SVILUPPO DI UNA TECNICA DI RICONOSCIMENTO STATISTICO DI APPLICAZIONI SU RETE IP
|
|
- Howard Lucas
- 6 years ago
- Views:
Transcription
1 UNIVERSITÀ DEGLI STUDI DI PARMA FACOLTÀ di INGEGNERIA Corso di Laurea Specialistica in Ingegneria delle Telecomunicazioni SVILUPPO DI UNA TECNICA DI RICONOSCIMENTO STATISTICO DI APPLICAZIONI SU RETE IP Relatore: Chiar.mo Prof. LUCA VELTRI Tesi di Laurea Specialistica di: RICCARDO PECORI Anno Accademico 2006/2007
2 PARTE II 2. Motivations M any network management tasks, such as flow prioritization, traffic policing and diagnostic monitoring, require always oftener accurate identification and categorization of network traffic according to the type of application that has generated it [2][2]. The identification, which can be packet, flow or session-based, is becoming a fundamental prerequisite for numerous other network activities, such as granting an adequate level of QoS (e.g.: differentiated services, priority queuing, minimum bit-rate, ) or managing ISPs billing policies [3][4]; moreover it can help in solving some network engineering problems such as workload characterization and modelling, capacity planning and route provisioning. A reliable traffic characterization could be also a good starting point, for network administrators, either to investigate in case of sudden changes in traffic dynamics and to counter possible security attacks. There are (see [4]) at least three categories of application identification methods: Session-based, Content-based and Constraint-based. 16
3 Figure 1: Application Traffic Identification Methods The traditionally used classification methods, such as well-known port identification or exhaustive packet payload analysis, belong, respectively, to the first and second category; they are becoming obsolete and helpless in front of the emerging of peer-to-peer applications and mechanism such as tunnelling and encryption used mainly to avoid detection or violate security policies. A detailed description of features and drawbacks of these methods follows. 17
4 2.1 Well Known-Port based Methods Known-port methods rely on the observation of TCP or UDP port numbers, which are divided into three ranges: the Well Known Ports (0-1023), the Registered Ports ( ) and the Dynamic and/or Private ports ( ). A typical TCP connection starts with a SYN, SYN-ACK, ACK handshake from client to server; the client addresses its initial SYN packet to the well known server port of a particular application. The source port number of the packet is typically chosen dynamically by the client. UDP uses ports similarly to TCP but in a connectionless way. All successive packets in either a TCP or UDP session will use the same pair of ports to identify the client and the server side of the session; therefore, in principle, the TCP or UDP server port number can be used to recognize the higher layer application, by simply identifying which port is the server port and mapping this port to an application using the IANA (Internet Assigned Numbers Authority) list of registered ports [6]. However these methods are often unusable because of some limitations [1][7]: First, the mapping from ports to applications is not always well defined; many implementations of TCP use client ports in the registered range. Some applications such as P2P applications (e.g.: Kazaa, Napster) haven t standard port numbers and began using dynamic ports and disguising themselves by using port numbers for commonly used protocols such as HTTP and FTP, there are ambi- 18
5 guities in the port registrations, etc.. A second limitation is that a port can be used by a single application to transmit traffic with different QoS requirements; for example Lotus Notes transmits both and database transaction traffic using the same ports, and scp (secure copy), a file transfer protocol, runs over SSH (secure shell) which is also used interactively on the same port (TCP port 22) by remote shell applications. 19
6 2.2 Payload-based Analysis Methods The aforementioned disadvantages of port-based classification led to several payload-based analysis techniques [2], in which there is a research of characteristic prints of known applications. These techniques avoid completely the reliance on fixed port numbers [7]. In the so called Signature Matching Method, a portion of payload data, indicated as the signature of the application, that is static, unique and distinguishable, is examined for all applications, regardless of their protocol. This method tries to identify the application by comparing every packet payload with pre-determined signatures. Many Network Intrusion Detection Systems (NIDS) rely on signature-based techniques to recognize known attack patterns on standard service ports. The choice of these methods is due to their quickness and their efficiency in recognizing known attacks without generating too many false alarms ([10], [11]). The Protocol Matching Method shares a similar concept of signature matching but it needs to be aware of the complete protocol format. Ethereal [9], which will be exploited in the practical realization of the thesis, is a monitoring tool that offers the protocol matching functionality. Besides some benefits, these payload based mechanisms, on the other hand, require in advance an exhaustive search frequent updates of signature information to maintain the high accuracy; these are operations that impose significant complexity and processing load on the traffic identification device [7]. 20
