Influence of the TCP packet setting and encryption for data transfer in medical applications
|
|
- Ethan Ford
- 8 years ago
- Views:
Transcription
1 Influence of the TCP packet setting and encryption for data transfer in medical applications VLADIMÍR SCHINDLER Department of Telecommunications,Faculty of Electrical Engineering and Communication Brno University of Technology Technická 12, Brno CZECH REPUBLIC ALEŠ ROČEK Technical Support Department,Institute of Computer Science Masaryk University, Botanická 554/68a, Brno CZECH REPUBLIC Abstract: The Requirements for thespeedtransmissionwith adequatesecurity of transmittedinformationin medical applicationsare prerequisites for theproposed solution that has the following specificrequirementsto meet.especiallyforensuring thesecureaccess fromworkstationswithslower connectionis requiredoptimizationandencryption optionso that the userdid not feeltoo muchdiscomfort. Possibilities how tooptimize theparameters ofthe transmitted dataandismoresuitablecombinationscanachieve betterresults thanthe normalsetting of activenetwork elements.it is alsoimportant to choose asuitable type ofencryptionin orderto meetdemands forsafe transmissionof sensitivemedical information as well asthe volume of thetransferred dataconsiderablyincreased. Key-Words:MSS, Medical applications, MeDiMed, MTU, IPsec, Iperf, PACS 1 Introduction Privacy and data security is a key point of many computer applications. transport over public data network (Internet) should be protected via encrypted tunnels. Tunneling protocols together with encryption algorithms bring some additional overhead which decrease the bandwidth available for the real data transport. The aim of this paper is to analyze protocol overhead introduced by both the IPSEC protocol itself and data encryption algorithm. We intend to fine tune TCP (Transmission Control Protocol) parameters to maximize data throughput when the TCP stream is transported over an IPSEC tunnel. The results of this measurement will be taken into consideration when optimizing the design solution for connecting a small healthcare institution and workstations within the project MeDiMed, which uses the system PACS (Picture Archiving and Communications System) for work with a medical data. 1.1 PACS and MeDiMed PACS is a currently used procedure and methodology for processing medical multimedia data obtained from picture acquisition machines like computer tomography, ultrasound, x-ray etc. Multimedia medicine data obtained from these machines - in PACS terminology called modalities - are stored in central PACS server. The Shared Regional PACS project MeDiMed started as a collaborative effort among Brno hospitals to process medical multimedia data. Masaryk University is the coordinator of this project ensuring that the demands and requirements of radiology departments are met, overseeing the changing legislative standards and the practical limitations of technology. The new goal for the MeDiMed project is to offer PACS system to small institutions. Small healthcare institutions and private doctor's offices usually have limited Internet connectivity and data network availability in general [1]. ISBN:
2 The aim of the InstantPACS project is to develop a maintenance-free PACS system suitable for small and mid-sized healthcare institutions. This PACS system should offer a user amenity obvious in hospitals including e.g. automatic backup of medicine data. The most important properties are user friendliness, maintenance free operation and pricing acceptable for private doctor's offices. This project is an integral part of the MeDiMed shared regional PACS server overlaying project. As small healthcare institutions and private doctor's offices are being more and more equipped with diagnostics devices like CT, X-ray, ultrasound etc. we expect demand for medicine picture data processing capabilities and services. Our intention is to offer PACS services also to these new perspective medicine users. The specific property of PACS or any ICT services in small healthcare institution is limited bandwidth available for medicine picture data transport. The main intention of this work is optimization of networking protocol's parameters to maximize bandwidth utilization. [1] 1.2 MSS MSS (Maximum Segment Size) indicates the largest amount of TCP data that can be sent in TCP segment. The resulting IP datagram is still about 40 octets longer (IP and TCP s), encapsulation TCP segment to the IP diagram is shown in Fig. 1. Theoretically the MSS can be bytes long, but practically is used MTU (maximum transmission unit) value of outgoing interface reduced by 40 octets (e.g. for Ethernet would be MSS 1500B 40B = 1460B) Typical size of the MSS is just 1460 bytes. In case the TCP segment is longer than 1460 bytes, there may happens further fragmentation by a network layer in IP protocol. The MSS is not a value that the devices negotiate during establishing a connection with each other. Any device may use the optional opportunity to inform its peer about the MSS which expect, but it is not required. If the information about MSS is missing, it is set to default value of 536 octets. The network performance can be degraded by using either extremely large or extremely short segments. Each segment contains at least 40 octets of the IP and the TCP except separate data. [11] The number of bits: less or equal than MSS TCP TCP data 1.3IPsec The term IPsec (IP Security Protocol) adds security mechanism to the network layer. IPsec defines two security mechanisms. The