Firewall and IDS. TELE3119: Week8
|
|
- Melina Douglas
- 6 years ago
- Views:
Transcription
1 Firewall ad IDS TELE3119: Week8
2 Outlie Firewalls Itrusio Detectio Systems (IDSs) Itrusio Prevetio Systems (IPSs) 8-2
3 Example Attacks Disclosure, modificatio, ad destructio of data Compromise a host ad use it as a Lauchpad to attack others Moitor ad capture user passwords, the impersoate the user 8-3
4 Firewalls firewall isolates orgaizatio s iteral et from larger Iteret, allowig some packets to pass, blockig others. admiistered etwork public Iteret firewall 8-4
5 Firewalls May orgaizatios have distict eeds public data (e.g., website) accessible to ayoe iteral data oly accessible to employees Solutio: ier ad out (DMZ) etworks 8-5
6 Firewall Capabilities Cotrol access restrict icomig ad outgoig traffic accordig to security policies Log traffics (for later aalysis) Network address traslatio (NAT) Ecryptio/decryptio 8-6
7 Firewalls: How? prevet deial of service attacks: SYN floodig: attacker establishes may bogus TCP coectios, o resources left for real coectios prevet illegal modificatio/access of iteral data. e.g., attacker replaces CIA s homepage with somethig else allow oly authorized access to iside etwork (set of autheticated users/hosts) three types of firewalls: stateless packet filters stateful packet filters applicatio gateways 8-7
8 Stateless packet filterig Should arrivig packet be allowed i? Departig packet let out? iteral etwork coected to Iteret via router firewall router filters packet-by-packet, decisio to forward/drop packet based o: source IP address, destiatio IP address TCP/UDP source ad destiatio port umbers ICMP message type TCP SYN ad ACK bits 8-8
9 Stateless packet filterig: example example 1: block icomig ad outgoig datagrams with IP protocol field = 17 ad with either source or dest port = 23. all icomig, outgoig UDP flows ad telet coectios are blocked. example 2: Block iboud TCP segmets with ACK=0. prevets exteral cliets from makig TCP coectios with iteral cliets, but allows iteral cliets to coect to outside. 8-9
10 Stateless packet filterig: more examples Policy Firewall Settig No outside Web access. No icomig TCP coectios, except those for istitutio s public Web server oly. Prevet Web-radios from eatig up the available badwidth. Prevet your etwork from beig used for a smurf DoS attack. Prevet your etwork from beig tracerouted Orgaizatio s etwork: /
11 Stateless packet filterig: more examples Policy No outside Web access. No icomig TCP coectios, except those for istitutio s public Web server oly. Prevet Web-radios from eatig up the available badwidth. Prevet your etwork from beig used for a smurf DoS attack. Prevet your etwork from beig tracerouted Firewall Settig Drop all outgoig packets to ay IP address, port 80 Drop all icomig TCP SYN packets to ay IP, except , port 80 Drop all icomig UDP packets - except DNS ad router broadcasts. Drop all ICMP packets goig to a broadcast address (e.g ). Drop all outgoig ICMP TTL expired traffic Orgaizatio s etwork: /
12 Access Cotrol Lists ACL: table of rules, applied top to bottom to icomig packets: (actio, coditio) pairs actio source address dest address protocol source port dest port flag bit allow /16 outside of /16 TCP > ay allow outside of / /16 TCP 80 > 1023 ACK allow /16 outside of /16 UDP > allow outside of / /16 UDP 53 > dey all all all all all all 8-12
13 Stateless filterig Decisios are made o a per-packet basis o state iformatio about previous packets is maitaied e.g., how to hadle fragmeted packets? tiy-fragmet attack: fragmet the packet so most of the TCP header i a secod fragmet Easy to implemet but havig limited capabilities 8-13
14 Stateful packet filterig stateless packet filter: heavy haded tool admits packets that make o sese, e.g., dest port = 80, ACK bit set, eve though o TCP coectio established: è DoS how about filterig TCP ACK packets too? actio source address dest address protocol source port dest port flag bit allow outside of / /16 TCP 80 > 1023 ACK stateful packet filter: track status of every TCP coectio track coectio setup (SYN), teardow (FIN): ca determie whether icomig, outgoig packets makes sese timeout iactive coectios at firewall: o loger admit packets 8-14
15 Coectio Table: example source address dest address Source port dest port Three ogoig TCP coectios All iitiated from withi the orgaizatio Check coectio i ACL rules 8-15
16 Stateful packet filterig ACL augmeted to idicate eed to check coectio state table before admittig packet actio source address allow /16 allow outside of /16 dest address outside of / /16 proto source port dest port TCP > flag bit ay check coxio TCP 80 > 1023 ACK x allow /16 outside of /16 UDP > allow outside of / /16 UDP 53 > x dey all all all all all all 8-16
17 Attack example A attacker seds a packet TCP source port 80 ACK flag set TCP dest port IP source Firewall checks the coectio table Reject or accept? 8-17
18 Stateful filterig Decisios are made i the cotext of coectios (flows) if packet starts a ew coectio: check rules for ew coectios if packet is part of a existig coectio: check rules for the existig coectio, ad the update the state of the coectio More powerful tha stateless packet filterig ca recogize more sophisticated threats ca implemet more complex policies 8-18
19 ACL use-case: Telet 8-19
20 Telet The followig rules allow user to telet from to ay destiatio, but ot vice-versa 8-20
21 ACL use-case: FTP 8-21