7 Moreover they become useless in front of tunnelling and encryption mechanisms. Let s see how Tunnelling Techniques The application level payload of at least two protocols (HTTP and DNS) could in principle be used to encapsulate packets generated by other protocols and to carry them hidden in and out of a given network. Exploiting these features and the fact that network administrators normally let HTTP and DNS traffic pass their network boundaries, one can install entry and exit points in different places of Internet and therefore bypass any security policy enforced by firewalls or proxy [12]. A popular, open source package capable of tunnelling any application level protocol into HTTP is [13]. It provides two daemons, htc and hts, running at the two ends of the tunnel; htc listens for incoming TCP connections at a given port, when a connection is established htc opens a couple of HTTP sessions towards hts that runs at the opposite side of the tunnel. For example, if SMTP (port number 25) is tunnelled into HTTP (port number 80), hts will forward any incoming connection on port 80 to port 25, while htc will redirect any request to port 80 of the server. The packet of the tunnelled flows are encoded so that they can be incorporated in a regular, semantically valid HTTP session; an analysis of the TCP payloads, even if performed by means of pattern matching, could not reveal any difference between the htc/hts traffic and a true HTTP flow. 21
8 2.2.2 Encrypted Traffic Examples A practical example of the uselessness of signature-based methods when cryptography is employed is Skype traffic [14]. Skype is a very popular VoIP software whose protocols and algorithms are unknown and follow a closed source and proprietary design that leverages on strong encryption mechanism; so it is very difficult to even identify the presence of Skype traffic in a traffic aggregate. Only few pieces of information about Skype messages building are available: a Codec encodes the voice, a Framer multiplexes into a single Skype frame some encoded blocks, a Cypher encrypts a frame once it has been created, and finally an additionally not ciphered header (Start of Message) may be added. The result is a Skype message. Only if it is present the SoM a payload-based classifier can be used. In fact, although a PBC (Payload Based Classification) is made difficult by both obfuscation and cryptographic techniques such as AES and RSA algorithms [15], indeed, Skype flows that employ UDP must use SoM because of the possible packet reordering or dropping (UDP is unreliable!). Nonetheless, without this eventually SoM, encryption would make infeasible every PBC and moreover results of a PBC reach the best performance when it is used with complementary tools [14]. All these reasons led us to address towards the third category of identification methods, the Constraint-Based ones, and in particular toward the stochastic identification. 22
9 3.Statistical Types of Identification 3. Statistical Types of Identification T hese methods belong to the third category depicted in Figure 1 (pag.17): the Constraint-based methods. This is actually a subcategory of session-based identification but what characterizes these methods is that they borrow concepts generally used in the area of statistics and normally do not require any application-level protocol information [4]. 3.1 Previous Works The idea of using the statistical properties of network traffic to classify flows, or at least to describe their behaviour is not new. Pioneering studies by Paxson et al. on Internet traffic characterization ([17] and [18]) focus on the relationship between observed statistical properties of flows and the application protocols that generated them. These papers, although show that analytical models describing random variables can be suitable to express the behaviour of a few protocols, however, don t make any attempt to classify flows according to application layer protocols. This goal is reached by Mena et al. [19] who showed how Real Audio flows may be identified among aggregates through a simple analysis of packet lengths and inter-arrival times. A similar approach has been used in [29] to analyze chat traffic. Stem- 23
10 3.Statistical Types of Identification ming from the observation that this kind of traffic is dominated by human interactions, this work proved the feasibility of identifying chat flows, whether or not they are using their own transport protocol or are layered on top of other application protocols like HTTP. To overcome one of the key issues with statistically trained classifiers, i.e. the lack of verifiable reference data, this work was based on the statistical analysis of Internet Relay Chat traffic traces, since such traffic flows are easily identifiable even by payload analysis. This work, however, focuses exclusively on a single class of applications. Other approaches (see [22]) confirm the possibility of discrimination between different application classes with the objective of supporting service differentiation. A recent work of Bernaille et al. [20] proposes the use of clustering techniques to achieve fine-grained classification based on size and direction of packets, in [21] Nilsson et al. focuses on the statistical analysis of network traffic too, and shows promising results for fine-grained protocol classification. 24
