Control Plane Security Overview
|
|
- Nickolas Jennings
- 6 years ago
- Views:
Transcription
1 Control Plane Security Overview Wes Doonan Control Plane R&D
2 Hybrid Networks Packet-based Delivery ( ) Packets delivered via standard IP infrastructure Routes configured or learned, packets forwarded per addressing Flow-based Transport ( ) Flows delivered via dynamic path reservation Transport elements explicitly provisioned, dedicated pathways 2
3 Exploits Similar threats to both Packet and Transport Networks Denial of Service Theft of Service Interception of Service Traffic Analysis Achieved through different mechanisms Packet networks exposed to malicious L3 applications Exploits can be launched from L3-capable hosts Transport networks operate at L2/L1; therefore immune? Nope transport services created using L3-based mechanisms Disrupt the creator/manager, disrupt the service Need to adapt existing risk analysis and threat response techniques to new methods of exploit 3
4 Accessing the Control Plane Control Plane (CP) protocols Resource discovery via OSFP-TE Resource reservation via RSVP-TE Provisioning via GMPLS, UNI/NNI CP often run over a separate data network OSC, ECC channels, embedded with transport element Physical separation prevents access CP sometimes run on shared data network Overlay network on common IP packet network No longer physically separate, additional measures necessary to prevent access Control Plane Data Plane What if attacker could gain access to Control Plane messaging? 4
5 Denial of Service Packet: attack on forwarding plane Service based on ability of router to process packets Attacker must take down forwarding plane Flood of packets to overwhelm forwarding capability of router Requires ability to generate large inbound flows (botnets, etc) Byzantine exploit of router (packet-of-death) Relies on unfound/unpatched errors in router implementation Transport: attack on reservation capability Service based on explicit reservation of bandwidth Attacker must deny/falsify control traffic Spoofed PATH-ERR/PATH-TEAR message, to interrupt session Spoofed PATH message, to deny bandwidth to new sessions M-i-M on user PATH message, to corrupt and thus trigger denial 5
6 Interception of Service Packet: attack on the routing fabric User traffic generally follows path determined by routers Access to physical infrastructure Via social/environment engineering, other techniques Injection of falsified routes into routing fabric Byzantine exploit of unpatched or unsecured router Transport: attack on the reservation request User traffic follows path specified in reservation request Attacker alters the request, enables traffic intercept M-i-M on user PATH message, to modify ERO New ERO redirects user traffic through intercept point M-i-M on user RESV message, to hide alterations in RRO [ more complex than this, but if high enough value... ] 6
7 Traffic Analysis Packet: statistical analysis of data flows Specific flow not identifiable from single packets Flow semantics determined by applications Flows inferred from payload interpretation Long-term analysis of packet contents over time Correlate shared payload characteristics with addressing data Implies access to physical infrastructure (e.g. to sniff/snoop) Transport: interception of control messaging Control messaging specifically identifies flows Attacker can intercept control messaging to perform traffic analysis PATH/RESV carry wealth of session-related information No need for lengthy capture, inferencing or correlation 7
8 Results Control Plane protection is advisable The nature of provisioned services makes CP a target Amplifying effects Good practice to protect control traffic regardless Control Plane protection is possible Data network separation, where practical Inherent in some transport networks, though not always Existing protocol-level mechanisms available today Risk now is likely low, but wise to be aware of potential R&E networks favor collaboration over demarcation Appropriate, according to mission Awareness of possibility for exploit is necessary first step 8
9 Mitigation Protocols can provide their own protection mechanisms OSPF Authentication mode MD5 MAC per message Pre-shared keys Integrity only RSVP Integrity Object MD5 MAC per message Pre-shared keys Integrity only 9