22 FTP The followig rules allow user to FTP (ot passive FTP) from ay IP to the FTP server ( ) (problems?) 8-22
23 Applicatio gateways filters packets o applicatio data as well as o IP/TCP/UDP fields. example: allow selected iteral users to telet outside. host-to-gateway telet sessio applicatio gateway gateway-to-remote host telet sessio router ad filter 1. reuire all telet users to telet through gateway. 2. for authorized users, gateway sets up telet coectio to dest host. Gateway relays data betwee 2 coectios 3. router/filter blocks all telet coectios ot origiatig from gateway. 8-23
24 Limitatios of firewalls ad gateways IP spoofig: router ca t kow if data really comes from claimed source filters ofte use all or othig policy for UDP if multiple app s. eed special treatmet, each has ow app. gateway cliet software must kow how to cotact gateway. e.g., must set IP address of proxy i Web browser computatioally expesive tradeoff: degree of commuicatio with outside world, level of security may highly protected sites still suffer from attacks 8-24
25 Itrusio detectio systems packet filterig: operates o TCP/IP headers oly o correlatio check amog sessios IDS: itrusio detectio system deep packet ispectio: look at packet cotets (e.g., check character strigs i packet agaist database of kow virus, attack strigs) examie correlatio amog multiple packets port scaig etwork mappig DoS attack 8-25
26 Itrusio detectio systems multiple IDSs: differet types of checkig at differet locatios applicatio gateway firewall Iteret iteral etwork IDS sesors Web server FTP server DNS server demilitarized zoe 8-26
27 IDS Detect if attacks are beig attempted or if system has bee compromised IDS should be: accurate, fast, flexible, easy to uderstad ad maage 8-27
28 Measurig Accuracy Evets are actios occurrig i the system (e.g., file access, logi, etc) A itrusio is a evet that is a part of a attack A alarm is geerated if a evet is diagosed as beig a itrusio itrusio o-itrusio alarm true positive false positive o alarm false egative true egative 8-28
29 Measurig Accuracy (ct d) True positive rate: fractio of itrusios correctly detected False egative rate: fractio of itrusio icorrectly detected FNR = 1 TPR True egative rate: fractio of o-itrusio correctly diagosed False positive rate: fractio of o-itrusio icorrectly diagosed FPR = 1 - TNR 8-29
30 Measurig Accuracy (ct d) It is trivial to have 100% TPR or 0% FPR how? Need both...challegig 8-30
31 Example evets, 300 itrusios, 2800 alarms of which 298 are correct diagose, 2502 are ot: TPR =? FNR =? TNR =? FPR =? 8-31
32 Example evets, 300 itrusios, 2800 alarms of which 298 are correct diagose, 2502 are ot: TPR = 298 /300 = 99.3% FNR = 1 - TPR = 0.7% TNR = [(70, ) 2502]/(70, ) = 96.4% FPR = 3.6% 8-32
33 Base-Rate Fallacy IDS ofte suffers from base-rate fallacy itrusios are rare evets; o-itrusios are commo correctly detected itrusios are swapped by icorrectly detected o-itrusios! Previous example: oly 298 out of 2800 alarms (10.6%) are correct i reality, ofte less tha 1% alarms are real itrusios 8-33
34 IDS types Sigature-based systems Aomaly-based systems 8-34
35 Sigature-Based IDS Detect attack usig sigatures Siffs packets, compares with sigatures i DB characteristics of real attacks Set of characteristics about a sigle packet or a series of packets Oly detect already-kow attacks Alerts are geerated FPR is low, but FNR is high 8-35
36 Aomaly Detectio Defie a model of ormal behavior, try to detect deviatio from it Potetially detect ew (ot previouslyecoutered) attacks FNR is low, FPR is high 8-36
37 Example Metrics Freuecy of a evet è alert if too high e.g. sudde expoetial growth i port sca Time betwee evets è alert if too small e.g. iordiate percetage of ICMP packets Resource utilizatio è alert if too high Statistical measures (mea, stadard deviatio etc) Markov process: expected likelihood of trasitio from oe system state to aother, or from oe output to aother 8-37
38 Where is IDS Deployed? Host-based IDS moitors activities o a sigle host Network-based IDS moitors traffic (e.g., packet headers) 8-38
39 Host-Based IDS Use OS moitorig mechaisms to fid compromised applicatios e.g., file accesses ad system calls Advatage: better visibility ito behavior of idividual apps Example: virus detectio. How? 8-39
40 Host-Based IDS: Problems Need a IDS for every machie May be tampered by the attacker o the same machie Oly local view of the attack 8-40
41 Network-Based IDS Passively ispect etwork traffic ad moitor traffic patter protocol violatios, uusual coectio patters... Advatage: sigle NIDS ca detect may hosts ad look for widespread patters of activity 8-41
42 NIDS: problems may be defeated by ecryptio ot all attacks arrive from the etwork must process huge amout of etwork traffic overload NIDS with huge data streams, the attack 8-42
43 NIDS example: Sort Popular ope-source NIDS Liux, UNIX ad Widows Uses the geeric siffig iterface libpcap Similar to Wireshark Ca hadle 100Mbps of traffic Multiple istaces are eeded for Gbps+ Large ruleset for vulerabilities (more tha 4000) Supported by commuity of security experts Withi a few hours of a ew attack, the sigature is released! 8-43
44 Sort sigature alert icmp $EXTERNAL_NET ay -> $HOME_NET ay (msg: ICMP PING NMAP ; dsize: 0; itype: 8;) Sigature: Ay packets eter the orgaizatio s etwork from the outside, type 8 (ICMP pig), empty payload (dsize=0) Alert: ICMP PING NMAP 8-44
Chapter 8 roadmap. Network Security
Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity 8.4 Securing e-mail 8.5 Securing TCP connections: SSL 8.6 Network layer security: IPsec 8.7 Securing
More informationFIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others
FIREWALLS 1 FIREWALLS Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others FIREWALLS: WHY Prevent denial of service attacks: SYN ooding: attacker
More informationBGP Attributes and Path Selection. ISP Training Workshops
BGP Attributes ad Path Selectio ISP Traiig Workshops 1 BGP Attributes The tools available for the job 2 What Is a Attribute?... Next Hop AS Path MED...... p Part of a BGP Update p Describes the characteristics
More informationCSC 4900 Computer Networks: Security Protocols (2)
CSC 4900 Computer Networks: Security Protocols (2) Professor Henry Carter Fall 2017 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message Integrity 8.4 End point Authentication
More informationIntrusion Detection System (IDS) IT443 Network Security Administration Slides courtesy of Bo Sheng
Intrusion Detection System (IDS) IT443 Network Security Administration Slides courtesy of Bo Sheng 1 Internet Security Mechanisms Prevent: Firewall, IPsec, SSL Detect: Intrusion Detection Survive/ Response:
More informationFirewalls. Firewall. means of protecting a local system or network of systems from network-based security threats creates a perimeter of defense
FIREWALLS 3 Firewalls Firewall means of protecting a local system or network of systems from network-based security threats creates a perimeter of defense administered network public Internet firewall
More informationBike MS: 2013 Participant Center guide
Bike MS: 2013 Participat Ceter guide bikems.org 1 Why use Olie Fudraisig Tools? Usig olie tools makes fudraisig easier Table of Cotets Participats who use persoal pages raise more moey! Bike MS $883 v.
More informationBike MS: 2014 Participant Center guide
Bike MS: 2014 Participat Ceter guide bikems.org 1 Table of Cotets Why Use Olie Fudraisig Tools... 2 Participat Ceter... 3 Guide to Olie Fudraisig... 3 Edit Persoal Page... 5 Address Book... 7 Email Messages...
More informationSession Initiated Protocol (SIP) and Message-based Load Balancing (MBLB)
F5 White Paper Sessio Iitiated Protocol (SIP) ad Message-based Load Balacig (MBLB) The ability to provide ew ad creative methods of commuicatios has esured a SIP presece i almost every orgaizatio. The
More informationLecture 28: Data Link Layer
Automatic Repeat Request (ARQ) 2. Go ack N ARQ Although the Stop ad Wait ARQ is very simple, you ca easily show that it has very the low efficiecy. The low efficiecy comes from the fact that the trasmittig
More informationMessage Integrity and Hash Functions. TELE3119: Week4
Message Itegrity ad Hash Fuctios TELE3119: Week4 Outlie Message Itegrity Hash fuctios ad applicatios Hash Structure Popular Hash fuctios 4-2 Message Itegrity Goal: itegrity (ot secrecy) Allows commuicatig
More informationBIKE MS: 2015 PARTICIPANT CENTER GUIDE
BIKE MS: 2015 PARTICIPANT CENTER GUIDE bikems.org 1 Table of Cotets Why Use Olie Fudraisig Tools... 2 Participat Ceter... 3 Guide to Olie Fudraisig... 3 Edit Persoal Page... 5 Address Book... 7 Email Messages...
More informationDATA MINING II - 1DL460
DATA MINING II - 1DL460 Sprig 2017 A secod course i data miig http://www.it.uu.se/edu/course/homepage/ifoutv2/vt17/ Kjell Orsbor Uppsala Database Laboratory Departmet of Iformatio Techology, Uppsala Uiversity,
More informationThe Value of Peering
The Value of Peerig ISP/IXP Workshops These materials are licesed uder the Creative Commos Attributio-NoCommercial 4.0 Iteratioal licese (http://creativecommos.org/liceses/by-c/4.0/) Last updated 25 th
More informationCSC 220: Computer Organization Unit 11 Basic Computer Organization and Design
College of Computer ad Iformatio Scieces Departmet of Computer Sciece CSC 220: Computer Orgaizatio Uit 11 Basic Computer Orgaizatio ad Desig 1 For the rest of the semester, we ll focus o computer architecture:
More informationAnnouncements. Reading. Project #4 is on the web. Homework #1. Midterm #2. Chapter 4 ( ) Note policy about project #3 missing components
Aoucemets Readig Chapter 4 (4.1-4.2) Project #4 is o the web ote policy about project #3 missig compoets Homework #1 Due 11/6/01 Chapter 6: 4, 12, 24, 37 Midterm #2 11/8/01 i class 1 Project #4 otes IPv6Iit,
More informationOverview of Firewalls. CSC 474 Network Security. Outline. Firewalls. Intrusion Detection System (IDS)
CSC 474 Network Security Topic 8.4 Firewalls and Intrusion Detection Systems (IDS) 1 Outline Firewalls Filtering firewalls Proxy firewalls Intrusion Detection System (IDS) Rule-based IDS Anomaly detection
More informationCMSC Computer Architecture Lecture 12: Virtual Memory. Prof. Yanjing Li University of Chicago
CMSC 22200 Computer Architecture Lecture 12: Virtual Memory Prof. Yajig Li Uiversity of Chicago A System with Physical Memory Oly Examples: most Cray machies early PCs Memory early all embedded systems
More informationArchitectural styles for software systems The client-server style
Architectural styles for software systems The cliet-server style Prof. Paolo Ciacarii Software Architecture CdL M Iformatica Uiversità di Bologa Ageda Cliet server style CS two tiers CS three tiers CS
More informationBasic allocator mechanisms The course that gives CMU its Zip! Memory Management II: Dynamic Storage Allocation Mar 6, 2000.