first mechanism is authentication, which ensures the authenticity of transmitted data. The receiver can verify that the received IP packet was originate from the sender. Adding an AH (Authentication Header) to the IPv4 transport mode is shown in Fig. 2 and in tunnel mode in Fig. 3. [10] The second mechanism is encryption, where everything except the of the packet is encrypted using a pre-agreed algorithm. The recipient must agree in advance with the sender, which type of encryption will be used. Using (Encapsulating Security Payload) in transport mode is shown in Fig. 4 and in tunnel mode in Fig. 5. [10] IPsec is independent of the upper layer protocols. The application need not support any special communication methods to transmit over IPsec. It is possible to create an encrypted tunnel (VPN) or encrypt only communication between two computers. New - Before applying AH - - After applying AH - AH Fig. 2.AH in transport mode in IPv4. AH - Before applying AH - - After applying AH - Authenticated (except for the mutable fields in the new ) Fig. 3.AH in tunnel mode in IPv4. Fig. 1.Encapsulation TCP segment to the IP diagram. ISBN:
3 - Before applying - environment is also positioned firewall Cisco ASA 5505, which encrypts traffic on the client side. MeDiMed SERVER IP - After applying - (Upper layer protocol trailer Encrypted (confidentially) Authenticated Authentication data Firewall ASA 5505 Switch Catalyst 3550 Fig. 4. in transport mode in IPv4. New IP - Before applying - - After applying - (Upper layer protocol) IP Encrypted (confidentially) Authenticated Fig. 5. in tunnel mode in IPv4. trailer Authentication data Network Switch Catalyst 3550 Firewall ASA 5505 Client 2 Research environment This method is based on comparing of delays necessary for transferring 500MB file between server and client using different combinations of ciphers and hash functions. From these measurements is selected one combination of the cipher and the hash function. With this combination are performed further measurements. Firstly, the influence of window size on the transmission delay, is shown. Secondly the effect of buffer size settings, to the transmission delay is measured. The last measurements again examine transmission delay influenced by the size MSS (Maximum Segment Size) at TCP packet. The scheme of research environment is shown in Fig. 6. It consists of a rackmount server, which is configured by aiperf program as a server. To this server is connected firewall Cisco ASA 5505, at which is set encryption, hash function and the size TCPMSS. Two Cisco Catalyst 3550 switches, which simulate ISP (internet service provider) terminals, are connected in addition to the measuring environment. They reduce maximal network speed to 10Mbps to better match the average speed of an internet provider. On the opposite side of research Fig. 6.Research environment 2.1Parameters of used computers Server rackmount server RedHat EL 5 Intel Xeon 2,8GHz 4 GB RAM, 80GB SSD HDD Iperf 2.0.5, rel. 1.el5 Client Notebook HP-6730b Win7 Prof. SP1 v b Intel Core2 Duo CPU T9400@2,53GHz 4GB RAM, 60GB HDD Iperf 1.7.0, Jperf Wireshark (SVN Rev from/trunk- 1.6) 2.2 Program Iperf a Jperf This utility is a simple application that tests throughput of the data link. Extension Jperf simplifies operation and parameters settings. Instead of using text commands can be simply entered the criteria in the graphical interface. On the server was ISBN:
4 installed Iperf rel 1.el5. On the client PC was installed Iperf and Jperf Application Wireshark Wireshark is one of the most widely used protocol analyzers. It is used to analyze and debug problems in computers networks. The application was installed on the client PC to monitor network traffic. Wireshark was used for transfer delay measuring of 500 megabytes file. 3 Measurement of a transmission speed 3.1 Comparing file transfer speed with different combinations of ciphers and hash functions On the both Cisco ASA 5505 firewalls were gradually set encryption and hashing parameters of transfer the 500MB file. The results of these measurements show the table 1 and graph 1. There it is compared five types of encryption. Starting from the simplest and unreliable DES ( Encryption Standard), through its improved version of 3DES (Triple DES) to the currently most widely used symmetric block cipher AES (Advanced Encryption Standard) with 128, 192, and 256-bit keys. The chart also shows how the transfer rate depends on a combination of encryption and hash functions. The MD5 (Message-Digest) and SHA (Secure Hash Algorithm) were chosen as a representatives of hash functions. For comparison of the measurements results were taken the values without hash function. Firewalls unfortunately don t allow set up transfer data without encryption and hash at the same time. The differences between the lowest and highest values within one used hash functions were very small and varied in a few kbps. The difference between the slowest transmission speed with a combination of encryption AES-256 with SHA and the highest speed of transmission with combination AES-256 without hash was about 19 kbps, which corresponds to 1.7%. For this reason was selected the combinations of a parameters, which were used for the additional measurements. It is an AES-256 and hash SHA. This combination is currently the strongest commonly used solution in the transmission of sensitive medical information. CRYPT HASH Speed[MBps] DES MD5 1, DES MD5 1,13264 AES-128 MD5 1,12542 AES-192 MD5 1,12357 AES-256 MD5 1,12345 NONE MD5 1,13596 DES SHA 1, DES SHA 1,12978 AES-128 SHA 1,12335 AES-192 SHA 1,12358 AES-256 SHA 1,12256 NONE SHA 1,13575 DES NO HASH 1, DES NO HASH 1,14154 AES-128 NO HASH 1,13408 AES-192 NO HASH 1,13438 AES-256 NO HASH 1,14163 NONE NO HASH 0 Tab. 1.File transfer speed of different combinations ofciphersandhash functions Graph. 1.File transfer speedof different combinations ofciphersandhash functions 3.2 Comparison of a file transfer speeds with different sizes of window size The transmission times of transmitting 500MB file, which were achieved by setting different sizes of window size in the TCP packet in Iperf are recorded in Chart 2. We set up the cipher AES-256 and SHA hash functions. Size of the buffer was 2 megabytes. The chart shows, that the highest speed was achieved in window with size 64kB. ISBN:
5 Graph. 2.File transfer speedwith different size of window size Graph. 4. File transfer rate of different MSS size 3.3 Comparison of a file transfer speeds with different buffer sizes The chart 3 shows the speed of transmission, which were achieved when we set up different TCP packet buffer size in application Iperf. Again, we set up cipher AES-256 and SHA hash function. The highest transfer rates were achieved in the buffer size 1 MB. Graph. 3.File transferspeed with different size of buffer size 4 Conclusion By optimizing the MTU can be partially improved the usage of data link. We have studied properties of TCP streams transported over IPSEC tunnel. Fine tuning of the TCP MSS according to used encryption algorithm can improve the data throughput. As expected, the bigger TCP MSS offers better data throughput in general. This is caused by less data units (packets) needed to transport the required amount of data. In case of AES-256 encryption algorithm, the best results were obtained when the TCP MSS is a multiple of 16 Bytes. E.g. if the TCP MSS must be below 1400 bytes due to properties of used transport technology (e.g. ADSL), the best data transfer rate will be achieved by setting the TCP MSS to 1396 B. The gain of this TCP MSS optimization is about 1.5%. It doesn t seems to be so much, but for lines with limited bandwidth (e.g. ADSL or 3G) may be helpful every even small throughput improvement. 3.4 Comparison of a file transfer speeds with different TCP MSS size To measure the effect of setting the MSS at the TCP packet were set up at firewalls following values: Size of the buffer 2MB Window size 64kB AES 256-bit key Hash function SHA. The graph 4 shows how with increasing size of the MSS increases the data transfer rate. Acknowledgements This work is supported by Czech Technology Agency fund project number TA "Maintenance-free PACS system for small and midsized healthcare institutions". References: [1] SLAVÍČEK, K., JAVORNÍK, M., DOSTÁL, O., Extension of the Shared Regional PACS Center MeDiMed to Smaller Healthcare Institutions. In The Eleventh International Conference on Networks. Saint Gilles, Reunion Island : IARIA, ISBN , s , Saint Gilles, Reunion Island. ISBN:
6 [2] JAVORNÍK, M., DOSTÁL, O., SLAVÍČEK, K., Regional Medical Imaging System. World Academy of Science, Engineering and Technology, France. ISSN X, 2011, vol. 7, no. 79, s [3] SLAVÍČEK, K., DOSTÁL, O., JAVORNÍK, M., DRDLA, M., MEDIMED - Regional Centre for Medicine Image Processing. InKnowledge Discovery and Mining. Published USA : IEEE Computer Society, ISBN , s , Phuket, Thailand. [4] SLAVÍČEK, K., JAVORNÍK, M., DOSTÁL, O., Redundancy in Processing of Medical Image. InFourth International Conference on Computer Sciences and Convergence Information Technology. Seoul, Korea : IEEE Computer Society Conference Publishing Services, ISBN , s [5] SLAVÍČEK, K., NOVÁK, V., Introduction of Alien Wavelength into Cesnet DWDM Backbone. InSixth International Conference on Information, Communications and Signal Processing.Singapore : IEEE, ISBN , s Singapore. [6] SLAVÍČEK, K., Maximum Frame Size in Large Layer 2 Networks. Lecture Notes in Computer Science, Germany. ISSN , 2007, vol. 4712, no. 1, s [7] DOSTÁL, O., SLAVÍČEK, K., Wireless Technology in Medicine Applications. InPersonal Wireless Communications. Published Praha : Springer Verlag, ISBN , s , Praha. [8] DOSTÁL, O., SLAVÍČEK, K., JAVORNÍK, M., PKI Utilisation for PACS Users Authentication. InICN 2006.Mauritius : IEEE Computer Society, ISBN , s , Mauritius. [9] DOSTÁL, O., JAVORNÍK, M., SLAVÍČEK, K., PETRENKO, M., MEDIMED-Regional Centre for Archiving and Interhospital Exchange of Medicine Multimedia. In Proceedings of the Second IASTED International Conference on Communications, Internet, and Information Technology.Scottsdale, Arizona, USA : International Association of Science and Technology for Development- IASTED, ISBN , s , Scottsdale Arizona USA. [10] RFC4302 IP Authentication Header, BBN Technologies, December The Internet Society [11] PUŽMANOVÁ, R., TCP/IP v kostce. 2nd ed. ČeskéBudějovice: KOPP, ISBN [12] Federal information processing standards publication (FIPS 197). Advanced Encryption Standard (AES), ISBN:
Performance Analysis of IPv4 v/s IPv6 in Virtual Environment Using UBUNTU
Performance Analysis of IPv4 v/s IPv6 in Virtual Environment Using UBUNTU Savita Shiwani Computer Science,Gyan Vihar University, Rajasthan, India G.N. Purohit AIM & ACT, Banasthali University, Banasthali,
More informationWireless Technology in Medicine Applications
Wireless Technology in Medicine Applications Otto Dostal and Karel Slavicek Institute of Computer Science Botanicka 68a, 60200 Brno, Czech Republic {otto,karel}@ics.muni.cz http://www.ics.muni.cz Abstract.