10 Mitigation Run Control Plane on secure IP infrastructure (e.g. IPsec) Establish bidirectional SAs between protocol peers Apply desired level of protection (ESP) Separates protection mechanism from Control Plane OIF UNI/NNI Security 2.x approach More/better options than per-protocol facilities Though can clash with use of Router-Alert in classic RSVP 10
11 Mitigation Threat Classifications and Available Mitigation Mechanisms (People still need to implement Policies) Disclosure Disruption Deception Usurpation Traffic Analysis Denial of Service Interception of Service Theft of Service Confidentiality IPsec ESP w/ encryption (RFC2406) IPsec ESP w/encryption (RFC2406) Integrity RSVP Integrity (RFC2747), OSPF Cryptographic Authentication (RFC2328), IPsec ESP w/authentication (RFC2406) RSVP Integrity (RFC2747), OSPF Cryptographic Authentication (RFC2328), IPsec ESP w/authentication (RFC2406) RSVP Integrity (RFC2747), OSPF Cryptographic Authentication (RFC2328), IPsec ESP w/authentication (RFC2406) Availability RSVP Graceful Restart (RFC5063), OSPF Graceful Restart (RFC3623) 11
12 References IETF OIF RFC2328 OSPF Cryptographic Authentication RFC2401 IPsec Architecture RFC2406 IPsec Encapsulating Security Payload RFC2747 RSVP Integrity Object RFC3623 Graceful OSPF Restart RFC4593 Generic Threats to Routing Protocols RFC5063 Extensions to GMPLS Resource Reservation Protocol for Graceful Restart OIF-SEP-01.0 Security Extension for UNI and NNI OIF-SEP-02.1 Addendum to the Security Extension for UNI and NNI 12
13 Thank You
Time Synchronization Security using IPsec and MACsec
Time Synchronization using IPsec and MACsec Appeared in ISPCS 2011 Tal Mizrahi Israel ing Seminar May 2012 Time Synchronization Time synchronization is used for various applications. Securing the time
More informationNetwork Encryption 3 4/20/17
The Network Layer Network Encryption 3 CSC362, Information Security most of the security mechanisms we have surveyed were developed for application- specific needs electronic mail: PGP, S/MIME client/server
More informationAdventures in Multi-Layer, Multi- Vendor Network Control. Wes Doonan Control Plane R&D July 2010
Adventures in Multi-Layer, Multi- Vendor Network Control Wes Doonan Control Plane R&D July 2010 Connection Control Building the Pipes A software infrastructure for making network connections Connections
More informationCSC 6575: Internet Security Fall 2017
CSC 6575: Internet Security Fall 2017 Network Security Devices IP Security Mohammad Ashiqur Rahman Department of Computer Science College of Engineering Tennessee Tech University 2 IPSec Agenda Architecture
More informationChapter 32 Security in the Internet: IPSec, SSL/TLS, PGP,
Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls 32.1 Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 32.2 Figure 32.1 Common structure
More informationSecurity. Reliability
Security The Emizon network is capable of providing a secure monitored service using Internet Protocol (IP) over both fixed line and wireless networks such as GSM GPRS. The protocol used in the Emizon
More informationSycamore Networks Implementation of the ITU-T G.ASON Control Plane
Technical Brief Sycamore Networks Implementation of the ITU-T G.SON Control Plane bstract This document provides a detailed overview of the control plane behavior of Sycamore Networks SN 16000 Intelligent
More informationKeying & Authentication for Routing Protocols (KARP) draft-lebovitz-kmart-roadmap-03
Keying & Authentication for Routing Protocols (KARP) KARP BoF IETF76, Hiroshima, Tue, 09 Nov, 2009 Gregory M. Lebovitz, Juniper gregory.ietf@gmail.com Intellectual Property When starting a presentation
More informationCategory: Standards Track March 2009
Network Working Group A. Okmianski Request for Comments: 5426 Cisco Systems, Inc. Category: Standards Track March 2009 Status of This Memo Transmission of Syslog Messages over UDP This document specifies
More informationCIS 6930/4930 Computer and Network Security. Topic 8.1 IPsec
CIS 6930/4930 Computer and Network Security Topic 8.1 IPsec 1 IPsec Objectives Why do we need IPsec? IP V4 has no authentication IP spoofing Payload could be changed without detection. IP V4 has no confidentiality
More informationThe Emerging Optical Control Plane
The Emerging Optical Control Plane Traditional transport networks can be modeled as the interaction of two operating planes: a transport plane and a management plane. In this model, the transport plane
