Administrations (CEPT) IPV6 THE NEXT GENERATION INTERNET PROTOCOL Oulu, March 2006 Page 2 EXECUTIVE
More informationPrecisionAccess Trusted Access Control
Data Sheet PrecisionAccess Trusted Access Control Defeats Cyber Attacks Credential Theft: Integrated MFA defeats credential theft. Server Exploitation: Server isolation defeats server exploitation. Compromised
More informationIPv6 Next generation IP
Seminar Presentation IPv6 Next generation IP N Ranjith Kumar 11/5/2004 IPv6 : Next generation IP 1 Network Problems Communication Problem Identification Problem Identification of Networks Logical Addressing
More informationAnalysis of VPN Protocols
Analysis of VPN Protocols ECE 646 Final Project Presentation Tamer Mabrouk Touhidur Satiar Overview VPN Definitions Emergence of VPN Concept of Tunneling VPN Classification Comparison of Protocols Customer
More informationThe 6NET project. An IPv6 testbed for the European Research Community
The 6NET project An IPv6 testbed for the European Research Community 6NET Project October 2002 1 Project Overview A three-year project to prepare the next generation of the Internet. Started in January
More informationVPN Routers DSR-150/250/500/1000AC. Product Highlights. Features. Overview. Comprehensive Management Capabilities. Web Authentication Capabilities
Product Highlights Comprehensive Management Solution Advanced features such as WAN failover, load balancing, and integrated firewall help make this a reliable, secure, and flexible way to manage your network.
More informationIPv6: What is it? Why does it matter?
IPv6: What is it? Why does it matter? GOETEC Event Thursday 16 th February 2012 Martin Dunmore Network Infrastructure Development Team Manager, Janet martin.dunmore@ja.net 1 Agenda IPv4 Address Exhaustion
More informationNetworks and Communications MS216 - Course Outline -
Networks and Communications MS216 - Course Outline - Objective Lecturer Times Overall Learning Outcomes Format Programme(s) The objective of this course is to develop in students an understanding of the
More informationIPv6 Home Automation. IGC/INET, 12/05/2004 Jordi Palet & Francisco Ortiz Consulintel
IPv6 Home Automation IGC/INET, 12/05/2004 Jordi Palet & Francisco Ortiz Consulintel -1 IPv6 & the Home: good room-mates IPv6 Compelling reason: More Addresses Billions of devices, users, always-on technologies
More informationFlexible Dynamic Mesh VPN draft-detienne-dmvpn-00
Flexible Dynamic Mesh VPN draft-detienne-dmvpn-00 Fred Detienne, Cisco Systems Manish Kumar, Cisco Systems Mike Sullenberger, Cisco Systems What is Dynamic Mesh VPN? DMVPN is a solution for building VPNs
More information6WINDGate: The Smart IPv6 Migration Router IPv6 Summit Madrid, 2002
6WINDGate: The Smart IPv6 Migration Router IPv6 Summit Madrid, 2002 Pierre Langlois, 6WIND VP Marketing and Sales, pierre.langlois@6wind.com www.6wind.com 1 6WIND BRIEFLY 6WIND, The New Internet Funded
More informationENTERPRISE CONNECTIVITY
ENTERPRISE CONNECTIVITY Elevating Enterprise Private Networks with Cost-effective Satellite Services The success of today s organizations and enterprises highly depends on reliable and secure connectivity.
