Detecting misbehaving CDN nodes via peer surveillance. Nikolaos Michalakis Robert Soule, Gaurav Arora, Robert Grimm New York University
|
|
- Ophelia Boyd
- 8 years ago
- Views:
Transcription
1 Detecting misbehaving D nodes via peer surveillance ikolaos Michalakis Robert Soule, Gaurav Arora, Robert Grimm ew York University
2 Outline Protect content served through an untrusted ontent Distribution etwork/ Edge-side platform Motivation Dynamic content authenticity. Related work. Approach: Peer Surveillance. Experimental Setup and Evaluation. Future directions onclusions
3 Background: Large Scale Web-based ollaboration Web-based collaborative services for large-scale societal and educational problems. Example: YU Surgical Interactive Multimedia Modules (SIMMs) ontent-demanding Personalized Large-scale ollaboration across multiple institutions. = Edge-side content processing and generation.
4 a Kika ontent Delivery etwork (D). Static content. odes join a DHT for caching (a la oral). Dynamic content. Execute server-defined scripts locally. Service through DS redirection. ontrols who enters and leaves the D. Assumes trusted nodes. => In reality Scalability vs Trust Trade-off.
5 ontent Authenticity Problem an trust my domain but not others. content provider W W DS DS request authentic response misbehaving response optional D node content processing, generation Brazil 3 Greece 0 Brazil 0 Greece 1 and more serious attacks!
6 Outline Motivation Dynamic content authenticity. Related work. Peer Surveillance. Trusted and untrusted system bases. Surveillance problem. Monitoring: direct, espionage, informers. Response equivalence. Experimental Setup and Evaluation. Future directions onclusions
7 Related work (dynamic content authenticity) Sitegrity: detect tampering at server. Router signs all server executables. Server Agent sends signatures to router. Reverse problem in D. SSL Does not scale. Voting, fault-tolerance (a la LOKSS) Majority of replies. Slow. Assumes honest majority. What if strong adversarial foothold in D? Must detect and remove.
8 Protecting dynamic content Re-execute script locally. ompare with remote. lients cannot verify but a Kika nodes can! Monitoring channels between a Kika nodes. In other words, we need peer surveillance.
9 TB: the trusted computing base TB TB T TB: set of nodes trusted by the system. Rest of the system is untrusted (TB-not). The TB has a publicly known interface. Assume a small TB, controls client redirection.
10 AB: The adversarial computing base A A AB AB: nodes trusted by the adversary. Assumptions: Rational, rich, multiple roles, colluding. But: annot break cryptography. annot observe or block traffic from non-ab network interfaces.
11 The Verification Base T T V verification base Verification Base: nodes that can verify honest behavior, a Kika nodes. TB must verify. Alone does not scale. eed help from untrusted nodes. lient are unprotected.
12 The a Kika Base AB TB DS DS W W verification base unprotected request authentic response misbehaving response optional
13 Monitoring channels and surveillance Surveillance = effective and trusted channels. Effective: can relay evidence of misbehavior. E.g., a wiretap on Mallory. If discovered, Mallory will act honest. Trusted: the evidence is correct. E.g., -Kids, who broke the vase? -He did! -o, she did!
14 The Surveillance Problem T V verification base A unprotected Surveillance Problem: How can the TB prove that a node A is in AB? hallenge: T needs an effective and trusted channel to prove A is in AB. V,, and A cannot be trusted.
15 Direct monitoring Direct monitoring channel: direct node-to-node monitoring requests. Trusted But TB public, a Kika nodes revealed by DS. Ineffective channel: AB knows it s being monitored.
16 Effective monitoring channels T V verification base A unprotected Effective channel requirement: indistinguishable from regular communication channels. Only two methods left: espionage or informers. Espionage: V hides its identity to pass as client. Informers: forwards A s messages to T or V.
17 Effective but not trusted untrusted V T A? Man-in-the-middle attack: V or can modify A s messages. Leads to the he said she said problem. A in AB? V and say A is in AB?
18 Effective and Trusted V T A? Paranoid Assertion something wrong -> A,V is in AB. Problem: A frames V. Large AB can take over.
19 Effective and Trusted V T A? Accountability: Link a Kika nodes to generated content using signatures. drops unverifiable responses. If not, then he said she said A corrupts or says A corrupts? Protect honest nodes and clients at cost of total client buy-in.
20 Espionage TB hides identity of some a Kika nodes = spies. Spies act like regular clients, but report to TB. Rationally patient adversary: Honest until steady state. record all clients during that time. orrupt all clients appearing after. Adversary is safe with high probability. Spies must be in his records.