More informationNetwork Security Part II: Standards
Network Security Part II: Standards Raj Jain Washington University Saint Louis, MO 63131 Jain@cse.wustl.edu These slides are available on-line at: http://www.cse.wustl.edu/~jain/cse473-05/ 18-1 Overview
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure
More informationApplication Note. Windows 2000/XP TCP Tuning for High Bandwidth Networks. mguard smart mguard PCI mguard blade
Application Note Windows 2000/XP TCP Tuning for High Bandwidth Networks mguard smart mguard PCI mguard blade mguard industrial mguard delta Innominate Security Technologies AG Albert-Einstein-Str. 14 12489
More informationAPNIC elearning: IPSec Basics. Contact: training@apnic.net. esec03_v1.0
APNIC elearning: IPSec Basics Contact: training@apnic.net esec03_v1.0 Overview Virtual Private Networks What is IPsec? Benefits of IPsec Tunnel and Transport Mode IPsec Architecture Security Associations
More informationSecurity Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)
Security Protocols Security Protocols Necessary to communicate securely across untrusted network Provide integrity, confidentiality, authenticity of communications Based on previously discussed cryptographic
More informationINF3510 Information Security University of Oslo Spring 2011. Lecture 9 Communication Security. Audun Jøsang
INF3510 Information Security University of Oslo Spring 2011 Lecture 9 Communication Security Audun Jøsang Outline Network security concepts Communication security Perimeter security Protocol architecture
More informationMeasure wireless network performance using testing tool iperf
Measure wireless network performance using testing tool iperf By Lisa Phifer, SearchNetworking.com Many companies are upgrading their wireless networks to 802.11n for better throughput, reach, and reliability,
More informationSecurity in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity
Basic Security Requirements and Techniques Confidentiality The property that stored or transmitted information cannot be read or altered by an unauthorized party Integrity The property that any alteration
More informationVPN. VPN For BIPAC 741/743GE
VPN For BIPAC 741/743GE August, 2003 1 The router supports VPN to establish secure, end-to-end private network connections over a public networking infrastructure. There are two types of VPN connections,
More informationImplementing and Managing Security for Network Communications
3 Implementing and Managing Security for Network Communications............................................... Terms you ll need to understand: Internet Protocol Security (IPSec) Authentication Authentication
More informationHigh Performance VPN Solutions Over Satellite Networks
High Performance VPN Solutions Over Satellite Networks Enhanced Packet Handling Both Accelerates And Encrypts High-Delay Satellite Circuits Characteristics of Satellite Networks? Satellite Networks have
More information13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode
13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) PPP-based remote access using dial-in PPP encryption control protocol (ECP) PPP extensible authentication protocol (EAP) 13.2 Layer 2/3/4
More informationApplication Note: Onsight Device VPN Configuration V1.1
Application Note: Onsight Device VPN Configuration V1.1 Table of Contents OVERVIEW 2 1 SUPPORTED VPN TYPES 2 1.1 OD VPN CLIENT 2 1.2 SUPPORTED PROTOCOLS AND CONFIGURATION 2 2 OD VPN CONFIGURATION 2 2.1
More informationCS 356 Lecture 27 Internet Security Protocols. Spring 2013
CS 356 Lecture 27 Internet Security Protocols Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationProtocols. Packets. What's in an IP packet
Protocols Precise rules that govern communication between two parties TCP/IP: the basic Internet protocols IP: Internet Protocol (bottom level) all packets shipped from network to network as IP packets
More informationChapter 5. Data Communication And Internet Technology
Chapter 5 Data Communication And Internet Technology Purpose Understand the fundamental networking concepts Agenda Network Concepts Communication Protocol TCP/IP-OSI Architecture Network Types LAN WAN
More informationLecture 17 - Network Security
Lecture 17 - Network Security CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ Idea Why donʼt we just integrate some of these neat
More informationSecuring IP Networks with Implementation of IPv6
Securing IP Networks with Implementation of IPv6 R.M.Agarwal DDG(SA), TEC Security Threats in IP Networks Packet sniffing IP Spoofing Connection Hijacking Denial of Service (DoS) Attacks Man in the Middle
More informationQuality of Service Analysis of site to site for IPSec VPNs for realtime multimedia traffic.