More informationDNS SECURITY BEST PRACTICES
White Paper DNS SECURITY BEST PRACTICES Highlights Have alternative name server software ready to use Keep your name server software up-to-date Use DNSSEC-compliant and TSIG-compliant name server software
More informationIPSec. Overview. Overview. Levente Buttyán
IPSec - brief overview - security associations (SAs) - Authentication Header (AH) protocol - Encapsulated Security Payload () protocol - combining SAs (examples) Overview Overview IPSec is an Internet
More informationMulti Protocol Label Switching (an introduction) Karst Koymans. Thursday, March 12, 2015
.. MPLS Multi Protocol Label Switching (an introduction) Karst Koymans Informatics Institute University of Amsterdam (version 4.3, 2015/03/09 13:07:57) Thursday, March 12, 2015 Karst Koymans (UvA) MPLS
More informationACS / Computer Security And Privacy. Fall 2018 Mid-Term Review
ACS-3921-001/4921-001 Computer Security And Privacy Fall 2018 Mid-Term Review ACS-3921/4921-001 Slides Used In The Course A note on the use of these slides: These slides has been adopted and/or modified
More informationConfiguring OSPF with CLI
OSPF Configuring OSPF with CLI This section provides information to configure Open Shortest Path First (OSPF) using the command line interface. Topics in this section include: OSPF Configuration Guidelines
More informationInternet Protocol and Transmission Control Protocol
Internet Protocol and Transmission Control Protocol CMSC 414 November 13, 2017 Internet Protcol Recall: 4-bit version 4-bit hdr len 8-bit type of service 16-bit total length (bytes) 8-bit TTL 16-bit identification
More informationVirtual Private Networks
EN-2000 Reference Manual Document 8 Virtual Private Networks O ne of the principal features of routers is their support of virtual private networks (VPNs). This document discusses transmission security,
More informationConfiguring GMPLS with CLI
GMPLS Configuring GMPLS with CLI This section provides information to configure UNI GMPLS using the command line interface. Topics in this section include: GMPLS Configuration Overview on page 462 LMP
More informationNetwork Configuration Example
Network Configuration Example GMPLS Modified: 2016-12-14 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA 408-745-2000 www.juniper.net All rights reserved. Juniper Networks, Junos,
More informationDistributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013
Distributed Systems 27. Firewalls and Virtual Private Networks Paul Krzyzanowski Rutgers University Fall 2013 November 25, 2013 2013 Paul Krzyzanowski 1 Network Security Goals Confidentiality: sensitive
More informationCIS 5373 Systems Security
CIS 5373 Systems Security Topic 4.1: Network Security Basics Endadul Hoque Slide Acknowledgment Contents are based on slides from Cristina Nita-Rotaru (Northeastern) 2 Network Security INTRODUCTION 3 What
More informationVirtual Private Networks (VPN)
CYBR 230 Jeff Shafer University of the Pacific Virtual Private Networks (VPN) 2 Schedule This Week Mon September 4 Labor Day No class! Wed September 6 VPN Project 1 Work Fri September 8 IPv6? Project 1
More informationAn Operational Perspective on BGP Security. Geoff Huston February 2005
An Operational Perspective on BGP Security Geoff Huston February 2005 Disclaimer This is not a description of the approach taken by any particular service provider in securing their network. It is intended
More informationInternetwork Expert s CCNA Security Bootcamp. Common Security Threats
Internetwork Expert s CCNA Security Bootcamp Common Security Threats http:// Today s s Network Security Challenge The goal of the network is to provide high availability and easy access to data to meet
More informationCTS2134 Introduction to Networking. Module 08: Network Security
CTS2134 Introduction to Networking Module 08: Network Security Denial of Service (DoS) DoS (Denial of Service) attack impacts system availability by flooding the target system with traffic or by exploiting
More informationSecurity in Mobile Ad-hoc Networks. Wormhole Attacks
Security in Mobile Ad-hoc Networks Wormhole Attacks What are MANETs Mobile Ad-hoc Network (MANET) is a collection of wireless mobile hosts without fixed network infrastructure and centralized administration.