21 Informers 5. remove node from system AB W TB DS DS W 3. report 6. caught 4. verify honesty request authentic response misbehaving response optional 2. repeat 1. forward response with some probability
22 Informers Evaluation Scales. Always makes progress. an a client or verifier in AB frame honest nodes? o. Accountability. an a content provider in AB frame a Kika nodes? o. Let s see why...
23 Proof of Adversarial behavior Script signed by content provider: {S}_cp S_cp includes script URL. Input content signed by content provider: {I}_cp Generated response signed by node: {G}_n {G}_n includes {S}_cp and {I}_cp. Verifier repeats recipe using verifiable ingredients. heck if responses equivalent. How do we define equivalence?
24 Response Equivalence Requirement Response Equivalence Requirement If equivalent to trusted then accept. Equivalence relations: Idempotent Equivalence Rollback-idempotent equivalence Application-specific equivalence Idempotence -> absolute correctness Application-specific -> false positives, no negatives
25 Outline Motivation: edge-side content processing/ generation in untrusted environments. Static content authenticity. Dynamic content authenticity. Related work. Approach: Peer Surveillance. Experimental Setup and Evaluation. Future directions onclusions
26 Experimental Setup Simulated surveillance via informers using arses Simulator. Abstracted: servers, content, crypto, topology. Request stats based on a Kika microbenchmarks and oral daily usage. Adversary: memoryless Questions asked: How much damage (corrupt responses) before removed from the system? How fast can we detect and remove the adversary?
27 Results (parameter testing) Setup: Planetlab (630 nodes), Princeton adversarial (3%), 1 out of 10 clients informs (p=0.1). Tested damage before caught Aggressive vs Silent Adversary ormal vs Loaded lient Traffic Zealous vs Unconcerned informers
28 Aggressive vs Silent Adversary Using normal traffic 600 reqs/s Aggressive (corrupt all) -> 788 responses. 80 if p=1.0 Silent (corrupt 1 out of 100) -> 482 responses. 78 if p=1.0. Detection-removal interval same for both Aggressive better. Packs more.
29 ormal vs Loaded traffic Using aggressive adversary ormal (600 req/s) -> 881 responses. Semi-loaded (50x = 30K req/s) -> 1736 responses. Loaded (100x = 60K req/s) -> 2817 responses. (saturates) High traffic insignificant effect.
30 Zealous vs Unconcerned Zealous vs Unconcerned informers (aggressive, normal traffic): Zealous (p = 100%) -> 94 oncerned (p = 10%) -> 761 (about 1 order from p=100%) Unconcerned (p = 1%) -> 7147 (about 2 orders from p=100%) Inform probability has proportional effects.
31 Results (scenarios) Setup: ormal Traffic, aggressive, p=10%. Planetlab, conflicting political interests (50%): leaned in minutes (24K corrupted). Akamai (10K nodes), one ISP gone bad (3%): leaned in about 5-8 sec (15K corrupted). Planetlab, attack by very large botnet (10K): leaned in about 2 hours (4.3M corrupted).
32 Future Directions Implement in a Kika. May need verification fault tolerance in practice. Response equivalence through statistical similarity (like spam) Ensuring authenticity does not ensure correctness. How do we detect passive aggressive behavior? E.g., too many 404 errors, denying access to URLs...
33 Future Directions Working with a semi-trusted client environment. Some stats: oral serves up to 2 million clients/day. Botnet reports mention armies of not more than 50K hosts. Use > 5% of clients as informers verify by voting avoid total client buy-in Simulate
34 onclusions Surveillance problem an solve with small TB with verifiers and informers. Using informers requires proving nonadversarial behavior under the watchful eye of your peers. Protect honest -> accountability -> total client buy-in (limitation). Scales. Even if small ratio of informers, the adversary is caught very fast.