5-23 The course that gives CM its Zip Memory Maagemet II: Dyamic Storage Allocatio Mar 6, 2000 Topics Segregated lists Buddy system Garbage collectio Mark ad Sweep Copyig eferece coutig Basic allocator
More informationCS 111: Program Design I Lecture 19: Networks, the Web, and getting text from the Web in Python
CS 111: Program Desig I Lecture 19: Networks, the Web, ad gettig text from the Web i Pytho Robert H. Sloa & Richard Warer Uiversity of Illiois at Chicago April 3, 2018 Goals Lear about Iteret Lear about
More informationThreads and Concurrency in Java: Part 1
Cocurrecy Threads ad Cocurrecy i Java: Part 1 What every computer egieer eeds to kow about cocurrecy: Cocurrecy is to utraied programmers as matches are to small childre. It is all too easy to get bured.
More informationSwitching Hardware. Spring 2018 CS 438 Staff, University of Illinois 1
Switchig Hardware Sprig 208 CS 438 Staff, Uiversity of Illiois Where are we? Uderstad Differet ways to move through a etwork (forwardig) Read sigs at each switch (datagram) Follow a kow path (virtual circuit)
More informationThreads and Concurrency in Java: Part 1
Threads ad Cocurrecy i Java: Part 1 1 Cocurrecy What every computer egieer eeds to kow about cocurrecy: Cocurrecy is to utraied programmers as matches are to small childre. It is all too easy to get bured.
More informationCSCI 454/554 Computer and Network Security. Topic 8.4 Firewalls and Intrusion Detection Systems (IDS)
CSCI 454/554 Computer and Network Security Topic 8.4 Firewalls and Intrusion Detection Systems (IDS) Outline Firewalls Filtering firewalls Proxy firewalls Intrusion Detection System (IDS) Rule-based IDS
More informationChapter 1. Introduction to Computers and C++ Programming. Copyright 2015 Pearson Education, Ltd.. All rights reserved.
Chapter 1 Itroductio to Computers ad C++ Programmig Copyright 2015 Pearso Educatio, Ltd.. All rights reserved. Overview 1.1 Computer Systems 1.2 Programmig ad Problem Solvig 1.3 Itroductio to C++ 1.4 Testig
More informationn Learn how resiliency strategies reduce risk n Discover automation strategies to reduce risk
Chapter Objectives Lear how resiliecy strategies reduce risk Discover automatio strategies to reduce risk Chapter #16: Architecture ad Desig Resiliecy ad Automatio Strategies 2 Automatio/Scriptig Resiliet
More informationSecurity of Bluetooth: An overview of Bluetooth Security
Versio 2 Security of Bluetooth: A overview of Bluetooth Security Marjaaa Träskbäck Departmet of Electrical ad Commuicatios Egieerig mtraskba@cc.hut.fi 52655H ABSTRACT The purpose of this paper is to give
More informationMotivation for this class
CSE 535 : Lecture 1 Itroductio to Acceleratio of Networkig Algorithms i Hardware Washigto Uiversity Fall 2003 http://www.arl.wustl.edu/arl/projects/fpx/cse535/ Copyright 2003, Joh W Lockwood Lockwood@arl.wustl.edu
More informationNetwork Security Protocols and Defensive Mechanisms
CS 155 Sprig 2017 Network Security Protocols ad Defesive Mechaisms Joh Mitchell Network security What is the etwork for? What properties might attackers destroy? Cofidetiality : o iformatio revealed to
More informationCourse Information. Details. Topics. Network Examples. Overview. Walrand Lecture 1. EECS 228a. EECS 228a Lecture 1 Overview: Networks
Walrad Lecture 1 Course Iformatio Lecture 1 Overview: Networks Jea Walrad www.eecs.berkeley.edu/~wlr Istructor: Jea Walrad Office Hours: M-Tu 1:00-2:00 Time/Place: MW 2:00-3:30 i 285 Cory Home Page: http://wwwist.eecs.berkeley.edu/~ee228a
More informationCMSC Computer Architecture Lecture 11: More Caches. Prof. Yanjing Li University of Chicago
CMSC 22200 Computer Architecture Lecture 11: More Caches Prof. Yajig Li Uiversity of Chicago Lecture Outlie Caches 2 Review Memory hierarchy Cache basics Locality priciples Spatial ad temporal How to access