More informationOn the design of MPLS-ASON/GMPLS Interconnection Mechanisms
On the design of MPLS- Interconnection Mechanisms Luis Velasco, Ricardo Romeral, Fernando Agraz, Salvatore Spadaro, Jaume Comellas, Gabriel Junyent, and David Larrabeiti Abstract In this paper we propose
More informationNetwork Security. Thierry Sans
Network Security Thierry Sans HTTP SMTP DNS BGP The Protocol Stack Application TCP UDP Transport IPv4 IPv6 ICMP Network ARP Link Ethernet WiFi The attacker is capable of confidentiality integrity availability
More informationIPSec. Slides by Vitaly Shmatikov UT Austin. slide 1
IPSec Slides by Vitaly Shmatikov UT Austin slide 1 TCP/IP Example slide 2 IP Security Issues Eavesdropping Modification of packets in transit Identity spoofing (forged source IP addresses) Denial of service
More informationSecurity Engineering. Lecture 16 Network Security Fabio Massacci (with the courtesy of W. Stallings)
Security Lecture 16 Network Security Fabio Massacci (with the courtesy of W. Stallings) Lecture Outline Network Attacks Attive Attacks Passive Attacks TCP Attacks Contermeasures IPSec SSL/TLS Firewalls
More informationSecurity and Lawful Intercept In VoIP Networks. Manohar Mahavadi Centillium Communications Inc. Fremont, California
Security and Lawful Intercept In VoIP Networks Manohar Mahavadi Centillium Communications Inc. Fremont, California Agenda VoIP: Packet switched network VoIP devices VoIP protocols Security and issues in
More informationThe IPsec protocols. Overview
The IPsec protocols -- components and services -- modes of operation -- Security Associations -- Authenticated Header (AH) -- Encapsulated Security Payload () (c) Levente Buttyán (buttyan@crysys.hu) Overview
More informationEXCERPT. NIST Special Publication R1. Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
EXCERPT NIST Special Publication 800-171 R1 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations An Excerpt Listing All: Security Requirement Families & Controls Security
More informationGeneralized MPLS UNI Introduction and Deployment
Generalized MPLS UNI Introduction and Deployment BRKMPL-3010 Santiago Álvarez Distinguished Engineer saalvare@cisco.com Agenda Motivation Technology Overview Dynamic Optical Path Setup Diverse Optical
More informationCisco CCIE Security Written.
Cisco 400-251 CCIE Security Written http://killexams.com/pass4sure/exam-detail/400-251 QUESTION: 193 Which two of the following ICMP types and code should be allowed in a firewall to enable traceroute?
More informationVirtual Private Network
VPN and IPsec Virtual Private Network Creates a secure tunnel over a public network Client to firewall Router to router Firewall to firewall Uses the Internet as the public backbone to access a secure
More informationModelling direct application to network bandwidth provisioning for high demanding research applications
Modelling direct application to network bandwidth provisioning for high demanding research applications H. Wessing, Y. Yan and M. Berger Research Center COM Technical University of Denmark Bldg. 345V,
More informationMULTICAST SECURITY. Piotr Wojciechowski (CCIE #25543)
MULTICAST SECURITY Piotr Wojciechowski (CCIE #25543) ABOUT ME Senior Network Engineer MSO at VeriFone Inc. Previously Network Solutions Architect at one of top polish IT integrators CCIE #25543 (Routing
More informationChapter 10: Denial-of-Services
Chapter 10: Denial-of-Services Technology Brief This chapter, "Denial-of-Service" is focused on DoS and Distributed Denial-of-Service (DDOS) attacks. This chapter will cover understanding of different
More informationA Survey of BGP Security: Issues and Solutions
A Survey of BGP Security: Issues and Solutions Butler, Farley, McDaniel, Rexford Kyle Super CIS 800/003 October 3, 2011 Outline Introduction/Motivation Sources of BGP Insecurity BGP Security Today BGP
More informationLecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005
Firewalls Lecture 33 Security April 15, 2005 Idea: separate local network from the Internet Trusted hosts and networks Intranet Firewall DMZ Router Demilitarized Zone: publicly accessible servers and networks
More informationSchool of Computer Sciences Universiti Sains Malaysia Pulau Pinang
School of Computer Sciences Universiti Sains Malaysia Pulau Pinang Information Security & Assurance Assignment 2 White Paper Virtual Private Network (VPN) By Lim Teck Boon (107593) Page 1 Table of Content
More informationWireless Network Security Spring 2011
Wireless Network Security 14-814 Spring 2011 Patrick Tague Feb 17, 2011 Class #12 Network layer security Announcements No more scheduled office hours after today Email or call me to make an appointment
More informationService Description Safecom Customer Connection Version 3.5
Service Description Safecom Customer Connection Version 3.5 2006 Telecom NZ Ltd Commercial in Confidence CONTENTS 1 INTRODUCTION...3 2 SERVICE DEFINITION...3 2.1 SERVICE OVERVIEW... 3 2.2 SERVICE FEATURES...