35 THE ED
Na Kika: Secure Service Execution and Composition in an Open Edge-Side Computing Network
Na Kika: Secure Service Execution and Composition in an Open Edge-Side Computing Network Robert Grimm, Guy Lichtman, Nikolaos Michalakis Amos Elliston, Adam Kravetz, Jonathan Miller, Sajid Raza New York
More informationCS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module
CS 665: Computer System Security Network Security Bojan Cukic Lane Department of Computer Science and Electrical Engineering West Virginia University 1 Usage environment Anonymity Automation, minimal human
More informationNa Kika: Secure Service Execution and Composition in an Open Edge-Side Computing Network
Na Kika: Secure Service Execution and Composition in an Open Edge-Side Computing Network Robert Grimm, Guy Lichtman, Nikolaos Michalakis Amos Elliston, Adam Kravetz, Jonathan Miller, Sajid Raza New York
More informationReliable Client Accounting for P2P-Infrastructure Hybrids
Reliable Client Accounting for P2P-Infrastructure Hybrids Paarijaat Aditya, Ming-Chen Zhao, Yin Lin *, Andreas Haeberlen, Peter Druschel, Bruce Maggs *, Bill Wishon Max Planck Institute for Software Systems
More informationEECS 588: Computer and Network Security. Introduction January 14, 2014
EECS 588: Computer and Network Security Introduction January 14, 2014 Today s Class Welcome! Goals for the course Topics, what interests you? Introduction to security research Components of your grade
More informationEECS 588: Computer and Network Security. Introduction
EECS 588: Computer and Network Security Introduction January 13, 2014 Today s Cass Class Welcome! Goals for the course Topics, what interests you? Introduction to security research Components of your grade
More informationOutline. 15-744: Computer Networking. Narrow Waist of the Internet Key to its Success. NSF Future Internet Architecture
Outline 15-744: Computer Networking L-15 Future Internet Architecture 2 Motivation and discussion Some proposals: CCN Nebula Mobility First XIA XIA overview AIP Scion 2 NSF Future Internet Architecture
More informationProxychain: Developing a Robust and Efficient Authentication Infrastructure for Carrier-Scale VoIP Networks. Italo Dacosta and Patrick Traynor
Proxychain: Developing a Robust and Efficient Authentication Infrastructure for Carrier-Scale VoIP Networks Italo Dacosta and Patrick Traynor Performance, Scalability and Security Finding the right balance
More informationComputer and Network Security
EECS 588 Computer and Network Security Introduction January 12, 2016 Alex Halderman Today s Class Welcome! Goals for the course Topics, what interests you? Introduction to security research Components
More informationFault-Tolerant Framework for Load Balancing System
Fault-Tolerant Framework for Load Balancing System Y. K. LIU, L.M. CHENG, L.L.CHENG Department of Electronic Engineering City University of Hong Kong Tat Chee Avenue, Kowloon, Hong Kong SAR HONG KONG Abstract:
More informationHow To Ensure Correctness Of Data In The Cloud
Ensuring Data Storage Security in Cloud Computing ABSTRACT Cloud computing has been envisioned as the next-generation architecture of IT enterprise. In contrast to traditional solutions, where the IT services
More informationSecurity for Ubiquitous and Adhoc Networks
Security for Ubiquitous and Adhoc Networks Mobile Adhoc Networks Collection of nodes that do not rely on a predefined infrastructure Adhoc networks can be formed merged together partitioned to separate
More informationTELE 301 Network Management. Lecture 17: File Transfer & Web Caching
TELE 301 Network Management Lecture 17: File Transfer & Web Caching Haibo Zhang Computer Science, University of Otago TELE301 Lecture 17: File Transfer & Web Caching 1 Today s Focus FTP & Web Caching!
More informationVIDEO Intypedia013en LESSON 13: DNS SECURITY. AUTHOR: Javier Osuna García-Malo de Molina. GMV Head of Security and Process Consulting Division
VIDEO Intypedia013en LESSON 13: DNS SECURITY AUTHOR: Javier Osuna García-Malo de Molina GMV Head of Security and Process Consulting Division Welcome to Intypedia. In this lesson we will study the DNS domain
More informationFirewalls P+S Linux Router & Firewall 2013
Firewalls P+S Linux Router & Firewall 2013 Firewall Techniques What is a firewall? A firewall is a hardware or software device which is configured to permit, deny, or proxy data through a computer network
More informationQ: Why security protocols?