Revealing Skype Traffic: When Randomness Plays with You
Revealing Skype Traffic: When Randomness Plays with You Dario Bonfiglio Marco Mellia Michela Meo Dario Rossi Paolo Tofanelli Our Goal Identify Skype traffic Motivations Operators need to know what is running
More informationA Hybrid Approach for Accurate Application Traffic Identification
A Hybrid Approach for Accurate Application Traffic Identification Thesis Defence December 21, 2005 Young J. Won yjwon@postech.ac.kr Distributed Processing & Network Management Lab. Dept. of Computer Science
More informationEarly Application Identification
Early Application Identification Laurent Bernaille Renata Teixeira Kave Salamatian Université Pierre et Marie Curie - LIP6/CNRS Which applications run on my network? Internet Edge Network (campus, enterprise)
More information4.0.1 CHAPTER INTRODUCTION
4.0.1 CHAPTER INTRODUCTION Data networks and the Internet support the human network by supplying seamless, reliable communication between people - both locally and around the globe. On a single device,
More informationNetwork Control, Con t
Network Control, Con t CS 161 - Computer Security Profs. Vern Paxson & David Wagner TAs: John Bethencourt, Erika Chin, Matthew Finifter, Cynthia Sturton, Joel Weinberger http://inst.eecs.berkeley.edu/~cs161/
More informationMeasuring MPLS overhead
Measuring MPLS overhead A. Pescapè +*, S. P. Romano +, M. Esposito +*, S. Avallone +, G. Ventre +* * ITEM - Laboratorio Nazionale CINI per l Informatica e la Telematica Multimediali Via Diocleziano, 328
More informationStatistical based Approach for Packet Classification
Statistical based Approach for Packet Classification Dr. Mrudul Dixit 1, Ankita Sanjay Moholkar 2, Sagarika Satish Limaye 2, Devashree Chandrashekhar Limaye 2 Cummins College of engineering for women,
More information4. The transport layer
4.1 The port number One of the most important information contained in the header of a segment are the destination and the source port numbers. The port numbers are necessary to identify the application
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.
More informationActivating Intrusion Prevention Service
Activating Intrusion Prevention Service Intrusion Prevention Service Overview Configuring Intrusion Prevention Service Intrusion Prevention Service Overview Intrusion Prevention Service (IPS) delivers
More informationNetworking: Network layer
control Networking: Network layer Comp Sci 3600 Security Outline control 1 2 control 3 4 5 Network layer control Outline control 1 2 control 3 4 5 Network layer purpose: control Role of the network layer
More informationChapter 7. Denial of Service Attacks
Chapter 7 Denial of Service Attacks DoS attack: An action that prevents or impairs the authorized use of networks, systems, or applications by exhausting resources such as central processing units (CPU),
More informationNetwork Protocols - Revision
Network Protocols - Revision Luke Anderson luke@lukeanderson.com.au 18 th May 2018 University Of Sydney Overview 1. The Layers 1.1 OSI Model 1.2 Layer 1: Physical 1.3 Layer 2: Data Link MAC Addresses 1.4
More informationOSI Transport Layer. Network Fundamentals Chapter 4. Version Cisco Systems, Inc. All rights reserved. Cisco Public 1
OSI Transport Layer Network Fundamentals Chapter 4 Version 4.0 1 Transport Layer Role and Services Transport layer is responsible for overall end-to-end transfer of application data 2 Transport Layer Role
More informationPolitecnico di Milano Scuola di Ingegneria Industriale e dell Informazione. 09 Intranetting. Fundamentals of Communication Networks
Politecnico di Milano Scuola di Ingegneria Industriale e dell Informazione 09 Intranetting Fundamentals of Communication Networks 1 Private networks and Intranets EG subnet IG IG Private network IG o Private
More informationDistributed Denial of Service (DDoS)
Distributed Denial of Service (DDoS) Defending against Flooding-Based DDoS Attacks: A Tutorial Rocky K. C. Chang Presented by Adwait Belsare (adwait@wpi.edu) Suvesh Pratapa (suveshp@wpi.edu) Modified by
More informationApplication Firewalls
Application Moving Up the Stack Advantages Disadvantages Example: Protecting Email Email Threats Inbound Email Different Sublayers Combining Firewall Types Firewalling Email Enforcement Application Distributed
More informationTunneling Activities Detection Using Machine Learning Techniques
Fabien Allard 1, Renaud Dubois 1, Paul Gompel 2 and Mathieu Morel 3 1 Thales Communications 160 Boulevard de Valmy BP 82 92704 Colombes Cedex FRANCE firstname.lastname@fr.thalesgroup.com 2 pgompel@gmail.com
More informationInternet Security: Firewall
Internet Security: Firewall What is a Firewall firewall = wall to protect against fire propagation More like a moat around a medieval castle restricts entry to carefully controlled points restricts exits
More informationCCNA Exploration Network Fundamentals. Chapter 04 OSI Transport Layer
CCNA Exploration Network Fundamentals Chapter 04 OSI Transport Layer Updated: 05/05/2008 1 4.1 Roles of the Transport Layer 2 4.1 Roles of the Transport Layer The OSI Transport layer accept data from the
More informationNetwork-Based Application Recognition
Network-Based Application Recognition Last updated: September 2008 Common questions and answers regarding Cisco Network-Based Application Recognition (NBAR) follow. Q. What is NBAR? A. NBAR, an important
More informationch02 True/False Indicate whether the statement is true or false.