More informationSecuring Enterprise Extender
Securing Enterprise Extender Sam Reynolds IBM z/os Communications Server Design samr@us.ibm.com Ray Romney Cisco Systems romney@cisco.com Tony Amies William Data Systems Product Architect tony.amies@willdata.com
More informationIvano Guardini Telecom Italia Lab March 2002
Ivano Guardini Telecom Italia Lab ivano.guardini@tilab.com March 2002 Developing IPv6 ISPs Why IPv6? The real reason for IPv6 is that the IPv4 addresses are rapidly running out assigned IPv4 addresses:
More informationVirtual Tunnel Interface
This chapter describes how to configure a VTI tunnel. About s, on page 1 Guidelines for s, on page 1 Create a VTI Tunnel, on page 2 About s The ASA supports a logical interface called (VTI). As an alternative
More informationIPsec NAT Transparency
sec NAT Transparency First Published: November 25, 2002 Last Updated: March 1, 2011 The sec NAT Transparency feature introduces support for Security (sec) traffic to travel through Network Address Translation
More informationIPv6 Security. David Kelsey (STFC-RAL) IPv6 workshop pre-gdb, CERN 7 June 2016
IPv6 Security David Kelsey (STFC-RAL) IPv6 workshop pre-gdb, CERN 7 June 2016 Outline MORE MATERIAL HERE THAN TIME TO PRESENT & DISCUSS (BUT SLIDES AVAILABLE FOR LATER REFERENCE) IPv6 security & threats
More informationSOLUTION BRIEF Enterprise WAN Agility, Simplicity and Performance with Software-Defined WAN
S O L U T I O N O V E R V I E W SOLUTION BRIEF Enterprise WAN Agility, Simplicity and Performance with Software-Defined WAN Today s branch office users are consuming more wide area network (WAN) bandwidth
More informationMerged with Cable & Wireless HKT in August 2000 to form PCCW
0 About HKT Merged with Cable & Wireless HKT in August 2000 to form PCCW PCCW is a Hong Kong-based company which holds interests in telecommunications, media, IT solutions, property development and investment,
More informationVirtual Private Networks (VPN)
CYBR 230 Jeff Shafer University of the Pacific Virtual Private Networks (VPN) 2 Schedule This Week Mon September 4 Labor Day No class! Wed September 6 VPN Project 1 Work Fri September 8 IPv6? Project 1
More informationAkira Nakagawa. JPNE MAP-E Deployment. Mar 日本ネットワークイネイブラー株式会社. Japan Network Enabler (JPNE) (JPNE) 中川あきら.
IETF92-v6ops@Dallas JPNE MAP-E Deployment Mar.25.2015 日本ネットワークイネイブラー株式会社 Japan Network Enabler (JPNE) (JPNE) 中川あきら Akira Nakagawa 240b::1 Agenda 1. IPv6 Deployment Status in Japan 2. IPv6 Deployment Status
More informationENTERPRISE CONNECTIVITY
ENTERPRISE CONNECTIVITY IP Services for Business, Governmental & Non-Governmental Organizations The success of today s organizations and enterprises highly depends on reliable and secure connectivity.
More informationACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL II. VERSION 2.0
ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL II. VERSION 2.0 Module 1: Intrusion Detection and Prevention Technology 1.1 Overview of Intrusion
More informationTraining UNIFIED SECURITY. Signature based packet analysis
Training UNIFIED SECURITY Signature based packet analysis At the core of its scanning technology, Kerio Control integrates a packet analyzer based on Snort. Snort is an open source IDS/IPS system that
More informationSystems and Network Security (NETW-1002)
Systems and Network Security (NETW-1002) Dr. Mohamed Abdelwahab Saleh IET-Networks, GUC Spring 2017 Course Outline Basic concepts of security: Attacks, security properties, protection mechanisms. Basic
More informationWho We Are.. ideras Features. Benefits
:: Protecting your infrastructure :: Who We Are.. ideras Features Benefits Q&A Infosys Gateway Sdn Bhd. Incorporated in 2007 Bumiputra owned Company MSC Status Company Registered with Ministry of Finance
More informationFundamentals of Network Security v1.1 Scope and Sequence
Fundamentals of Network Security v1.1 Scope and Sequence Last Updated: September 9, 2003 This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document
More informationNTT WEST s Approach to IPv6 Networking
NTT WEST s Approach to IPv6 Networking Ichiro MORIHARA Research and Development Center Technology Department Nippon Telegraph and Telephone West Corporation February 24, 2005 February 24, 2, 2005 Agenda
More informationGlobal IP Network (GIN) Connects You to the World
Global IP (GIN) Connects You to the World Delivering your Business Vision with the World s Tier 1 leading IP network NTT Communications (NTT Com) Global IP network (GIN) 100GigE service is the fastest
More information(2½ hours) Total Marks: 75
(2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together.