Security Protocols Q: Why security protocols? Alice Bob A: To allow reliable communication over an untrusted channel (eg. Internet) 2 Security Protocols are out there Confidentiality Authentication Example:
More informationBit Chat: A Peer-to-Peer Instant Messenger
Bit Chat: A Peer-to-Peer Instant Messenger Shreyas Zare shreyas@technitium.com https://technitium.com December 20, 2015 Abstract. Bit Chat is a peer-to-peer instant messaging concept, allowing one-to-one
More informationPacket Level Authentication Overview
Packet Level Authentication Overview Dmitrij Lagutin, Dmitrij.Lagutin@hiit.fi Helsinki Institute for Information Technology HIIT Aalto University School of Science and Technology Contents Introduction
More informationREMOTE ASSISTANCE SOLUTIONS Private Server
REMOTE ASSISTANCE SOLUTIONS Private Server UBIQUITY components Control Center: client on the remote assistance PC Ubiquity Runtime: software installed on the remote device Ubiquity Server Infrastructure:
More information1. Comments on reviews a. Need to avoid just summarizing web page asks you for:
1. Comments on reviews a. Need to avoid just summarizing web page asks you for: i. A one or two sentence summary of the paper ii. A description of the problem they were trying to solve iii. A summary of
More informationDoS: Attack and Defense
DoS: Attack and Defense Vincent Tai Sayantan Sengupta COEN 233 Term Project Prof. M. Wang 1 Table of Contents 1. Introduction 4 1.1. Objective 1.2. Problem 1.3. Relation to the class 1.4. Other approaches
More informationLASTLINE WHITEPAPER. Using Passive DNS Analysis to Automatically Detect Malicious Domains
LASTLINE WHITEPAPER Using Passive DNS Analysis to Automatically Detect Malicious Domains Abstract The domain name service (DNS) plays an important role in the operation of the Internet, providing a two-way
More informationActive Directory Services with Windows Server MOC 10969
Active Directory Services with Windows Server MOC 10969 Course Outline Module 1: Overview of Access and Information Protection This module explains Access and Information Protection (AIP) solutions from
More informationLIST OF FIGURES. Figure No. Caption Page No.
LIST OF FIGURES Figure No. Caption Page No. Figure 1.1 A Cellular Network.. 2 Figure 1.2 A Mobile Ad hoc Network... 2 Figure 1.3 Classifications of Threats. 10 Figure 1.4 Classification of Different QoS
More informationBasheer Al-Duwairi Jordan University of Science & Technology
Basheer Al-Duwairi Jordan University of Science & Technology Outline Examples of using network measurements /monitoring Example 1: fast flux detection Example 2: DDoS mitigation as a service Future trends
More informationActive Directory Services with Windows Server
Course 10969B: Active Directory Services with Windows Server Course Details Course Outline Module 1: Overview of Access and Information Protection This module provides an overview of multiple Access and
More information20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7
20-CS-6053-00X Network Security Spring, 2014 An Introduction To Network Security Week 1 January 7 Attacks Criminal: fraud, scams, destruction; IP, ID, brand theft Privacy: surveillance, databases, traffic
More informationInternet Banking Attacks. Karel Miko, CISA DCIT, a.s. (Prague, Czech Republic) miko@dcit.cz
Internet Banking Attacks Karel Miko, CISA DCIT, a.s. (Prague, Czech Republic) miko@dcit.cz Contents Agenda Internet banking today The most common attack vectors The possible countermeasures What protection
More informationAppendix A. X-Bone Surety Assessment Report. Developer Architectures and Application Screenshots ISI X-Bone Software Architecture Diagram.
Appendix A Developer Architectures and Application Screenshots ISI Software Architecture Diagram Figure 6 April, 2003 25 ISI Communications Architecture Appendix A con t Figure 7 ISI GUI Control Page Figure
More informationOpportunistic Security
Opportunistic Security Increasing the cost of mass surveillance without fixing everything Daniel Kahn Gillmor ACLU April 2014 Daniel Kahn Gillmor (ACLU) Opportunistic Security April 2014 1 / 21 Networked
More informationHow to Configure Web Authentication on a ProCurve Switch
An HP ProCurve Networking Application Note How to Configure Web Authentication on a ProCurve Switch Contents 1. Introduction... 2 2. Prerequisites... 2 3. Network diagram... 2 4. Configuring the ProCurve
More informationVulnerabilities of Intrusion Detection Systems in Mobile Ad-hoc Networks - The routing problem
Vulnerabilities of Intrusion Detection Systems in Mobile Ad-hoc Networks - The routing problem Ernesto Jiménez Caballero Helsinki University of Technology erjica@gmail.com Abstract intrusion detection
More informationArchitecture and Data Flow Overview. BlackBerry Enterprise Service 10 721-08877-123 Version: 10.2. Quick Reference
Architecture and Data Flow Overview BlackBerry Enterprise Service 10 721-08877-123 Version: Quick Reference Published: 2013-11-28 SWD-20131128130321045 Contents Key components of BlackBerry Enterprise
More informationDDOS in academic Networks. Herramientas para la seguridad prevención y mitigación de DDOS. CSUC. 3 de Abril 2014
DDOS in academic Networks Herramientas para la seguridad prevención y mitigación de DDOS. CSUC. 3 de Abril 2014 Academic networks? Real Target for DDOS? Lesson learned; DDOS @RedIRIS Mitigation Projects
More informationInformation Security Basic Concepts
Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,
More informationActive ISP Involvement in Content-Centric Future Internet. 2013.01.23 Eugene Kim
Active ISP Involvement in Content-Centric Future Internet 2013.01.23 Eugene Kim 1 4th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2011 Paris, France, February 7-10, 2011.