ch02 True/False Indicate whether the statement is true or false. 1. No matter what medium connects computers on a network copper wires, fiber-optic cables, or a wireless setup the same protocol must be
More informationFeatures of a proxy server: - Nowadays, by using TCP/IP within local area networks, the relaying role that the proxy
Que: -Proxy server Introduction: Proxy simply means acting on someone other s behalf. A Proxy acts on behalf of the client or user to provide access to a network service, and it shields each side from
More informationApp-ID. PALO ALTO NETWORKS: App-ID Technology Brief
App-ID Application Protocol Detection / Decryption Application Protocol Decoding Application Signature Heuristics App-ID is a patent-pending traffic classification technology that identifies more than
More informationTraffic Classification Using Visual Motifs: An Empirical Evaluation
Traffic Classification Using Visual Motifs: An Empirical Evaluation Wilson Lian 1 Fabian Monrose 1 John McHugh 1,2 1 University of North Carolina at Chapel Hill 2 RedJack, LLC VizSec 2010 Overview Background
More informationERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016
Abstract The Mirai botnet struck the security industry in three massive attacks that shook traditional DDoS protection paradigms, proving that the Internet of Things (IoT) threat is real and the grounds
More informationConfiguring Access Rules
Configuring Access Rules Rules > Access Rules About Access Rules Displaying Access Rules Specifying Maximum Zone-to-Zone Access Rules Changing Priority of a Rule Adding Access Rules Editing an Access Rule
More information(2½ hours) Total Marks: 75
(2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together.
More informationInternet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.
Internet Layers Application Application Transport Transport Network Network Network Network Link Link Link Link Ethernet Fiber Optics Physical Layer Wi-Fi ARP requests and responses IP: 192.168.1.1 MAC:
More informationImplementation Guide - VPN Network with Static Routing
Implementation Guide - VPN Network with Static Routing This guide contains advanced topics and concepts. Follow the links in each section for step-by-step instructions on how to configure the following
More informationBasic Concepts in Intrusion Detection
Technology Technical Information Services Security Engineering Roma, L Università Roma Tor Vergata, 23 Aprile 2007 Basic Concepts in Intrusion Detection JOVAN GOLIĆ Outline 2 Introduction Classification
More informationNetworking interview questions
Networking interview questions What is LAN? LAN is a computer network that spans a relatively small area. Most LANs are confined to a single building or group of buildings. However, one LAN can be connected
More informationGOPALAN COLLEGE OF ENGINEERING AND MANAGEMENT Department of Computer Science and Engineering COURSE PLAN
Appendix - C GOPALAN COLLEGE OF ENGINEERING AND MANAGEMENT Department of Computer Science and Engineering Academic Year: 2016-17 Semester: EVEN COURSE PLAN Semester: VI Subject Code& Name: 10CS64 & Computer
More informationQuestion No: 2 Which identifier is used to describe the application or process that submitted a log message?