More informationElementary Educational Computer
Chapter 5 Elemetary Educatioal Computer. Geeral structure of the Elemetary Educatioal Computer (EEC) The EEC coforms to the 5 uits structure defied by vo Neuma's model (.) All uits are preseted i a simplified
More informationOracle Server. What s New in this Release? Release Notes
Oracle email Server Release Notes Release 5.2 for Widows NT May 2001 Part No. A90426-01 These release otes accompay Oracle email Server Release 5.2 for Widows NT. They cotai the followig topics: What s
More informationSystem and Software Architecture Description (SSAD)
System ad Software Architecture Descriptio (SSAD) Diabetes Health Platform Team #6 Jasmie Berry (Cliet) Veerav Naidu (Project Maager) Mukai Nog (Architect) Steve South (IV&V) Vijaya Prabhakara (Quality
More informationOutline. Internet Security Mechanisms. Basic Terms. Example Attacks
Outline AIT 682: Network and Systems Security Topic 8.4 Firewalls and Intrusion Detection Systems (IDS) Firewalls Filtering firewalls Proxy firewalls Intrusion Detection System (IDS) Rule-based IDS Anomaly
More informationAIT 682: Network and Systems Security
AIT 682: Network and Systems Security Topic 8.4 Firewalls and Intrusion Detection Systems (IDS) Instructor: Dr. Kun Sun Firewalls Filtering firewalls Proxy firewalls Outline Intrusion Detection System
More informationMorgan Kaufmann Publishers 26 February, COMPUTER ORGANIZATION AND DESIGN The Hardware/Software Interface. Chapter 5.
Morga Kaufma Publishers 26 February, 208 COMPUTER ORGANIZATION AND DESIGN The Hardware/Software Iterface 5 th Editio Chapter 5 Virtual Memory Review: The Memory Hierarchy Take advatage of the priciple
More informationChapter 4 The Datapath
The Ageda Chapter 4 The Datapath Based o slides McGraw-Hill Additioal material 24/25/26 Lewis/Marti Additioal material 28 Roth Additioal material 2 Taylor Additioal material 2 Farmer Tae the elemets that
More informationComputer Networks. Wenzhong Li. Nanjing University
Computer Networks Wenzhong Li Nanjing University 1 Chapter 7. Network Security Network Attacks Cryptographic Technologies Message Integrity and Authentication Key Distribution Firewalls Transport Layer
More informationn Explore virtualization concepts n Become familiar with cloud concepts
Chapter Objectives Explore virtualizatio cocepts Become familiar with cloud cocepts Chapter #15: Architecture ad Desig 2 Hypervisor Virtualizatio ad cloud services are becomig commo eterprise tools to
More informationIntroduction to OSPF. ISP Training Workshops
Itroductio to OSPF ISP Traiig Workshops 1 OSPF p Ope Shortest Path First p Lik state or SPF techology p Developed by OSPF workig group of IETF (RFC 1247) p OSPFv2 stadard described i RFC2328 p Desiged
More informationTCP Internals. Spring 2018 CS 438 Staff, University of Illinois 1
TCP Iterals Sprig 2018 CS 438 Staff, Uiversity of Illiois 1 TCP Usage Model Coectio setup 3-way hadshake Data trasport Seder writes data TCP Breaks data ito segmets Seds each segmet over IP Retrasmits,
More informationResource Public Key Infrastructure for Secure Border Gateway Protocol
Resource Public Key Ifrastructure for Secure Border Gateway Protocol George Chag, Majid Ariaezhad, ad Ljiljaa Trajković gkchag@sfu.ca, ariaezhad@live.com, ljilja@sfu.ca Commuicatio Networks Laboratory
More informationUnwanted Traffic: Denial of Service Attacks
CS 155 Uwated Traffic: Deial of Service Attacks Da Boeh 1 What is etwork DoS? Goal: take out a large site with little computig work How: Amplificatio Small umber of packets big effect Two types of amplificatio
More informationOPC Server ECL Comfort 210/310 OPC Server
OPC Server Descriptio j l j o j l k j l j Modbus-RS485 k Etheret or Iteret l Modbus-TCP ECL Cofort cotroller Heat eter o SCADA server The Dafoss is a OPC-copliat server that serves data to OPC cliets.