More informationCore Networks Evolution
Core Networks Evolution Prof. Daniel Kofman daniel.kofman@enst.fr Telecom Paris - ENST Content Any Service, Any Time, Everywhere, Everyone Towards the triple play and beyond Main trends in Core Networks
More informationInternet Security. - IPSec, SSL/TLS, SRTP - 29th. Oct Lee, Choongho
Internet Security - IPSec, SSL/TLS, SRTP - 29th. Oct. 2007 Lee, Choongho chlee@mmlab.snu.ac.kr Contents Introduction IPSec SSL / TLS SRTP Conclusion 2/27 Introduction (1/2) Security Goals Confidentiality
More informationSharing IPsec with Tunnel Protection
The feature allows sharing an IPsec security association database (SADB) between two or more generic routing encapsulation (GRE) tunnel interfaces when tunnel protection is used. Shared tunnel interfaces
More informationVoIP Security Threat Analysis
2005/8/2 VoIP Security Threat Analysis Saverio Niccolini, Jürgen Quittek, Marcus Brunner, Martin Stiemerling (NEC, Network Laboratories, Heidelberg) Introduction Security attacks taxonomy Denial of Service
More informationAccess Control Using Intrusion and File Policies
The following topics describe how to configure access control policies to use intrusion and file policies: Intrusions and Malware Inspection Overview, page 1 Access Control Traffic Handling, page 2 File
More informationData Communication. Chapter # 5: Networking Threats. By: William Stalling
Data Communication Chapter # 5: By: Networking Threats William Stalling Risk of Network Intrusion Whether wired or wireless, computer networks are quickly becoming essential to everyday activities. Individuals
More informationIndicate whether the statement is true or false.
Indicate whether the statement is true or false. 1. Packet-filtering firewalls scan network data packets looking for compliance with the rules of the firewall s database or violations of those rules. 2.
More informationFirepower Threat Defense Site-to-site VPNs
About, on page 1 Managing, on page 3 Configuring, on page 3 Monitoring Firepower Threat Defense VPNs, on page 11 About Firepower Threat Defense site-to-site VPN supports the following features: Both IPsec
More informationChair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 8 System Vulnerabilities and Denial of Service Attacks System Vulnerabilities and
More informationIPsec NAT Transparency
The feature introduces support for IP Security (IPsec) traffic to travel through Network Address Translation (NAT) or Port Address Translation (PAT) points in the network by addressing many known incompatibilities
More informationCryptography and Network Security. Sixth Edition by William Stallings
Cryptography and Network Security Sixth Edition by William Stallings Chapter 20 IP Security If a secret piece of news is divulged by a spy before the time is ripe, he must be put to death, together with
More informationSFO17-406: IPsec Full Offload Support in OpenDataPlane. Bill Fischofer
SFO17-406: IPsec Full Offload Support in OpenDataPlane Bill Fischofer Credits The work described in this session represents the collaborative contribution of the LNG ODP team, particularly: Petri Savolainen,
More information2D1490 p MPLS, RSVP, etc. Olof Hagsand KTHNOC/NADA
2D1490 p4 2007 MPLS, RSVP, etc Olof Hagsand KTHNOC/NADA Literature Handouts: MPLS-Enabled applications (Minei, Lucek). Parts of Section 1. JunOS Cookbook: Chapter 14 Background MPLS - Multiprotocol Label
More informationSmart Attacks require Smart Defence Moving Target Defence
Smart Attacks require Smart Defence Moving Target Defence Prof. Dr. Gabi Dreo Rodosek Executive Director of the Research Institute CODE 1 Virtual, Connected, Smart World Real World Billions of connected
More informationERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016
Abstract The Mirai botnet struck the security industry in three massive attacks that shook traditional DDoS protection paradigms, proving that the Internet of Things (IoT) threat is real and the grounds
More informationIKE and Load Balancing
Configure IKE, page 1 Configure IPsec, page 9 Load Balancing, page 22 Configure IKE IKE, also called ISAKMP, is the negotiation protocol that lets two hosts agree on how to build an IPsec security association.
More informationThis presentation covers Gen Z s Security capabilities.