Volume: 65 Questions Question No: 1 Which definition of a fork in Linux is true? A. daemon to execute scheduled commands B. parent directory name of a file pathname C. macros for manipulating CPU sets
More informationNT1210 Introduction to Networking. Unit 10
NT1210 Introduction to Networking Unit 10 Chapter 10, TCP/IP Transport Objectives Identify the major needs and stakeholders for computer networks and network applications. Compare and contrast the OSI
More informationNAT, IPv6, & UDP CS640, Announcements Assignment #3 released
NAT, IPv6, & UDP CS640, 2015-03-03 Announcements Assignment #3 released Overview Network Address Translation (NAT) IPv6 Transport layer User Datagram Protocol (UDP) Network Address Translation (NAT) Hacky
More informationUNIT 2 TRANSPORT LAYER
Network, Transport and Application UNIT 2 TRANSPORT LAYER Structure Page No. 2.0 Introduction 34 2.1 Objective 34 2.2 Addressing 35 2.3 Reliable delivery 35 2.4 Flow control 38 2.5 Connection Management
More informationAPP-ID. A foundation for visibility and control in the Palo Alto Networks Security Platform
APP-ID A foundation for visibility and control in the Palo Alto Networks Security Platform App-ID uses multiple identification techniques to determine the exact identity of applications traversing your
More informationTOWARDS HIGH-PERFORMANCE NETWORK APPLICATION IDENTIFICATION WITH AGGREGATE-FLOW CACHE
TOWARDS HIGH-PERFORMANCE NETWORK APPLICATION IDENTIFICATION WITH AGGREGATE-FLOW CACHE Fei He 1, 2, Fan Xiang 1, Yibo Xue 2,3 and Jun Li 2,3 1 Department of Automation, Tsinghua University, Beijing, China
More informationApplication Note How to use Quality of Service
Application Note How to use Quality of Service This application note describes how to use Quality of Service. The document consists of standard instructions that may not fit your particular solution. Please
More informationInternet Security Firewalls
Overview Internet Security Firewalls Ozalp Babaoglu Cryptographic technologies Secure Sockets Layer IPSec Exo-structures Firewalls Virtual Private Networks ALMA MATER STUDIORUM UNIVERSITA DI BOLOGNA 2
More informationEnhancing Byte-Level Network Intrusion Detection Signatures with Context
Enhancing Byte-Level Network Intrusion Detection Signatures with Context Robin Sommer sommer@in.tum.de Technische Universität München Germany Vern Paxson vern@icir.org International Computer Science Institute
More informationW is a Firewall. Internet Security: Firewall. W a Firewall can Do. firewall = wall to protect against fire propagation
W is a Firewall firewall = wall to protect against fire propagation Internet Security: Firewall More like a moat around a medieval castle restricts entry to carefully controlled points restricts exits
More informationData & Computer Communication
Basic Networking Concepts A network is a system of computers and other devices (such as printers and modems) that are connected in such a way that they can exchange data. A bridge is a device that connects
More informationCSC Network Security
CSC 474 -- Security Topic 9. Firewalls CSC 474 Dr. Peng Ning 1 Outline Overview of Firewalls Filtering Firewalls Proxy Servers CSC 474 Dr. Peng Ning 2 Overview of Firewalls CSC 474 Dr. Peng Ning 3 1 Internet
More informationCCNA Exploration Network Fundamentals. Chapter 3 Application Layer Functionality and Protocols
CCNA Exploration Network Fundamentals Chapter 3 Application Layer Functionality and Protocols Application Layer Functionality and Protocols Applications: The Interface Between the Networks Horny/Coufal
More informationPrincess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)
Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536) Prepared by Dr. Samia Chelloug E-mail: samia_chelloug@yahoo.fr Content
More informationChapter 6: Security of higher layers. (network security)
Chapter 6: Security of higher layers (network security) Outline TLS SET 1. TLS History of TLS SSL = Secure Socket Layer defined by Netscape normalized as TLS TLS = Transport Layer Security between TCP
More informationCOMPUTER NETWORK SECURITY
COMPUTER NETWORK SECURITY Prof. Dr. Hasan Hüseyin BALIK (7 th Week) 7. Denial-of-Service Attacks 7.Outline Denial of Service Attacks Flooding Attacks Distributed Denial of Service Attacks Application Based
More informationOverview of the Cisco Service Control Value Added Services Feature
CHAPTER 1 Overview of the Cisco Service Control Value Added Services Feature Revised: May 27, 2013, Introduction The VAS feature enables the Cisco SCE platform to access an external expert system for classification
More informationECE 333: Introduction to Communication Networks Fall 2002
ECE 333: Introduction to Communication Networks Fall 2002 Lecture 26: Transport layer I 1 Transport Layer In the remaining lectures, we will discuss several issues that are commonly addressed at the transport
More information10 Defense Mechanisms
SE 4C03 Winter 2006 10 Defense Mechanisms Instructor: W. M. Farmer Revised: 23 March 2006 1 Defensive Services Authentication (subject, source) Access control (network, host, file) Data protection (privacy
More informationGuide to Networking Essentials, 6 th Edition. Chapter 5: Network Protocols
Guide to Networking Essentials, 6 th Edition Chapter 5: Network Protocols Objectives Describe the purpose of a network protocol, the layers in the TCP/IP architecture, and the protocols in each TCP/IP
More informationFull file at
ch02 True/False Indicate whether the statement is true or false. 1. IP addresses have links to domain names to make it possible for users to identify and access resources on a network. 2. As a frame moves
More informationTRANSMISSION CONTROL PROTOCOL. ETI 2506 TELECOMMUNICATION SYSTEMS Monday, 7 November 2016
TRANSMISSION CONTROL PROTOCOL ETI 2506 TELECOMMUNICATION SYSTEMS Monday, 7 November 2016 ETI 2506 - TELECOMMUNICATION SYLLABUS Principles of Telecom (IP Telephony and IP TV) - Key Issues to remember 1.