More informationLecture 3: Scaling by Load Balancing 1. Comments on reviews i. 2. Topic 1: Scalability a. QUESTION: What are problems? i. These papers look at
Lecture 3: Scaling by Load Balancing 1. Comments on reviews i. 2. Topic 1: Scalability a. QUESTION: What are problems? i. These papers look at distributing load b. QUESTION: What is the context? i. How
More informationProxies. Chapter 4. Network & Security Gildas Avoine
Proxies Chapter 4 Network & Security Gildas Avoine SUMMARY OF CHAPTER 4 Generalities Forward Proxies Reverse Proxies Open Proxies Conclusion GENERALITIES Generalities Forward Proxies Reverse Proxies Open
More informationOVERVIEW OF TYPICAL WINDOWS SERVER ROLES
OVERVIEW OF TYPICAL WINDOWS SERVER ROLES Before you start Objectives: learn about common server roles which can be used in Windows environment. Prerequisites: no prerequisites. Key terms: network, server,
More informationCHAPTER 1 INTRODUCTION
21 CHAPTER 1 INTRODUCTION 1.1 PREAMBLE Wireless ad-hoc network is an autonomous system of wireless nodes connected by wireless links. Wireless ad-hoc network provides a communication over the shared wireless
More informationWhose IP Is It Anyways: Tales of IP Reputation Failures
Whose IP Is It Anyways: Tales of IP Reputation Failures SESSION ID: SPO-T07 Michael Hamelin Lead X-Force Security Architect IBM Security Systems @HackerJoe What is reputation? 2 House banners tell a story
More informationLOAD BALANCING AS A STRATEGY LEARNING TASK
LOAD BALANCING AS A STRATEGY LEARNING TASK 1 K.KUNGUMARAJ, 2 T.RAVICHANDRAN 1 Research Scholar, Karpagam University, Coimbatore 21. 2 Principal, Hindusthan Institute of Technology, Coimbatore 32. ABSTRACT
More informationBitmessage: A Peer to Peer Message Authentication and Delivery System
Bitmessage: A Peer to Peer Message Authentication and Delivery System Jonathan Warren jonathan@bitmessage.org www.bitmessage.org November 27, 2012 Abstract. We propose a system that allows users to securely
More informationUsing a VPN with CentraLine AX Systems
Using a VPN with CentraLine AX Systems User Guide TABLE OF CONTENTS Introduction 2 What Is a VPN? 2 Why Use a VPN? 2 How Can I Set Up a VPN? 2 Important 2 Network Diagrams 2 Network Set-Up with a VPN 2
More informationChapter 8 Security Pt 2
Chapter 8 Security Pt 2 IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross,
More informationAriadne A Secure On-Demand Routing Protocol for Ad-Hoc Networks
Ariadne A Secure On-Demand Routing Protocol for Ad-Hoc Networks Authors: Yih-Chun Hu, Adrian Perrig, David B Johnson Presenter: Sameer Korrapati Date: 4/21/2003 Overview of presentation Introduction :
More informationCase Study for Layer 3 Authentication and Encryption
CHAPTER 2 Case Study for Layer 3 Authentication and Encryption This chapter explains the basic tasks for configuring a multi-service, extranet Virtual Private Network (VPN) between a Cisco Secure VPN Client
More informationHow to configure HTTPS proxying in Zorp 5
How to configure HTTPS proxying in Zorp 5 June 24, 2014 This tutorial describes how to configure Zorp to proxy HTTPS traffic Copyright 1996-2014 BalaBit IT Security Ltd. Table of Contents 1. Preface...