This presentation covers Gen Z s Security capabilities. 1 2 Gen Z architecture assumes every component is an attack vector. This is critical to appreciate, as time and again cyber attacks have exploited
More informationCSC 4900 Computer Networks: Security Protocols (2)
CSC 4900 Computer Networks: Security Protocols (2) Professor Henry Carter Fall 2017 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message Integrity 8.4 End point Authentication
More informationAccess Control Using Intrusion and File Policies
The following topics describe how to configure access control policies to use intrusion and file policies: About Deep Inspection, page 1 Access Control Traffic Handling, page 2 File and Intrusion Inspection
More informationConfiguring Internet Key Exchange Security Protocol
Configuring Internet Key Exchange Security Protocol This chapter describes how to configure the Internet Key Exchange (IKE) protocol. IKE is a key management protocol standard that is used in conjunction
More informationLink Security Considerations in the. Enterprise
Link Security Considerations in the Mahalingam Mani 1 Security in Brief Point Security System Protection: beyond standards Servers upto application level Layer 2 & 3 Network Devices Perimeter Protection
More informationNGN: Carriers and Vendors Must Take Security Seriously
Research Brief NGN: Carriers and Vendors Must Take Security Seriously Abstract: The next-generation network will need to provide security on many levels. A comprehensive set of standards should be in place
More informationSECURE ROUTER DISCOVERY MECHANISM TO OVERCOME MAN-IN THE MIDDLE ATTACK IN IPV6 NETWORK
1 SECURE ROUTER DISCOVERY MECHANISM TO OVERCOME MAN-IN THE MIDDLE ATTACK IN IPV6 NETWORK Navaneethan C. Arjuman nava@nav6.usm.my National Advanced IPv6 Centre, Universiti Sains Malaysia March 2018 Copyright
More informationExam Questions
Exam Questions 642-997 DCUFI Implementing Cisco Data Center Unified Fabric (DCUFI) v5.0 https://www.2passeasy.com/dumps/642-997/ 1.Which SCSI terminology is used to describe source and destination nodes?
More informationSecure Ethernet Communication for Autonomous Driving. Jared Combs June 2016
Secure Ethernet Communication for Autonomous Driving Jared Combs June 2016 Agenda Motivation for Security The Multi-Level Security Architecture Proposal Level 1: Restrict access to the network Level 2:
More informationInternet Engineering Task Force (IETF) Category: Informational. October Applicability of Keying Methods for RSVP Security
Internet Engineering Task Force (IETF) Request for Comments: 6411 Category: Informational ISSN: 2070-1721 M. Behringer F. Le Faucheur B. Weis Cisco Systems October 2011 Applicability of Keying Methods
More informationControl Plane Protection
Control Plane Protection Preventing accidentally on purpose We really talking about making sure routers do what we expect. Making sure the route decision stays under our control. Layer 2 Attacks ARP injections
More informationNetwork Access Control and VoIP. Ben Hostetler Senior Information Security Advisor
Network Access Control and VoIP Ben Hostetler Senior Information Security Advisor Objectives/Discussion Points Network Access Control Terms & Definitions Certificate Based 802.1X MAC Authentication Bypass
More informationGeneralized MPLS Introduction and Deployment
Generalized MPLS Introduction and Deployment Session BRKMPL-3010 Santiago Álvarez Distinguished Engineer saalvare@cisco.com Agenda Motivation Technology Overview Dynamic Optical Path Setup Diverse Optical
More informationRecent Developments in Optical Networking
Recent Developments in Optical Networking Raj Jain The Ohio State University Columbus, OH 43210 Nayna Networks Milpitas, CA 95035 Email: Jain@ACM.Org http://www.cis.ohio-state.edu/~jain/ 1 Overview! All-Optical
More informationThe World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to
1 The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to compromises of various sorts, with a range of threats
More informationExam : Title : Security Solutions for Systems Engineers. Version : Demo
Exam : 642-566 Title : Security Solutions for Systems Engineers Version : Demo 1. Which one of the following elements is essential to perform events analysis and correlation? A. implementation of a centralized
More informationIntroduction to IEEE 802.1Qca Path Control and Reservation
www.huawei.com Introduction to IEEE 802.1Qca Path Control and Reservation Authors: Hesham ElBakoury Version: 1.0 HUAWEI TECHNOLOGIES CO., LTD. GOAL Present the scope main concepts of the new IEEE 802.1Qca
More informationHayim Porat Ethos Networks 5/2009
E-NNI registration protocol Hayim Porat Ethos Networks 5/2009 Agenda Background Motivation Problem definition Suggested new standard Background In order for two carriers (domains) to peer, there is a need
More informationCloudflare Advanced DDoS Protection
Cloudflare Advanced DDoS Protection Denial-of-service (DoS) attacks are on the rise and have evolved into complex and overwhelming security challenges. 1 888 99 FLARE enterprise@cloudflare.com www.cloudflare.com
More informationVPN and IPsec. Network Administration Using Linux. Virtual Private Network and IPSec 04/2009
VPN and IPsec Network Administration Using Linux Virtual Private Network and IPSec 04/2009 What is VPN? VPN is an emulation of a private Wide Area Network (WAN) using shared or public IP facilities. A
More informationinternet technologies and standards
Institute of Telecommunications Warsaw University of Technology 2017 internet technologies and standards Piotr Gajowniczek Andrzej Bąk Michał Jarociński MPLS Multiprotocol Label Switching MPLS introduction
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.