More information1/18/13. Network+ Guide to Networks 5 th Edition. Objectives. Chapter 10 In-Depth TCP/IP Networking
Network+ Guide to Networks 5 th Edition Chapter 10 In-Depth TCP/IP Networking Objectives Understand methods of network design unique to TCP/IP networks, including subnetting, CIDR, and address translation
More informationSections Describing Standard Software Features
30 CHAPTER This chapter describes how to configure quality of service (QoS) by using automatic-qos (auto-qos) commands or by using standard QoS commands. With QoS, you can give preferential treatment to
More informationIndicate whether the statement is true or false.
Indicate whether the statement is true or false. 1. Packet-filtering firewalls scan network data packets looking for compliance with the rules of the firewall s database or violations of those rules. 2.
More informationUser Datagram Protocol(UDP)
User Datagram Protocol(UDP) UDP is a connectionless protocol. There is no mechanism for ensuring that data sent is received by the destination. Hence, it is an unreliable protocol. A unit of data sent
More informationCMPE 80N: Introduction to Networking and the Internet
CMPE 80N: Introduction to Networking and the Internet Katia Obraczka Computer Engineering UCSC Baskin Engineering Lecture 11 CMPE 80N Fall'10 1 Announcements Forum #2 due on 11.05. CMPE 80N Fall'10 2 Last
More informationIntroduction to computer networking
edge core Introduction to computer networking Comp Sci 3600 Security Outline edge core 1 2 edge 3 core 4 5 6 The edge core Outline edge core 1 2 edge 3 core 4 5 6 edge core Billions of connected computing
More informationThe DNS. Application Proxies. Circuit Gateways. Personal and Distributed Firewalls The Problems with Firewalls
Network Security - ISA 656 Application Angelos Stavrou August 20, 2008 Application Distributed Why move up the stack? Apart from the limitations of packet filters discussed last time, firewalls are inherently
More informationAdvanced Security and Mobile Networks
WJ Buchanan. ASMN (1) Advanced Security and Mobile Networks Unit 1: Network Security Application Presentation Session Transport Network Data Link Physical OSI Application Transport Internet Internet model
More informationChair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 8 System Vulnerabilities and Denial of Service Attacks System Vulnerabilities and
More informationECE 333: Introduction to Communication Networks Fall 2001
ECE 333: Introduction to Communication Networks Fall 2001 Lecture 26: Transport layer I 1 Transport Layer In the remaining lectures, we will discuss several issues that are commonly addressed at the transport
More informationB.Sc. (Hons.) Computer Science with Network Security B.Eng. (Hons) Telecommunications B.Sc. (Hons) Business Information Systems
B.Sc. (Hons.) Computer Science with Network Security B.Eng. (Hons) Telecommunications B.Sc. (Hons) Business Information Systems Bridge BTEL/PT BCNS/14/FT BIS/14/FT BTEL/14/FT Examinations for 2014-2015
More informationProtocol Data Hiding. By Chet Hosmer Article Posted: March 06, 2012
Protocol Data Hiding By Chet Hosmer Article Posted: March 06, 2012 On Cinco de Mayo in 1997, which happened to be the first Monday in May that year, the Hacker Publication First Monday included an article
More informationCSCD 433/533 Advanced Networks Spring Lecture 22 Quality of Service
CSCD 433/533 Advanced Networks Spring 2016 Lecture 22 Quality of Service 1 Topics Quality of Service (QOS) Defined Properties Integrated Service Differentiated Service 2 Introduction Problem Overview Have
More informationEmerging Threat Intelligence using IDS/IPS. Chris Arman Kiloyan
Emerging Threat Intelligence using IDS/IPS Chris Arman Kiloyan Who Am I? Chris AUA Graduate (CS) Thesis : Cyber Deception Automation and Threat Intelligence Evaluation Using IDS Integration with Next-Gen
More information10CS64-Computer Networks-II Question Bank PART A
10CS64-Computer Networks-II Question Bank PART A Unit -1 PACKET SWITCHING NETWORKS-I:In this chapter we learn what is packet switching networks, general issues regarding packet switching networks. We examine