More informationA Secure & Efficient Data Integrity Model to establish trust in cloud computing using TPA
A Secure & Efficient Data Integrity Model to establish trust in cloud computing using TPA Mr.Mahesh S.Giri Department of Computer Science & Engineering Technocrats Institute of Technology Bhopal, India
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 1 September 2, 2015 CPSC 467, Lecture 1 1/13 Protecting Information Information security Security principles Crypto as a security
More informationZscaler Internet Security Frequently Asked Questions
Zscaler Internet Security Frequently Asked Questions 1 Technical FAQ PRODUCT LICENSING & PRICING How is Zscaler Internet Security Zscaler Internet Security is licensed on number of Cradlepoint devices
More informationLoad balancing as a strategy learning task
Scholarly Journal of Scientific Research and Essay (SJSRE) Vol. 1(2), pp. 30-34, April 2012 Available online at http:// www.scholarly-journals.com/sjsre ISSN 2315-6163 2012 Scholarly-Journals Review Load
More informationEnhancements for Distributed Certificate Authority Approaches for Mobile Wireless Ad Hoc Networks
SAND REPORT SAND2003-4395 Unlimited Release Printed December 2003 Enhancements for Distributed Certificate Authority Approaches for Mobile Wireless Ad Hoc Networks William Erik Anderson, John T. Michalski
More informationUsing etoken for Securing E-mails Using Outlook and Outlook Express
Using etoken for Securing E-mails Using Outlook and Outlook Express Lesson 15 April 2004 etoken Certification Course Securing Email Using Certificates Unprotected emails can be easily read and/or altered
More informationF-Secure Internet Security 2014 Data Transfer Declaration
F-Secure Internet Security 2014 Data Transfer Declaration The product s impact on privacy and bandwidth usage F-Secure Corporation April 15 th 2014 Table of Contents Version history... 3 Abstract... 3
More informationInternet of Things... Let's Not Forget Security Please!
Internet of Things... Let's Not Forget Security Please! Distinguished Engineer Cisco @evyncke Eric Vyncke 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 1 2014 Cisco and/or its affiliates.
More informationSecurity in Structured P2P Systems
P2P Systems, Security and Overlays Presented by Vishal thanks to Dan Rubenstein Columbia University 1 Security in Structured P2P Systems Structured Systems assume all nodes behave Position themselves in
More informationComparison of Various Passive Distributed Denial of Service Attack in Mobile Adhoc Networks
Comparison of Various Passive Distributed Denial of Service in Mobile Adhoc Networks YOGESH CHABA #, YUDHVIR SINGH, PRABHA RANI Department of Computer Science & Engineering GJ University of Science & Technology,
More informationHigh-speed cryptography and DNSCurve. D. J. Bernstein University of Illinois at Chicago
High-speed cryptography and DNSCurve D. J. Bernstein University of Illinois at Chicago Stealing Internet mail: easy! Given a mail message: Your mail software sends a DNS request, receives a server address,
More informationSSM6437 DESIGNING A WINDOWS SERVER 2008 APPLICATIONS INFRASTRUCTURE
SSM6437 DESIGNING A WINDOWS SERVER 2008 APPLICATIONS INFRASTRUCTURE Duration 5 Days Course Outline Module 1: Designing IIS Web Farms The students will learn the process of designing IIS Web Farms with
More informationDistributed Systems. 23. Content Delivery Networks (CDN) Paul Krzyzanowski. Rutgers University. Fall 2015
Distributed Systems 23. Content Delivery Networks (CDN) Paul Krzyzanowski Rutgers University Fall 2015 November 17, 2015 2014-2015 Paul Krzyzanowski 1 Motivation Serving web content from one location presents
More informationSecuring Card-Not-Present Transactions through EMV Authentication. Matthew Carter and Brienne Douglas December 18, 2015
Securing Card-Not-Present Transactions through EMV Authentication Matthew Carter and Brienne Douglas December 18, 2015 Outline Problem Card-Not-Present (CNP) vs. PayPal EMV Technology EMV CNP Experiment
More informationCourse 10969 Active Directory Services with Windows Server
P a g e 1 of 11 Course 10969 Active Directory Services with Windows Server Introduction Get hands-on instruction and practice administering Active Directory technologies in Windows Server 2012 and Windows
More informationActive Directory Services with Windows Server 10969B; 5 days, Instructor-led
Active Directory Services with Windows Server 10969B; 5 days, Instructor-led Course Description Get hands on instruction and practice administering Active Directory technologies in Windows Server 2012
More informationRequest Routing, Load-Balancing and Fault- Tolerance Solution - MediaDNS
White paper Request Routing, Load-Balancing and Fault- Tolerance Solution - MediaDNS June 2001 Response in Global Environment Simply by connecting to the Internet, local businesses transform themselves
More information安 瑞 科 技 物 聯 網 對 應 用 交 付 器 (ADC) 的 需 求 及 應 用 實 例 徐 乃 丁 博 士 研 發 副 總 裁 / 技 術 長
安 瑞 科 技 物 聯 網 對 應 用 交 付 器 (ADC) 的 需 求 及 應 用 實 例 徐 乃 丁 博 士 研 發 副 總 裁 / 技 術 長 Internet of Things needs Application Delivery Controller (ADC) But Internet of Things demands a new class of networking equipment,
More informationPlain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75
Plain English Guide To Common Criteria Requirements In The Field Device Protection Profile Version 0.75 Prepared For: Process Control Security Requirements Forum (PCSRF) Prepared By: Digital Bond, Inc.