More informationGoals of the Lecture UML Implementation Diagrams
Goals of the Lecture UML Implemetatio Diagrams Object-Orieted Aalysis ad Desig - Fall 1998 Preset UML Diagrams useful for implemetatio Provide examples Next Lecture Ð A variety of topics o mappig from
More informationWYSE Academic Challenge Sectional Computer Science 2005 SOLUTION SET
WYSE Academic Challege Sectioal Computer Sciece 2005 SOLUTION SET 1. Correct aswer: a. Hz = cycle / secod. CPI = 2, therefore, CPI*I = 2 * 28 X 10 8 istructios = 56 X 10 8 cycles. The clock rate is 56
More informationOne advantage that SONAR has over any other music-sequencing product I ve worked
*gajedra* D:/Thomso_Learig_Projects/Garrigus_163132/z_productio/z_3B2_3D_files/Garrigus_163132_ch17.3d, 14/11/08/16:26:39, 16:26, page: 647 17 CAL 101 Oe advatage that SONAR has over ay other music-sequecig
More informationUsing the Keyboard. Using the Wireless Keyboard. > Using the Keyboard
1 A wireless keyboard is supplied with your computer. The wireless keyboard uses a stadard key arragemet with additioal keys that perform specific fuctios. Usig the Wireless Keyboard Two AA alkalie batteries
More informationUnit 2. Basic Linux Security
it 2 Basic Liux ecurity oa Warre Cofigurig g Cliet ervices Cofigure superservers to hadle multiple etwork services et up admiistrative services like loggig ad pritig se simple etwork iformatio services
More informationGlobal Support Guide. Verizon WIreless. For the BlackBerry 8830 World Edition Smartphone and the Motorola Z6c
Verizo WIreless Global Support Guide For the BlackBerry 8830 World Editio Smartphoe ad the Motorola Z6c For complete iformatio o global services, please refer to verizowireless.com/vzglobal. Whether i
More informationExact Minimum Lower Bound Algorithm for Traveling Salesman Problem
Exact Miimum Lower Boud Algorithm for Travelig Salesma Problem Mohamed Eleiche GeoTiba Systems mohamed.eleiche@gmail.com Abstract The miimum-travel-cost algorithm is a dyamic programmig algorithm to compute
More informationChapter 4 Threads. Operating Systems: Internals and Design Principles. Ninth Edition By William Stallings
Operatig Systems: Iterals ad Desig Priciples Chapter 4 Threads Nith Editio By William Stalligs Processes ad Threads Resource Owership Process icludes a virtual address space to hold the process image The
More informationReliable Transmission. Spring 2018 CS 438 Staff - University of Illinois 1
Reliable Trasmissio Sprig 2018 CS 438 Staff - Uiversity of Illiois 1 Reliable Trasmissio Hello! My computer s ame is Alice. Alice Bob Hello! Alice. Sprig 2018 CS 438 Staff - Uiversity of Illiois 2 Reliable
More informationOptimizing Out-of-band Management
> Techical White Paper Optimizig Out-of-bad Maagemet For Solaris Servers ABOUT UPLOGIX // Uplogix provides eterprise edge maagemet solutios for orgaizatios seekig to reduce the cost ad complexity of maagig
More informationReview: The ACID properties
Recovery Review: The ACID properties A tomicity: All actios i the Xactio happe, or oe happe. C osistecy: If each Xactio is cosistet, ad the DB starts cosistet, it eds up cosistet. I solatio: Executio of
More informationData diverse software fault tolerance techniques
Data diverse software fault tolerace techiques Complemets desig diversity by compesatig for desig diversity s s limitatios Ivolves obtaiig a related set of poits i the program data space, executig the
More informationGuaranteeing Hard Real Time End-to-End Communications Deadlines
Guarateeig Hard Real Time Ed-to-Ed Commuicatios Deadlies K. W. Tidell A. Burs A. J. Welligs Real Time Systems Research Group Departmet of Computer Sciece Uiversity of York e-mail: ke@mister.york.ac.uk
More informationInformation Metrics for Low-rate DDoS Attack Detection : A Comparative Evaluation
Iformatio Metrics for Low-rate DDoS Attack Detectio : A Comparative Evaluatio Moowar. Bhuya Dept. of Computer Sciece ad Egg Kaziraga Uiversity Koraikhowa, Jorhat 785006, Assam moowar.tezu@gmail.com D.
More informationn Learn how to implement identity management controls n Learn how to implement access management controls n Prevent unauthorized access
Chapter Objectives Lear how to implemet idetity maagemet cotrols Lear how to implemet access maagemet cotrols Chapter #20: Idetity ad Access Maagemet 2 Idetity ad Access Maagemet Cotrols All actios will
More informationFirewalls and NAT. Firewalls. firewall isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others.
Firews and NAT 1 Firews By conventional definition, a firew is a partition made of fireproof material designed to prevent the spread of fire from one part of a building to another. firew isolates organization
More information1. SWITCHING FUNDAMENTALS
. SWITCING FUNDMENTLS Switchig is the provisio of a o-demad coectio betwee two ed poits. Two distict switchig techiques are employed i commuicatio etwors-- circuit switchig ad pacet switchig. Circuit switchig
More informationMorgan Kaufmann Publishers 26 February, COMPUTER ORGANIZATION AND DESIGN The Hardware/Software Interface. Chapter 5
Morga Kaufma Publishers 26 February, 28 COMPUTER ORGANIZATION AND DESIGN The Hardware/Software Iterface 5 th Editio Chapter 5 Set-Associative Cache Architecture Performace Summary Whe CPU performace icreases:
More informationTransitioning to BGP
Trasitioig to BGP ISP Workshops These materials are licesed uder the Creative Commos Attributio-NoCommercial 4.0 Iteratioal licese (http://creativecommos.org/liceses/by-c/4.0/) Last updated 24 th April
More informationTable 2 GSM, UMTS and LTE Coverage Levels
6 INDICATORS OF QUALITY OF SERVICE This sectio defies quality idicators that characterize the performace of services supported o mobile commuicatio systems i their various phases of access ad use 6. 6.1
More informationThe University of Adelaide, School of Computer Science 22 November Computer Architecture. A Quantitative Approach, Sixth Edition.