Quality of Service Analysis of site to site for IPSec VPNs for realtime multimedia traffic. A Network and Data Link Layer infrastructure Design to Improve QoS in Voice and video Traffic Jesús Arturo Pérez,
More informationObjectives. Remote Connection Options. Teleworking. Connecting Teleworkers to the Corporate WAN. Providing Teleworker Services
ITE I Chapter 6 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Objectives Providing Teleworker Services Describe the enterprise requirements for providing teleworker services Explain how
More informationD1.2 Network Load Balancing
D1. Network Load Balancing Ronald van der Pol, Freek Dijkstra, Igor Idziejczak, and Mark Meijerink SARA Computing and Networking Services, Science Park 11, 9 XG Amsterdam, The Netherlands June ronald.vanderpol@sara.nl,freek.dijkstra@sara.nl,
More informationQuantifying the Performance Degradation of IPv6 for TCP in Windows and Linux Networking
Quantifying the Performance Degradation of IPv6 for TCP in Windows and Linux Networking Burjiz Soorty School of Computing and Mathematical Sciences Auckland University of Technology Auckland, New Zealand
More informationCisco 3745. Cisco 3845 X X X X X X X X X X X X X X X X X X
Data Sheet Virtual Private Network (VPN) Advanced Integration Module (AIM) for the 1841 Integrated Services Router and 2800 and 3800 Series Integrated Services Routers The VPN Advanced Integration Module
More informationSite to Site Virtual Private Networks (VPNs):
Site to Site Virtual Private Networks Programme NPFIT DOCUMENT RECORD ID KEY Sub-Prog / Project Information Governance NPFIT-FNT-TO-IG-GPG-0002.01 Prog. Director Mark Ferrar Owner Tim Davis Version 1.0
More informationIPv6 Security: How is the Client Secured?
IPv6 Security: How is the Client Secured? Jeffrey L Carrell Network Conversions Network Security Consultant 1 IPv6 Security: How is the Client Secured? IPv6/IPsec IPsec Challenges IPsec Monitoring/Management
More informationChapter 3. TCP/IP Networks. 3.1 Internet Protocol version 4 (IPv4)
Chapter 3 TCP/IP Networks 3.1 Internet Protocol version 4 (IPv4) Internet Protocol version 4 is the fourth iteration of the Internet Protocol (IP) and it is the first version of the protocol to be widely
More informationTechnical papers Virtual private networks
Technical papers Virtual private networks This document has now been archived Virtual private networks Contents Introduction What is a VPN? What does the term virtual private network really mean? What
More informationSecurity. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1
Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions
More informationOther VPNs TLS/SSL, PPTP, L2TP. Advanced Computer Networks SS2005 Jürgen Häuselhofer
Other VPNs TLS/SSL, PPTP, L2TP Advanced Computer Networks SS2005 Jürgen Häuselhofer Overview Introduction to VPNs Why using VPNs What are VPNs VPN technologies... TLS/SSL Layer 2 VPNs (PPTP, L2TP, L2TP/IPSec)
More informationRelease Notes. NCP Secure Entry Mac Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3. Known Issues
NCP Secure Entry Mac Client Service Release 2.05 Build 14711 December 2013 Prerequisites Apple OS X Operating System: The following Apple OS X operating system versions are supported with this release:
More informationEthernet. Ethernet. Network Devices
Ethernet Babak Kia Adjunct Professor Boston University College of Engineering ENG SC757 - Advanced Microprocessor Design Ethernet Ethernet is a term used to refer to a diverse set of frame based networking
More informationVirtual Private Network VPN IPSec Testing: Functionality Interoperability and Performance
Virtual Private Network VPN IPSec Testing: Functionality Interoperability and Performance Johnnie Chen Project Manager of Network Security Group Network Benchmarking Lab Network Benchmarking Laboratory
More informationIntegrated Services Router with the "AIM-VPN/SSL" Module
Virtual Private Network (VPN) Advanced Integration Module (AIM) for the 1841 Integrated Services Router and 2800 and 3800 Series Integrated Services Routers The VPN Advanced Integration Module (AIM) for
More informationUsing IPSec in Windows 2000 and XP, Part 2
Page 1 of 8 Using IPSec in Windows 2000 and XP, Part 2 Chris Weber 2001-12-20 This is the second part of a three-part series devoted to discussing the technical details of using Internet Protocol Security
More informationNetworking Test 4 Study Guide
Networking Test 4 Study Guide True/False Indicate whether the statement is true or false. 1. IPX/SPX is considered the protocol suite of the Internet, and it is the most widely used protocol suite in LANs.
More informationConfiguring an IPSec Tunnel between a Firebox & a Check Point FireWall-1
Configuring an IPSec Tunnel between a Firebox & a Check Point FireWall-1 This document describes how to configure an IPSec tunnel with a WatchGuard Firebox II or Firebox III (software version 4.5 or later)
More informationCisco Integrated Services Routers Performance Overview
Integrated Services Routers Performance Overview What You Will Learn The Integrated Services Routers Generation 2 (ISR G2) provide a robust platform for delivering WAN services, unified communications,
More informationCSCI 454/554 Computer and Network Security. Topic 8.1 IPsec
CSCI 454/554 Computer and Network Security Topic 8.1 IPsec Outline IPsec Objectives IPsec architecture & concepts IPsec authentication header IPsec encapsulating security payload 2 IPsec Objectives Why
More informationInternet Protocol Security IPSec
Internet Protocol Security IPSec Summer Semester 2011 Integrated Communication Systems Group Ilmenau University of Technology Outline Introduction Authentication Header (AH) Encapsulating Security Payload
More informationUnderstanding the Cisco VPN Client
Understanding the Cisco VPN Client The Cisco VPN Client for Windows (referred to in this user guide as VPN Client) is a software program that runs on a Microsoft Windows -based PC. The VPN Client on a
More informationViewing VPN Status, page 335. Configuring a Site-to-Site VPN, page 340. Configuring IPsec Remote Access, page 355
VPN This chapter describes how to configure Virtual Private Networks (VPNs) that allow other sites and remote workers to access your network resources. It includes the following sections: About VPNs, page
More informationChapter 4 Virtual Private Networking
Chapter 4 Virtual Private Networking This chapter describes how to use the virtual private networking (VPN) features of the FVL328 Firewall. VPN tunnels provide secure, encrypted communications between
More informationRelease Notes. NCP Secure Entry Mac Client. Major Release 2.01 Build 47 May 2011. 1. New Features and Enhancements. Tip of the Day
NCP Secure Entry Mac Client Major Release 2.01 Build 47 May 2011 1. New Features and Enhancements Tip of the Day A Tip of the Day field for configuration tips and application examples is incorporated in
More informationChapter 9. IP Secure
Chapter 9 IP Secure 1 Network architecture is usually explained as a stack of different layers. Figure 1 explains the OSI (Open System Interconnect) model stack and IP (Internet Protocol) model stack.