More informationUSG2110 Unified Security Gateways
USG2110 Unified Security Gateways The USG2110 series is Huawei's unified security gateway developed to meet the network security needs of various organizations including the small enterprises, branch offices,
More informationFeatures. HDX WAN optimization. QoS
May 2013 Citrix CloudBridge Accelerates, controls and optimizes applications to all locations: datacenter, branch offices, public and private clouds and mobile users Citrix CloudBridge provides a unified
More informationCSC 4900 Computer Networks: Security Protocols (2)
CSC 4900 Computer Networks: Security Protocols (2) Professor Henry Carter Fall 2017 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message Integrity 8.4 End point Authentication
More informationEasy To Install. Easy To Manage. Always Up-To-Date.
WATCHGUARD FIREBOX SYSTEM Easy To Install. Easy To Manage. Always Up-To-Date. Overview The WatchGuard Firebox System is a comprehensive firewall and VPN security solution that reduces the time and resources
More informationVPN Ports and LAN-to-LAN Tunnels
CHAPTER 6 A VPN port is a virtual port which handles tunneled traffic. Tunnels are virtual point-to-point connections through a public network such as the Internet. All packets sent through a VPN tunnel
More informationCopyright Huawei Technologies Co., Ltd All rights reserved. Trademark Notice General Disclaimer
Copyright Huawei Technologies Co., Ltd. 2011. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies
More informationNETGEAR-FVX Relation. Fabrizio Celli;Fabio Papacchini;Andrea Gozzi
NETGEAR-FVX538 Relation Fabrizio Celli;Fabio Papacchini;Andrea Gozzi -2008- Abstract Summary... 2 Chapter 1: Introduction... 4 Chapter 2: LAN... 6 2.1 LAN Configuration... 6 2.1.1 First experiment: DoS
More informationOpenVPN protocol. Restrictions in Conel routers. Modified on: Thu, 14 Aug, 2014 at 2:29 AM
1/2/2016 OpenVPN protocol : Support Portal OpenVPN protocol Modified on: Thu, 14 Aug, 2014 at 2:29 AM OpenVPN (Open Virtual Private Network) is a means of interconnection of several computers through an
More informationCCNA Exploration Network Fundamentals
CCNA Exploration 4.0 1. Network Fundamentals The goal of this course is to introduce you to fundamental networking concepts and technologies. These online course materials will assist you in developing
More informationControlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:
Page 1 of 6 I. Common Principles and Approaches to Privacy A. A Modern History of Privacy a. Descriptions, definitions and classes b. Historical and social origins B. Types of Information a. Personal information
More informationConfiguration of an IPSec VPN Server on RV130 and RV130W
Configuration of an IPSec VPN Server on RV130 and RV130W Objective IPSec VPN (Virtual Private Network) enables you to securely obtain remote access to corporate resources by establishing an encrypted tunnel
More informationJuniper SRX Services Gateway Performance Testing
Juniper SRX Services Gateway Performance Testing June 2017 DR170517D Miercom.com www.miercom.com Contents Executive Summary... 3 Products Tested... 5 SRX300 Series... 5 SRX550... 5 SRX1500... 6 How We
More informationETSF05/ETSF10 Internet Protocols Network Layer Protocols
ETSF05/ETSF10 Internet Protocols Network Layer Protocols 2016 Jens Andersson Agenda Internetworking IPv4/IPv6 Framentation/Reassembly ICMPv4/ICMPv6 IPv4 to IPv6 transition VPN/Ipsec NAT (Network Address
More informationTime Synchronization Security using IPsec and MACsec
Time Synchronization using IPsec and MACsec Appeared in ISPCS 2011 Tal Mizrahi Israel ing Seminar May 2012 Time Synchronization Time synchronization is used for various applications. Securing the time