Computer Architecture A Quatitative Approach, Sixth Editio Chapter 2 Memory Hierarchy Desig 1 Itroductio Programmers wat ulimited amouts of memory with low latecy Fast memory techology is more expesive
More informationSwitch Construction CS
Switch Costructio CS 00 Workstatio-Based Aggregate badwidth /2 of the I/O bus badwidth capacity shared amog all hosts coected to switch example: Gbps bus ca support 5 x 00Mbps ports (i theory) I/O bus
More informationMOTIF XF Extension Owner s Manual
MOTIF XF Extesio Ower s Maual Table of Cotets About MOTIF XF Extesio...2 What Extesio ca do...2 Auto settig of Audio Driver... 2 Auto settigs of Remote Device... 2 Project templates with Iput/ Output Bus
More informationAppendix D. Controller Implementation
COMPUTER ORGANIZATION AND DESIGN The Hardware/Software Iterface 5 th Editio Appedix D Cotroller Implemetatio Cotroller Implemetatios Combiatioal logic (sigle-cycle); Fiite state machie (multi-cycle, pipelied);
More informationPython Programming: An Introduction to Computer Science
Pytho Programmig: A Itroductio to Computer Sciece Chapter 6 Defiig Fuctios Pytho Programmig, 2/e 1 Objectives To uderstad why programmers divide programs up ito sets of cooperatig fuctios. To be able to
More informationCourse Site: Copyright 2012, Elsevier Inc. All rights reserved.
Course Site: http://cc.sjtu.edu.c/g2s/site/aca.html 1 Computer Architecture A Quatitative Approach, Fifth Editio Chapter 2 Memory Hierarchy Desig 2 Outlie Memory Hierarchy Cache Desig Basic Cache Optimizatios
More informationPrivate Key Cryptography. TELE3119: Week2
Private Key Cryptography TELE3119: Week2 Private Key Ecryptio Also referred to as: covetioal ecryptio symmetric key ecryptio secret-key or sigle-key ecryptio Oly alterative before public-key ecryptio i
More informationLecture Notes 6 Introduction to algorithm analysis CSS 501 Data Structures and Object-Oriented Programming
Lecture Notes 6 Itroductio to algorithm aalysis CSS 501 Data Structures ad Object-Orieted Programmig Readig for this lecture: Carrao, Chapter 10 To be covered i this lecture: Itroductio to algorithm aalysis
More informationPerformance Analysis of Multiclass FIFO: Motivation, Difficulty and a Network Calculus Approach
Performace Aalysis of Multiclass FIFO: Motivatio, Difficulty ad a Network alculus Approach Yumig Jiag Norwegia Uiversity of Sciece ad Techology (NTNU) 1 19 March 2014, 2d Workshop o Network alculus, Bamberg,
More informationGuide to Applying Online
Guide to Applyig Olie Itroductio Respodig to requests for additioal iformatio Reportig: submittig your moitorig or ed of grat Pledges: submittig your Itroductio This guide is to help charities submit their
More informationMedia Access Protocols. Spring 2018 CS 438 Staff, University of Illinois 1
Media Access Protocols Sprig 2018 CS 438 Staff, Uiversity of Illiois 1 Where are We? you are here 00010001 11001001 00011101 A midterm is here Sprig 2018 CS 438 Staff, Uiversity of Illiois 2 Multiple Access
More informationHow do we evaluate algorithms?
F2 Readig referece: chapter 2 + slides Algorithm complexity Big O ad big Ω To calculate ruig time Aalysis of recursive Algorithms Next time: Litterature: slides mostly The first Algorithm desig methods:
More informationBaan Tools User Management
Baa Tools User Maagemet Module Procedure UP008A US Documetiformatio Documet Documet code : UP008A US Documet group : User Documetatio Documet title : User Maagemet Applicatio/Package : Baa Tools Editio
More informationΤεχνολογία Λογισμικού
ΕΘΝΙΚΟ ΜΕΤΣΟΒΙΟ ΠΟΛΥΤΕΧΝΕΙΟ Σχολή Ηλεκτρολόγων Μηχανικών και Μηχανικών Υπολογιστών Τεχνολογία Λογισμικού, 7ο/9ο εξάμηνο 2018-2019 Τεχνολογία Λογισμικού Ν.Παπασπύρου, Αν.Καθ. ΣΗΜΜΥ, ickie@softlab.tua,gr
More information% Sun Logo for. X3T10/95-229, Revision 0. April 18, 1998
Su Microsystems, Ic. 2550 Garcia Aveue Moutai View, CA 94045 415 960-1300 X3T10/95-229, Revisio 0 April 18, 1998 % Su Logo for Joh Lohmeyer Chairperso, X3T10 Symbios Logic Ic. 1635 Aeroplaza Drive Colorado
More informationISP Systems Design. ISP Workshops
ISP Systems Desig ISP Workshops These materials are licesed uder the Creative Commos Attributio-NoCommercial 4.0 Iteratioal licese (http://creativecommos.org/liceses/by-c/4.0/) Last updated 24 th April
More informationInternet Security: How the Internet works and some basic vulnerabilities. *Slides borrowed from Dan Boneh
Iteret Security: How the Iteret works ad some basic vulerabilities *Slides borrowed from Da Boeh Iteret Ifrastructure ISP Backboe ISP Local ad iterdomai routig TCP/IP for routig ad messagig BGP for routig
More informationBluetooth Basics. Bluetooth Overview
Bluetooth Basics Bluetooth Overview Wireless techology for short-rage voice ad data commuicatio Low-cost ad low-power Provides a commuicatio platform betwee a wide rage of smart devices Not limited to
More informationAnalysis Metrics. Intro to Algorithm Analysis. Slides. 12. Alg Analysis. 12. Alg Analysis
Itro to Algorithm Aalysis Aalysis Metrics Slides. Table of Cotets. Aalysis Metrics 3. Exact Aalysis Rules 4. Simple Summatio 5. Summatio Formulas 6. Order of Magitude 7. Big-O otatio 8. Big-O Theorems
More informationImprovement of the Orthogonal Code Convolution Capabilities Using FPGA Implementation
Improvemet of the Orthogoal Code Covolutio Capabilities Usig FPGA Implemetatio Naima Kaabouch, Member, IEEE, Apara Dhirde, Member, IEEE, Saleh Faruque, Member, IEEE Departmet of Electrical Egieerig, Uiversity
More informationHow Deutsche Telekom protects customer data
KEEPING THE CLOUD OF THINGS Secure How Deutsche Telekom protects customer data CotetS Maximum security with the Cloud of Thigs A secure start CONTENTS 1. THE CLOUD OF THINGS IT All starts with access 1.