More informationCHAPTER 4 PERFORMANCE ANALYSIS OF CDN IN ACADEMICS
CHAPTER 4 PERFORMANCE ANALYSIS OF CDN IN ACADEMICS The web content providers sharing the content over the Internet during the past did not bother about the users, especially in terms of response time,
More informationUsage of OPNET IT tool to Simulate and Test the Security of Cloud under varying Firewall conditions
Usage of OPNET IT tool to Simulate and Test the Security of Cloud under varying Firewall conditions GRADUATE PROJECT REPORT Submitted to the Faculty of The School of Engineering & Computing Sciences Texas
More informationReliable Client Accounting for P2P-Infrastructure Hybrids
Reliable Client Accounting for P2P-Infrastructure Hybrids Paarijaat Aditya Mingchen Zhao Yin Lin Andreas Haeberlen Peter Druschel Bruce Maggs Bill Wishon Max Planck Institute for Software Systems (MPI-SWS)
More informationSECURE MOBILE APP DEVELOPMENT: DIFFERENCES FROM TRADITIONAL APPROACH
SECURE MOBILE APP DEVELOPMENT: DIFFERENCES FROM TRADITIONAL APPROACH Suhas Desai Aujas Information Risk Services Session ID: MBS-T02 Session Classification: Intermediate Agenda Trends in Mobile Technology
More informationWireless Sensor Network Security. Seth A. Hellbusch CMPE 257
Wireless Sensor Network Security Seth A. Hellbusch CMPE 257 Wireless Sensor Networks (WSN) 2 The main characteristics of a WSN include: Power consumption constrains for nodes using batteries or energy
More informationIntelligent Content Delivery Network (CDN) The New Generation of High-Quality Network
White paper Intelligent Content Delivery Network (CDN) The New Generation of High-Quality Network July 2001 Executive Summary Rich media content like audio and video streaming over the Internet is becoming
More informationSecurity+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security Objectives List the different types of network security devices and explain how they can be used Define network
More informationA Framework for Secure and Verifiable Logging in Public Communication Networks
A Framework for Secure and Verifiable Logging in Public Communication Networks Vassilios Stathopoulos, Panayiotis Kotzanikolaou and Emmanouil Magkos {v.stathopoulos, p.kotzanikolaou}@adae.gr emagos@ionio.gr
More informationHow To Secure A Website With A Password Protected Login Process (Www.Siphone)
Preventing Spoofing, Phishing and Spamming by Secure Usability and Cryptography ICDCS 07/07/2006 Amir Herzberg Computer Science Department, Bar Ilan University http://amirherzberg.com 04/05/06 http://amirherzberg.com
More informationSPAMMING BOTNETS: SIGNATURES AND CHARACTERISTICS
SPAMMING BOTNETS: SIGNATURES AND CHARACTERISTICS INTRODUCTION BOTNETS IN SPAMMING WHAT IS AUTORE? FACING CHALLENGES? WE CAN SOLVE THEM METHODS TO DEAL WITH THAT CHALLENGES Extract URL string, source server
More informationQuality of Service and Denial of Service
Quality of Service and Denial of Service Stanislav Shalunov, Benjamin Teitelbaum ACM SIGCOMM RIPQOS Workshop, Karlsruhe, Germany, 2003-08-27 QoS Congestion Regulator Many factors might affect outcome of
More informationIntroduction to Computer Security Benoit Donnet Academic Year 2015-2016
Introduction to Computer Security Benoit Donnet Academic Year 2015-2016 1 Agenda Networking Chapter 1: Firewalls Chapter 2: Proxy Chapter 3: Intrusion Detection System Chapter 4: Network Attacks Chapter
More informationExperimentation driven traffic monitoring and engineering research
Experimentation driven traffic monitoring and engineering research Amir KRIFA (Amir.Krifa@sophia.inria.fr) 11/20/09 ECODE FP7 Project 1 Outline i. Future directions of Internet traffic monitoring and engineering
More informationWAN Optimization, Web Cache, Explicit Proxy, and WCCP. FortiOS Handbook v3 for FortiOS 4.0 MR3
WAN Optimization, Web Cache, Explicit Proxy, and WCCP FortiOS Handbook v3 for FortiOS 4.0 MR3 FortiOS Handbook WAN Optimization, Web Cache, Explicit Proxy, and WCCP v3 13 January 2012 01-433-96996-20120113
More informationConnecting Remote Offices by Setting Up VPN Tunnels
Connecting Remote Offices by Setting Up VPN Tunnels Cisco RV0xx Series Routers Overview As your business expands to additional sites, you need to ensure that all employees have access to the network resources
More informationMicrosoft 10969 - Active Directory Services with Windows Server
1800 ULEARN (853 276) www.ddls.com.au Microsoft 10969 - Active Directory Services with Windows Server Length 5 days Price $4070.00 (inc GST) Version B Overview Get hands-on instruction and practice administering
More informationIMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT
IMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT Roopa K. Panduranga Rao MV Dept of CS and Engg., Dept of IS and Engg., J.N.N College of Engineering, J.N.N College of Engineering,
More informationReal-Time Analysis of CDN in an Academic Institute: A Simulation Study
Journal of Algorithms & Computational Technology Vol. 6 No. 3 483 Real-Time Analysis of CDN in an Academic Institute: A Simulation Study N. Ramachandran * and P. Sivaprakasam + *Indian Institute of Management
More informationTema 5.- Seguridad. Problemas Soluciones
Tema 5.- Seguridad Problemas Soluciones Wireless medium is easy to snoop on Routing security vulnerabilities Due to ad hoc connectivity and mobility, it is hard to guarantee access to any particular node
More informationOverview... 1 Requirements... 1. Installing Roles and Features... 3. Creating SQL Server Database... 9 Setting Security Logins...