More informationOSI Transport Layer. objectives
LECTURE 5 OSI Transport Layer objectives 1. Roles of the Transport Layer 1. segmentation of data 2. error detection 3. Multiplexing of upper layer application using port numbers 2. The TCP protocol Communicating
More informationTransporting Voice by Using IP
Transporting Voice by Using IP National Chi Nan University Quincy Wu Email: solomon@ipv6.club.tw 1 Outline Introduction Voice over IP RTP & SIP Conclusion 2 Digital Circuit Technology Developed by telephone
More informationNetwork Security and Cryptography. 2 September Marking Scheme
Network Security and Cryptography 2 September 2015 Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers to the questions,
More informationWhat is a firewall? Firewall and IDS/IPS. Firewall design. Ingress vs. Egress firewall. The security index
What is a firewall? Firewall and IDS/IPS firewall = wall to protect against fire propagation controlled connection between s at different security levels = boundary protection ( filter) Antonio Lioy
More informationDepartment of Computer Science. Burapha University 6 SIP (I)
Burapha University ก Department of Computer Science 6 SIP (I) Functionalities of SIP Network elements that might be used in the SIP network Structure of Request and Response SIP messages Other important
More informationPESIT Bangalore South Campus Hosur road, 1km before Electronic City, Bengaluru -100 Department of Computer Science & Engineering
INTERNAL ASSESSMENT TEST 2 Date : 01/04/2015 Max Marks : 50 Subject & Code : Computer Networks-II/10CS64 Section : VI- A & VI-C Name of faculty : Ravi Dixit Time : 8:30-10:00am Note: Answer ALL Questions
More informationWhy Firewalls? Firewall Characteristics
Why Firewalls? Firewalls are effective to: Protect local systems. Protect network-based security threats. Provide secured and controlled access to Internet. Provide restricted and controlled access from
More informationSections Describing Standard Software Features
27 CHAPTER This chapter describes how to configure quality of service (QoS) by using automatic-qos (auto-qos) commands or by using standard QoS commands. With QoS, you can give preferential treatment to
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through
More informationUDP and TCP. Introduction. So far we have studied some data link layer protocols such as PPP which are responsible for getting data
ELEX 4550 : Wide Area Networks 2015 Winter Session UDP and TCP is lecture describes the two most common transport-layer protocols used by IP networks: the User Datagram Protocol (UDP) and the Transmission
More informationCN1047 INTRODUCTION TO COMPUTER NETWORKING CHAPTER 6 OSI MODEL TRANSPORT LAYER
CN1047 INTRODUCTION TO COMPUTER NETWORKING CHAPTER 6 OSI MODEL TRANSPORT LAYER Transport Layer The Transport layer ensures the reliable arrival of messages and provides error checking mechanisms and data
More informationCSC 4900 Computer Networks: Security Protocols (2)
CSC 4900 Computer Networks: Security Protocols (2) Professor Henry Carter Fall 2017 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message Integrity 8.4 End point Authentication
More informationAutomated Traffic Classification and Application Identification using Machine Learning. Sebastian Zander, Thuy Nguyen, Grenville Armitage
Automated Traffic Classification and Application Identification using Machine Learning Sebastian Zander, Thuy Nguyen, Grenville Armitage {szander,tnguyen,garmitage}@swin.edu.au Centre for Advanced Internet
More informationConfiguring Web Cache Services By Using WCCP
CHAPTER 44 Configuring Web Cache Services By Using WCCP This chapter describes how to configure your Catalyst 3560 switch to redirect traffic to wide-area application engines (such as the Cisco Cache Engine
More informationData Communications and Networks Spring Syllabus and Reading Assignments
Data Communications and Networks Spring 2018 Syllabus and Assignments Revision Date: January 24, 2018 Course : This course teaches the design and implementation techniques essential for engineering robust