More informationNetwork Security. Lecture 3
Network Security Lecture 3 Design and Analysis of Communication Networks (DACS) University of Twente The Netherlands Security protocols application transport network datalink physical Contents IPSec overview
More informationFrequently Asked Questions
Frequently Asked Questions 1. Q: What is the Network Data Tunnel? A: Network Data Tunnel (NDT) is a software-based solution that accelerates data transfer in point-to-point or point-to-multipoint network
More informationConfiguring a Check Point FireWall-1 to SOHO IPSec Tunnel
Configuring a Check Point FireWall-1 to SOHO IPSec Tunnel This document describes the procedures required to configure an IPSec VPN tunnel between a WatchGuard SOHO or SOHO tc and a Check Point FireWall-1.
More information12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust
Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or
More informationIntegrated Services Router with the "AIM-VPN/SSL" Module
Virtual Private Network (VPN) Advanced Integration Module (AIM) for the 1841 Integrated Services Router and 2800 and 3800 Series Integrated Services Routers The VPN Advanced Integration Module (AIM) for
More informationNetwork Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide
Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead
More informationVirtual Private Networks
Virtual Private Networks ECE 4886 Internetwork Security Dr. Henry Owen Definition Virtual Private Network VPN! Virtual separation in protocol provides a virtual network using no new hardware! Private communication
More informationConfiguring a Lan-to-Lan VPN with Overlapping Subnets with Juniper NetScreen/ISG/SSG Products
Application Note Configuring a Lan-to-Lan VPN with Overlapping Subnets with Juniper NetScreen/ISG/SSG Products Version 1.0 January 2008 Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089
More informationUnderstanding TCP/IP. Introduction. What is an Architectural Model? APPENDIX
APPENDIX A Introduction Understanding TCP/IP To fully understand the architecture of Cisco Centri Firewall, you need to understand the TCP/IP architecture on which the Internet is based. This appendix
More informationMINI-FAQ: OpenBSD 2.4 IPSEC VPN Configuration
MINI-FAQ: OpenBSD 2.4 IPSEC VPN Configuration Maintainer: Steve McQuade v1.07 - March 2, 1999 After trying to configure an OpenBSD 2.4 IPSEC based VPN based on the samples and
More informationMeasuring the Impact of Security Protocols for Bandwidth
International Journal of Computing Academic Research (IJCAR) ISSN 2305-9184 Volume 3, Number 6(December 2014), pp. 131-137 MEACSE Publications http://www.meacse.org/ijcar Measuring the Impact of Security
More information7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?
7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk
More informationMonitoring of Tunneled IPv6 Traffic Using Packet Decapsulation and IPFIX
Monitoring of Tunneled IPv6 Traffic Using Packet Decapsulation and IPFIX Martin Elich 1,3, Matěj Grégr 1,2 and Pavel Čeleda1,3 1 CESNET, z.s.p.o., Prague, Czech Republic 2 Brno University of Technology,
More informationCCNA Security 1.1 Instructional Resource
CCNA Security 1.1 Instructional Resource Chapter 8 Implementing Virtual Private Networks 2012 Cisco and/or its affiliates. All rights reserved. 1 Describe the purpose and types of VPNs and define where
More informationPerformance Measurement of TCP/IP Header Compression
International Journal of Electronics and Communication Engineering. ISSN 0974-2166 Volume 4, Number 4 (2011), pp. 399-404 International Research Publication House http://www.irphouse.com Performance Measurement
More informationhis document discusses implementation of dynamic mobile network routing (DMNR) in the EN-4000.