More informationAsheville-Buncombe Technical Community College Department of Networking Technology. Course Outline
Course Number: NET 226 Course Title: Routing and Switching II Class Hours: 1 Lab Hours: 4 Credit Hours: 3 Course Description: This course introduces WAN theory and design, WAN technology, PPP, Frame Relay,
More informationSecuring Access to Network Devices
Securing Access to Network s Data Track Technology October, 2003 A corporate information security strategy will not be effective unless IT administrative services are protected through processes that safeguard
More informationSecurity Considerations for IPv6 Networks. Yannis Nikolopoulos
Security Considerations for IPv6 Networks Yannis Nikolopoulos yanodd@otenet.gr Ημερίδα Ενημέρωσης Χρηστών για την Τεχνολογία IPv6 - Αθήνα, 25 Μαίου 2011 Agenda Introduction Major Features in IPv6 IPv6
More informationCisco Self Defending Network
Cisco Self Defending Network Integrated Network Security George Chopin Security Business Development Manager, CISSP 2003, Cisco Systems, Inc. All rights reserved. 1 The Network as a Strategic Asset Corporate
More informationCoordinated Threat Control
Application Note Coordinated Threat Control Juniper Networks Intrusion Detection and Protection (IDP) and Secure Access SSL VPN Interoperability Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale,
More informationNetwork Engineering/Cyber Security I & II
Network Engineering/Cyber Security I & II Program Description: The first year course teaches the basic techniques of computer safety and maintenance. Students learn to assemble/disassemble personal computers
More informationDPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0
DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0 i Hangzhou DPtech Technologies Co., Ltd. provides full- range technical support. If you need any
More informationNetwork Security: IPsec. Tuomas Aura
Network Security: IPsec Tuomas Aura 3 IPsec architecture and protocols Internet protocol security (IPsec) Network-layer security protocol Protects IP packets between two hosts or gateways Transparent to
More informationNext Generation IPv6 Cyber Security Protection Through Assure6i TM Product Line
Next Generation IPv6 Cyber Security Protection Through Assure6i TM Product Line Designed to Prevent, Detect, and Block Malicious Attacks on Both IPv4 and IPv6 Networks TM Introduction With the exponential
More informationCompTIA Network+ N (Course & Labs) Course Outline. CompTIA Network+ N (Course & Labs) 14 Mar
Course Outline CompTIA Network+ N10-007 (Course & Labs) 14 Mar 2019 Contents 1. Course Objective 2. Pre-Assessment 3. Exercises, Quizzes, Flashcards & Glossary Number of Questions 4. Expert Instructor-Led
More informationHP A-F1000-A-EI_A-F1000-S-EI VPN Firewalls
HP A-F1000-A-EI_A-F1000-S-EI VPN Firewalls VPN Configuration Guide Part number:5998-2652 Document version: 6PW100-20110909 Legal and notice information Copyright 2011 Hewlett-Packard Development Company,
More informationSecure app and data delivery across devices, networks and locations
Secure app and data delivery across devices, networks and locations How XenApp dramatically simplifies data protection, access control and other critical security tasks. citrix.com Most discussions of
More informationTRANSEC BASIC VT idirect, Inc.
TRANSEC BASIC 2008 VT idirect, Inc. Security Tradeoffs DVB-S2 DVB-S2 w/aes Efficiency infiniti infiniti w/aes S2 TRANSEC ACM S2 TRANSEC CCM infiniti TRANSEC Anti-Jam/Low Prob of Detect Security What is
More informationA large-scale International IPv6 Network. A large-scale International IPv6 Network.