More informationDenial of Service (DoS)
Flood Denial of Service (DoS) Comp Sci 3600 Security Outline Flood 1 2 3 4 5 Flood 6 7 8 Denial-of-Service (DoS) Attack Flood The NIST Computer Security Incident Handling Guide defines a DoS attack as:
More informationQuality-of-Service Option for Proxy Mobile IPv6
Internet Engineering Task Force (IETF) Request for Comments: 7222 Category: Standards Track ISSN: 2070-1721 M. Liebsch NEC P. Seite Orange H. Yokota KDDI Lab J. Korhonen Broadcom Communications S. Gundavelli
More informationThe Client Server Model and Software Design
The Client Server Model and Software Design Prof. Chuan-Ming Liu Computer Science and Information Engineering National Taipei University of Technology Taipei, TAIWAN MCSE Lab, NTUT, TAIWAN 1 Introduction
More informationUser Role Firewall Policy
User Role Firewall Policy An SRX Series device can act as an Infranet Enforcer in a UAC network where it acts as a Layer 3 enforcement point, controlling access by using IP-based policies pushed down from
More informationHOW TO ANALYZE AND UNDERSTAND YOUR NETWORK
Handbook HOW TO ANALYZE AND UNDERSTAND YOUR NETWORK Part 3: Network Traffic Monitoring or Packet Analysis? by Pavel Minarik, Chief Technology Officer at Flowmon Networks www.flowmon.com In previous two
More informationOverview of TCP/IP Overview of TCP/IP protocol: TCP/IP architectural models TCP protocol layers.
Overview of TCP/IP 3 Overview of TCP/IP protocol: TCP/IP architectural models TCP protocol layers. 4 2 5 6 3 7 8 4 9 10 5 11 12 6 13 14 7 15 16 8 17 18 9 19 20 10 21 Why TCP/IP? Packet based Provides decentralized
More informationfirewalls perimeter firewall systems firewalls security gateways secure Internet gateways
Firewalls 1 Overview In old days, brick walls (called firewalls ) built between buildings to prevent fire spreading from building to another Today, when private network (i.e., intranet) connected to public
More informationNetwork Security. Thierry Sans
Network Security Thierry Sans HTTP SMTP DNS BGP The Protocol Stack Application TCP UDP Transport IPv4 IPv6 ICMP Network ARP Link Ethernet WiFi The attacker is capable of confidentiality integrity availability
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 24a December 2, 2013 CPSC 467, Lecture 24a 1/20 Secure Shell (SSH) Transport Layer Security (TLS) Digital Rights Management and Trusted
More informationSecurity Statement Revision Date: 23 April 2009
Security Statement Revision Date: 23 April 2009 ISL Online, ISL Light, ISL AlwaysOn, ISL Pronto, and ISL Groop are registered trademarks of XLAB d.o.o. Copyright (c) 2003-2009 XLAB d.o.o. Ljubljana. All
More informationFirewall-Friendly VoIP Secure Gateway and VoIP Security Issues
Firewall-Friendly VoIP Secure Gateway and VoIP Security Issues v Noriyuki Fukuyama v Shingo Fujimoto v Masahiko Takenaka (Manuscript received September 26, 2003) IP telephony services using VoIP (Voice
More informationCyberP3i Course Module Series
CyberP3i Course Module Series Spring 2017 Designer: Dr. Lixin Wang, Associate Professor Firewall Configuration Firewall Configuration Learning Objectives 1. Be familiar with firewalls and types of firewalls
More informationConfiguring Security on the GGSN
CHAPTER 12 This chapter describes how to configure security features on the gateway GPRS support node (GGSN), including Authentication, Authorization, and Accounting (AAA), and RADIUS. IPSec on the Cisco
More informationa. the physical layer, b. and the data-link layer. a. three physical layers, b. three data-link layers, c. and only one network layer.
CHAPTER PRACTICE SET Questions Q-. Q-. To make the communication bidirectional, each layer needs to be able to provide two opposite tasks, one in each direction. The link-layer switch is normally involved
More informationHP Instant Support Enterprise Edition (ISEE) Security overview
HP Instant Support Enterprise Edition (ISEE) Security overview Advanced Configuration A.03.50 Mike Brandon Interex 03 / 30, 2004 2003 Hewlett-Packard Development Company, L.P. The information contained
More information