EN-4000 Reference Manual Document 10 DMNR in the EN-4000 T his document discusses implementation of dynamic mobile network routing (DMNR) in the EN-4000. Encore Networks EN-4000 complies with all Verizon
More informationVXLAN: Scaling Data Center Capacity. White Paper
VXLAN: Scaling Data Center Capacity White Paper Virtual Extensible LAN (VXLAN) Overview This document provides an overview of how VXLAN works. It also provides criteria to help determine when and where
More informationInternet Architecture and Philosophy
Internet Architecture and Philosophy Conceptually, TCP/IP provides three sets of services to the user: Application Services Reliable Transport Service Connectionless Packet Delivery Service The underlying
More informationVMWARE WHITE PAPER 1
1 VMWARE WHITE PAPER Introduction This paper outlines the considerations that affect network throughput. The paper examines the applications deployed on top of a virtual infrastructure and discusses the
More informationIntroduction to Security and PIX Firewall
Introduction to Security and PIX Firewall Agenda Dag 28 Föreläsning LAB PIX Firewall VPN A Virtual Private Network (VPN) is a service offering secure, reliable connectivity over a shared, public network
More informationIPsec VPN Security between Aruba Remote Access Points and Mobility Controllers
IPsec VPN Security between Aruba Remote Access Points and Mobility Controllers Application Note Revision 1.0 10 February 2011 Copyright 2011. Aruba Networks, Inc. All rights reserved. IPsec VPN Security
More informationApplication Performance Analysis and Troubleshooting
Exam : 1T6-520 Title : Application Performance Analysis and Troubleshooting Version : DEMO 1 / 6 1. When optimizing application efficiency, an improvement in efficiency from the current 90% to an efficiency
More informationInternet Security. Internet Security Voice over IP. Introduction. ETSF10 Internet Protocols 2011-11-22. ETSF10 Internet Protocols 2011
Internet Security Voice over IP ETSF10 Internet Protocols 2011 Kaan Bür & Jens Andersson Department of Electrical and Information Technology Internet Security IPSec 32.1 SSL/TLS 32.2 Firewalls 32.4 + Voice
More informationOverview. Protocols. VPN and Firewalls
Computer Network Lab 2015 Fachgebiet Technische h Informatik, Joachim Zumbrägel Overview VPN VPN requirements Encryption VPN-Types Protocols VPN and Firewalls VPN-Definition VPNs (Virtual Private Networks)
More informationGuide to TCP/IP, Third Edition. Chapter 3: Data Link and Network Layer TCP/IP Protocols
Guide to TCP/IP, Third Edition Chapter 3: Data Link and Network Layer TCP/IP Protocols Objectives Understand the role that data link protocols, such as SLIP and PPP, play for TCP/IP Distinguish among various
More informationCommunication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009
16 th lecture Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009 1 25 Organization Welcome to the New Year! Reminder: Structure of Communication Systems lectures
More informationTechnical Notes TN 1 - ETG 3000. FactoryCast Gateway TSX ETG 3021 / 3022 modules. How to Setup a GPRS Connection?
FactoryCast Gateway TSX ETG 3021 / 3022 modules How to Setup a GPRS Connection? 1 2 Table of Contents 1- GPRS Overview... 4 Introduction... 4 GPRS overview... 4 GPRS communications... 4 GPRS connections...
More informationVPN Modules for Cisco 1841 and Cisco 2800 and 3800 Series Integrated Services Routers
Q&A VPN Modules for Cisco 1841 and Cisco 2800 and 3800 Series Integrated Services Routers OVERVIEW Q. What is a VPN? A. A VPN, or virtual private network, delivers the benefits of private network security,
More informationRohde & Schwarz R&S SITLine ETH VLAN Encryption Device Functionality & Performance Tests
Rohde & Schwarz R&S Encryption Device Functionality & Performance Tests Introduction Following to our test of the Rohde & Schwarz ETH encryption device in April 28 the European Advanced Networking Test
More informationRelease Notes. NCP Secure Client Juniper Edition. 1. New Features and Enhancements. 2. Problems Resolved
NCP Secure Client Juniper Edition Service Release: 9.30 Build 102 Date: February 2012 1. New Features and Enhancements The following describe the new features introduced in this release: Visual Feedback
More informationTECHNICAL CHALLENGES OF VoIP BYPASS
TECHNICAL CHALLENGES OF VoIP BYPASS Presented by Monica Cultrera VP Software Development Bitek International Inc 23 rd TELELCOMMUNICATION CONFERENCE Agenda 1. Defining VoIP What is VoIP? How to establish
More informationSecurity vulnerabilities in the Internet and possible solutions
Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in
More informationDefinition. A Historical Example
Overlay Networks This lecture contains slides created by Ion Stoica (UC Berkeley). Slides used with permission from author. All rights remain with author. Definition Network defines addressing, routing,
More informationCisco Networks (ONT) 2006 Cisco Systems, Inc. All rights reserved.