More informationIP Security. Cunsheng Ding HKUST, Kong Kong, China
IP Security Cunsheng Ding HKUST, Kong Kong, China Agenda Some attacks against the IP Brief introduction to IPSec Building Block: Security Association Building Block: Security Association Database Building
More informationCIH
mitigating at host level, 23 25 at network level, 25 26 Morris worm, characteristics of, 18 Nimda worm, characteristics of, 20 22 replacement login, example of, 17 signatures. See signatures SQL Slammer
More informationChapter 5. Security Components and Considerations.
Chapter 5. Security Components and Considerations. Technology Brief Virtualization and Cloud Security Virtualization concept is taking major portion in current Data Center environments in order to reduce
More informationMPLS Traffic Engineering Traffic Protection using Fast Re-route (FRR)
MPLS Traffic Engineering Traffic Protection using Fast Re-route (FRR) Santiago Álvarez August 2008 2007 Cisco Systems, Inc. All rights reserved. 1 MPLS TE Use Cases Strategic Bandwidth Optimization Tactical
More informationPrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps
PrepAwayExam http://www.prepawayexam.com/ High-efficient Exam Materials are the best high pass-rate Exam Dumps Exam : HP0-Y24 Title : Securing HP ProCurve Networks Vendors : HP Version : DEMO Get Latest
More informationNetwork Configuration Example
Network Configuration Example RSVP LSP Tunnels Modified: 2016-12-14 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA 408-745-2000 www.juniper.net All rights reserved. Juniper
More informationTHREAT MODELING IN SOCIAL NETWORKS. Molulaqhooa Maoyi Rotondwa Ratshidaho Sanele Macanda
THREAT MODELING IN SOCIAL NETWORKS Molulaqhooa Maoyi Rotondwa Ratshidaho Sanele Macanda INTRODUCTION Social Networks popular web service. 62% adults worldwide use social media 65% of world top companies
More informationCOMPUTER NETWORK SECURITY
COMPUTER NETWORK SECURITY Prof. Dr. Hasan Hüseyin BALIK (1 st Week) Outline Course Information and Policies Course Syllabus 1. Overview Course Information Instructor: Prof. Dr. Hasan H. BALIK, balik@yildiz.edu.tr,
More informationCisco 5921 Embedded Services Router
Data Sheet Cisco 5921 Embedded Services Router The Cisco 5921 Embedded Services Router (ESR) is a Cisco IOS software router. It is designed to operate on small, low-power, Linux-based platforms to extend
More information20-CS Cyber Defense Overview Fall, Network Basics
20-CS-5155 6055 Cyber Defense Overview Fall, 2017 Network Basics Who Are The Attackers? Hackers: do it for fun or to alert a sysadmin Criminals: do it for monetary gain Malicious insiders: ignores perimeter
More informationTARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More informationTOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS
TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS 1 Introduction Your data and infrastructure are at the heart of your business. Your employees, business partners, and
More informationTable 3-1 Joint Staff IPv6 Operational Criteria
Table 3-1 Joint Staff Joint Staff Final TE Report Criterion 1 security of unclassified network operations, classified network operations, black backbone operations, integration of HAIPE, integration of
More informationChapter 24 Wireless Network Security
Chapter 24 Wireless Network Security Wireless Security Key factors contributing to higher security risk of wireless networks compared to wired networks include: o Channel Wireless networking typically
More informationFirewalls for Secure Unified Communications
Firewalls for Secure Unified Communications Positioning Guide 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 12 Firewall protection for call control
More informationTransport Level Security
2 Transport Level Security : Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 28 October 2013 css322y13s2l12, Steve/Courses/2013/s2/css322/lectures/transport.tex,
More informationNetwork Security - ISA 656 IPsec IPsec Key Management (IKE)
Network Security - ISA 656 IPsec IPsec (IKE) Angelos Stavrou September 28, 2008 What is IPsec, and Why? What is IPsec, and Why? History IPsec Structure Packet Layout Header (AH) AH Layout Encapsulating
More information