A large-scale International IPv6 Network www.6net.org 6NET is: one of the largest Internet research projects from the European Commission preparing the Next Generation Internet a major international IPv6
More informationIPv6 to the EDGE. Managing the Transition from IPv4 to IPv6: Interoperability is the Keyword NEW CHALLENGES NEW OPPORTUNITIES
IPv6 to the EDGE Managing the Transition from IPv4 to IPv6: Interoperability is the Keyword Malaysian IPv6 Scene: Background The main driver for IPv6 implementation in TM is to support the Malaysian Government
More informationApplication Firewalls
Application Moving Up the Stack Advantages Disadvantages Example: Protecting Email Email Threats Inbound Email Different Sublayers Combining Firewall Types Firewalling Email Enforcement Application Distributed
More informationTCPN-WW-CV-0102 Frank Fabricius
Frank Fabricius Cluster Research Catalog 30 December 2003 Public Network Infrastructure Worldwide Cluster Research Archive The Cluster Research Archive is a listing of deliverables for the Public Network
More informationSecurity Engineering. Lecture 16 Network Security Fabio Massacci (with the courtesy of W. Stallings)
Security Lecture 16 Network Security Fabio Massacci (with the courtesy of W. Stallings) Lecture Outline Network Attacks Attive Attacks Passive Attacks TCP Attacks Contermeasures IPSec SSL/TLS Firewalls
More informationLKR Port Broadband Router. User's Manual. Revision C
LKR-604 4-Port Broadband Router User's Manual Revision C 1 Contents 1 Introduction... 4 1.1 Features... 4 1.2 Package Contents... 4 1.3 Finding Your Way Around... 5 1.3.1 Front Panel... 5 1.3.2 Rear Panel
More informationIBM IPv6 Update. Feb, Andras R. Szakal IBM Distinguished Engineer Director IBM Federal Software Architecture
IBM IPv6 Update IBM Software Group Feb, 2011 Andras R. Szakal IBM Distinguished Engineer Director IBM Federal Software Architecture aszakal@us.ibm.com Agenda Business Drivers Value of IPv6 IPv6 Technical
More informationHP Instant Support Enterprise Edition (ISEE) Security overview
HP Instant Support Enterprise Edition (ISEE) Security overview Advanced Configuration A.03.50 Mike Brandon Interex 03 / 30, 2004 2003 Hewlett-Packard Development Company, L.P. The information contained
More informationNetwork Security: IPsec. Tuomas Aura T Network security Aalto University, Nov-Dec 2014
Network Security: IPsec Tuomas Aura T-110.5241 Network security Aalto University, Nov-Dec 2014 2 IPsec: Architecture and protocols Internet protocol security (IPsec) Network-layer security protocol Protects
More informationAdvantage TLS Why IpTL TLS versus IPSec Technology Reference Guide
IpTL s Expert Edition Networking Simplified Advantage TLS Why IpTL TLS versus IPSec Technology Reference Guide The World s Longest Ethernet Cable Take control and get the network you want with the network
More informationMultimedia Deployment on Broadband and Wireless/Mobile Network. ACCESS Taipei Office Country Manager Pan Tsai Chun
Multimedia Deployment on Broadband and Wireless/Mobile Network ACCESS Taipei Office Country Manager Pan Tsai Chun 2004-03-09 ACCESS Co., Ltd. Company Profile Founded in 1984 Founders: Toru Arakawa (CEO
More informationChapter 1 B: Exploring the Network
Chapter 1 B: Exploring the Network Types of Networks The two most common types of network infrastructures are: Local Area Network (LAN) Wide Area Network (WAN). Other types of networks include: Metropolitan
More informationVPN Auto Provisioning
VPN Auto Provisioning You can configure various types of IPsec VPN policies, such as site-to-site policies, including GroupVPN, and route-based policies. For specific details on the setting for these kinds
More informationNSG50/100/200 Nebula Cloud Managed Security Gateway
NSG50/100/200 Managed The Zyxel Managed is built with remote management and ironclad security for organizations with growing numbers of distributed sites. With the extensive suite of security features
More information# ROLE DESCRIPTION / BENEFIT ISSUES / RISKS
As SharePoint has proliferated across the landscape there has been a phase shift in how organizational information is kept secure. In one aspect, business assets are more secure employing a formally built
More information