Contents CHAPTER 1 IMail Server using Failover Clustering Overview... 1 Requirements... 1 CHAPTER 2 IIS Installing Roles and Features... 3 CHAPTER 3 Configuring Storage Area Network Requirements... 5 Connecting
More informationSecure Communication in a Distributed System Using Identity Based Encryption
Secure Communication in a Distributed System Using Identity Based Encryption Tyron Stading IBM, Austin, Texas 78758, USA tjstadin@us.ibm.com Abstract Distributed systems require the ability to communicate
More informationGood Practice use of Outlook, Thunderbird and HORDE Webmail
Midwest Data, Inc. Good Practice use of Outlook, Thunderbird and HORDE Webmail This document is merely suggested setups and usage that in MDI s experience works best. For any questions please e-mail mdisupport@midwestdatainc.com.
More informationHosting more than one FortiOS instance on. VLANs. 1. Network topology
Hosting more than one FortiOS instance on a single FortiGate unit using VDOMs and VLANs 1. Network topology Use Virtual domains (VDOMs) to divide the FortiGate unit into two or more virtual instances of
More informationComputer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1
Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls CS426 Fall 2010/Lecture 36 1 Announcements There will be a quiz on Wed There will be a guest lecture on Friday, by Prof. Chris Clifton
More informationA very short history of networking
A New vision for network architecture David Clark M.I.T. Laboratory for Computer Science September, 2002 V3.0 Abstract This is a proposal for a long-term program in network research, consistent with the
More informationSecurity IIS Service Lesson 6
Security IIS Service Lesson 6 Skills Matrix Technology Skill Objective Domain Objective # Configuring Certificates Configure SSL security 3.6 Assigning Standard and Special NTFS Permissions Enabling and
More informationOAuth: Where are we going?
OAuth: Where are we going? What is OAuth? OAuth and CSRF Redirection Token Reuse OAuth Grant Types 1 OAuth v1 and v2 "OAuth 2.0 at the hand of a developer with deep understanding of web security will likely
More informationCourse 10969A Active Directory Services with Windows Server
Course 10969A Active Directory Services with Windows Server OVERVIEW About this Course Get hands-on instruction and practice administering Active Directory technologies in Windows Server 2012 and Windows
More informationCompTIA Security+ (Exam SY0-410)
CompTIA Security+ (Exam SY0-410) Length: Location: Language(s): Audience(s): Level: Vendor: Type: Delivery Method: 5 Days 182, Broadway, Newmarket, Auckland English, Entry Level IT Professionals Intermediate
More informationWeb Application Attacks and Countermeasures: Case Studies from Financial Systems
Web Application Attacks and Countermeasures: Case Studies from Financial Systems Dr. Michael Liu, CISSP, Senior Application Security Consultant, HSBC Inc Overview Information Security Briefing Web Applications
More informationSecurity challenges for internet technologies on mobile devices
Security challenges for internet technologies on mobile devices - Geir Olsen [geiro@microsoft.com], Senior Program Manager for Security Windows Mobile, Microsoft Corp. - Anil Dhawan [anild@microsoft.com],
More informationHow to configure HTTPS proxying in Zorp 6
How to configure HTTPS proxying in Zorp 6 April 17, 2015 Abstract This tutorial describes how to configure Zorp to proxy HTTPS traffic Copyright 1996-2015 BalaBit IT Security Ltd. Table of Contents 1.
More information