More informationMANAGED! PREPARE TO BE FEATURES HANDHELD USER DISPLAYS. Specifications MEASUREMENT STABILIZATION INDICATOR
FEATURES Trasfers data easily betwee Hadheld & PC via USB cable. Stores up to 3000 temperatures ad 300 meu items. Sets Max / Mi temperature limit idicators. Stores custom meus for easy recall. Exports
More information1&1 Next Level Hosting
1&1 Next Level Hostig Performace Level: Performace that grows with your requiremets Copyright 1&1 Iteret SE 2017 1ad1.com 2 1&1 NEXT LEVEL HOSTING 3 Fast page loadig ad short respose times play importat
More informationCS 111: Program Design I Lecture 18: Web and getting text from it
CS 111: Program Desig I Lecture 18: Web ad gettig text from it Robert H. Sloa & Richard Warer Uiversity of Illiois at Chicago October 25, 2016 Goals Lear about Iteret ad how to access it directly from
More informationIPv6 Security. ISP Workshops
IPv6 Security ISP Workshops These materials are licesed uder the Creative Commos Attributio-NoCommercial 4.0 Iteratioal licese (http://creativecommos.org/liceses/by-c/4.0/) Last updated 11 th April 2018
More informationCOMPUTER ORGANIZATION AND DESIGN The Hardware/Software Interface. Chapter 4. The Processor Advanced Issues
COMPUTER ORGANIZATION AND DESIGN The Hardware/Software Iterface 5 th Editio Chapter 4 The Processor Advaced Issues Review: Pipelie Hazards Structural hazards Desig pipelie to elimiate structural hazards.
More informationAvid Interplay Bundle
Avid Iterplay Budle Versio 2.5 Cofigurator ReadMe Overview This documet provides a overview of Iterplay Budle v2.5 ad describes how to ru the Iterplay Budle cofiguratio tool. Iterplay Budle v2.5 refers
More informationLinux DNS (BIND), DHCP and Servers
it 8 Liux (B), HCP ad mail ervers oa Warre HCP oa Warre HCP ervice yamically assigs a P address to requestig machies P addresses are leased P addresses are leased scope of addresses ca be assiged or excluded
More informationPython Programming: An Introduction to Computer Science
Pytho Programmig: A Itroductio to Computer Sciece Chapter 1 Computers ad Programs 1 Objectives To uderstad the respective roles of hardware ad software i a computig system. To lear what computer scietists
More informationNetwork Time Protocol (NTP)
Network Time Protocol (NTP) Quick ad Dirty for AfNOG 2017 (Ayitey Bulley) About NTP Network Time Protocol project http://tp.org NTP is a protocol desiged to sychroize the clocks of computers over a etwork.
More informationProceedings of the 10 th USENIX Security Symposium
USENIX Associatio Proceedigs of the 0 th USENIX Security Symposium Washigto, DC, USA August 3 7, 00 THE ADVANCED COMPUTING SYSTEMS ASSOCIATION 00 by The USENIX Associatio All Rights Reserved For more iformatio
More informationComputer Communication Networks Network Security
Computer Communication Networks Network Security ICEN/ICSI 416 Fall 2016 Prof. Dola Saha 1 Network Security Goals: understand principles of network security: cryptography and its many uses beyond confidentiality
More informationIPv6 Routing Protocols. ISP Training Workshops
IPv6 Routig Protocols ISP Traiig Workshops 1 Iitial IPv6 Cofiguratio for Cisco IOS 2 IPv6 Cofiguratio o Cisco IOS p To eable IPv6 the followig global commads are required: Router(cofig)# ipv6 uicast-routig
More informationNetwork Time Protocol (NTP)
Network Time Protocol (NTP) Quick ad Dirty for AfNOG 2018 (Michuki Mwagi) Origial slides by Ayitey Bulley About NTP Network Time Protocol project http://tp.org NTP is a protocol desiged to sychroize the
More information