Optimizing Converged Cisco Networks (ONT) reserved. Lesson 2.4: Calculating Bandwidth Requirements for VoIP reserved. Objectives Describe factors influencing encapsulation overhead and bandwidth requirements
More informationESSENTIALS. Understanding Ethernet Switches and Routers. April 2011 VOLUME 3 ISSUE 1 A TECHNICAL SUPPLEMENT TO CONTROL NETWORK
VOLUME 3 ISSUE 1 A TECHNICAL SUPPLEMENT TO CONTROL NETWORK Contemporary Control Systems, Inc. Understanding Ethernet Switches and Routers This extended article was based on a two-part article that was
More informationHow To Industrial Networking
How To Industrial Networking Prepared by: Matt Crites Product: Date: April 2014 Any RAM or SN 6xxx series router Legacy firmware 3.14/4.14 or lower Subject: This document provides a step by step procedure
More informationTABLE OF CONTENTS NETWORK SECURITY 2...1
Network Security 2 This document is the exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and exclusive use by instructors
More informationCommunication Systems Internetworking (Bridges & Co)
Communication Systems Internetworking (Bridges & Co) Prof. Dr.-Ing. Lars Wolf TU Braunschweig Institut für Betriebssysteme und Rechnerverbund Mühlenpfordtstraße 23, 38106 Braunschweig, Germany Email: wolf@ibr.cs.tu-bs.de
More informationLecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References
Lecture Objectives Wireless Networks and Mobile Systems Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks Introduce security vulnerabilities and defenses Describe security functions
More informationISG50 Application Note Version 1.0 June, 2011
ISG50 Application Note Version 1.0 June, 2011 Scenario 1 - ISG50 is placed behind an existing ZyWALL 1.1 Application Scenario For companies with existing network infrastructures and demanding VoIP requirements,
More information21.4 Network Address Translation (NAT) 21.4.1 NAT concept
21.4 Network Address Translation (NAT) This section explains Network Address Translation (NAT). NAT is also known as IP masquerading. It provides a mapping between internal IP addresses and officially
More informationOverview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP
Overview Securing TCP/IP Chapter 6 TCP/IP Open Systems Interconnection Model Anatomy of a Packet Internet Protocol Security (IPSec) Web Security (HTTP over TLS, Secure-HTTP) Lecturer: Pei-yih Ting 1 2
More informationGuide to Network Defense and Countermeasures Third Edition. Chapter 2 TCP/IP
Guide to Network Defense and Countermeasures Third Edition Chapter 2 TCP/IP Objectives Explain the fundamentals of TCP/IP networking Describe IPv4 packet structure and explain packet fragmentation Describe
More informationTechnote. SmartNode Quality of Service for VoIP on the Internet Access Link
Technote SmartNode Quality of Service for VoIP on the Internet Access Link Applies to the following products SmartNode 1000 Series SmartNode 2000 Series SmartNode 4520 Series Overview Initially designed
More informationComputer Networks. Secure Systems
Computer Networks Secure Systems Summary Common Secure Protocols SSH HTTPS (SSL/TSL) IPSec Wireless Security WPA2 PSK vs EAP Firewalls Discussion Secure Shell (SSH) A protocol to allow secure login to
More informationTHE BCS PROFESSIONAL EXAMINATIONS BCS Level 5 Diploma in IT. October 2009 EXAMINERS' REPORT. Computer Networks
THE BCS PROFESSIONAL EXAMINATIONS BCS Level 5 Diploma in IT October 2009 EXAMINERS' REPORT Computer Networks General Comments The responses to questions were of marginally better quality than April 2009
More informationDATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0
DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS
More informationAn Experimental Study on Wireless Security Protocols over Mobile IP Networks
An Experimental Study on Wireless Security Protocols over Mobile IP Networks Avesh K. Agarwal Department of Computer Science Email: akagarwa@unity.ncsu.edu Jorinjit S. Gill Department of Electrical and
More informationClearing the Way for VoIP
Gen2 Ventures White Paper Clearing the Way for VoIP An Alternative to Expensive WAN Upgrades Executive Overview Enterprises have traditionally maintained separate networks for their voice and data traffic.
More informationVPN VPN requirements Encryption VPN-Types Protocols VPN and Firewalls
Overview VPN VPN requirements Encryption VPN-Types Protocols VPN and Firewalls Computer Net Lab/Praktikum Datenverarbeitung 2 1 VPN - Definition VPNs (Virtual Private Networks) allow secure data transmission
More informationBuilding scalable IPSec infrastructure with MikroTik. IPSec, L2TP/IPSec, OSPF
Building scalable IPSec infrastructure with MikroTik IPSec, L2TP/IPSec, OSPF Presenter information Tomas Kirnak Network design Security, wireless Servers Virtualization MikroTik Certified Trainer Atris,
More informationVPN over Satellite A comparison of approaches by Richard McKinney and Russell Lambert
Sales & Engineering 3500 Virginia Beach Blvd Virginia Beach, VA 23452 800.853.0434 Ground Operations 1520 S. Arlington Road Akron, OH 44306 800.268.8653 VPN over Satellite A comparison of approaches by
More informationCisco Site-to-Site VPN Lab 3 / GRE over IPSec VPNs by Michael T. Durham
Cisco Site-to-Site VPN Lab 3 / GRE over IPSec VPNs by Michael T. Durham In part two of NetCertLabs Cisco CCNA Security VPN lab series, we explored setting up a site-to-site VPN connection where one side
More informationInternet Protocol: IP packet headers. vendredi 18 octobre 13
Internet Protocol: IP packet headers 1 IPv4 header V L TOS Total Length Identification F Frag TTL Proto Checksum Options Source address Destination address Data (payload) Padding V: Version (IPv4 ; IPv6)
More information