Secure Networking Using Mobile IP

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Secure Networking Using Mobile IP"

Transcription

1 Secure Networking Using Mobile IP Alexandros Karakos and Konstantinos Siozios Democritus University of Thrace eepartment of Electrical and Computer Engineering GR Xanthi, GREECE Abstract. The increasing number of portable computers, combined with the requirement of non-stop connections to networks (Internet/Intranet), makes the provision of Internet mobility by Mobile IP important. The goal of Mobile IP protocol is to allow a Mobile host to send and receive packets, regardless of its current point of attachment to the Internet as well as to maintain communicative associations (such as TCP connections), even if the point of attachment changes during them. In order to meet these goals of location transparency and connection durability, each Mobile host has a permanent Home IP address that does not change. This static IP address enables conventional Internet hosts, which are unaware of mobility issues, to communicate with the Mobile host. 1 Introduction Nowadays networks are as closer to everyone as they have never been in the past, due to the dramatic increase of the available network bandwidth. Obviously, this situation makes the need of developing new techniques for computer connectivity crucial. The most important of them is the ability of a Mobile host,i.e. a host that can changes its physical location, to connect to different networks, without the need of making any manual change at the network settings. 1.1 System Goals The primary objective of our implementation of the Mobile IP protocol is to design a transparent protocol for the users, as they move from a network to another. In other words, it should not be required from the user to make manually any changes to the network configuration, so that the movement would not to affect the way that the Mobile host uses the network services. We also aim at some practical goals, less visible to the user. The protocol should provide security, as well as it should not limit the number of active Mobile hosts. Furthermore, there will be no change in existing IP routers or non-mobile hosts, although changes to the later are supposed to increase the efficiency. 1.2 Related Work Recently, many universities and companies all over the world have implemented the Mobile IP protocol for educational, and commercial purposes in a variety of operating systems, i.e., Linux, FreeBSD, Solaris, IOS and Microsoft Windows.

2 The various implementation differ in at least three areas. First of all in the way the Home Agent determines where the Mobile host is attached. Also, in the way an ordinary host sends data directly to the Mobile host s current point of attachment, avoiding the wasteful trip through the Home Agent. And finally, in the way the two previous mechanisms interact when the Mobile Host is moving to a new network. Apart from these differences, all these implementations are very interesting and have usefully features. In our opinion, the implementation of Mobile IP protocol designed at Stanford University (see is the most interesting of all known implementations the authors are aware of. This implementation allows the Mobile host to dynamically choose the level of mobility. that is desired for the different traffic flows. The implementation of Lancaster University (see lancs.ac.uk/mobileip/). is able to work without any problem with the IPv4 and IPv6. Furthermore, it includes the appropriate software for demonstrating real time Mobile applications with IPv6. The Sun Microsystems implementation is also very interesting, as it can work both in Solaris (running either on SPARC workstations or an Intel processors) and Linux systems (see Last but not the least, Ecutel (see their web site at faq.htm) has designed a system that provides dynamic IP routing, dynamic registration, IP forwarding, IP encapsulation, encryption, authentication, firewall and access control. 2 How Classic Mobile IP Works A classical IP router makes connections among networks by forwarding packets from a source to a destination endpoint according to the routing table. Such a table usually maintains the next-hop information for each destination IP address. INTERNET CORRESPONDENT HOST (S) DIRECT ROUTING HOME AGENT (HA) FOREIGN AGENT 1 (FA1) MOBILE HOST (MH) Fig. 1. How a Mobile host communicates when it is away from its Home network. For this reason, the Mobile host in order to maintain transparent-layer connections while it changes its physical location, it has to keep the same IP address (Home IP address). This Home IP address could be a private or a registered IP and makes the Mobile host appear, as if is constantly able to receive data on its Home network.

3 When a Mobile host attached a Foreign network, a new address (care-of address) is assigned to it [2]. Usually the care-of address is a private IP address and changes whenever the Mobile host moves to a new network, in order to save registered IP s. In this case, the Mobile host has two IP addresses, a registered and a private one. Figure 1 illustrates the basic architecture of the Mobile IP protocol. Here the Home and the Foreign Agent belongs to different networks and they are responsible for providing mobility extensions to the Mobile host. The Mobile host is a computer that has a registered IP address at the Home network, where the Home Agent is also located, but now it is connected to Internet through Foreign Agent [9]. When the Correspondent host (S) sends for the first time a packet to the Mobile host, it does not know if the destination host is stationary or not. So, it uses simple IP routing to forward the packet to the Mobile s host Home network, where it is received from the Home Agent. Then the Home Agent in turn, checks the packet to find out if the host with this target IP address is currently attached to this network or not. If the destination host is a local host, the packet is delivered to it through classic IP routing. Otherwise, the Home Agent uses IP in IP encapsulation in order to tunnel [8, 7], the packet at the network to which the Mobile host is currently attached. There, the packet is received from the Foreign Agent and after its decapsulation, is delivered to the Mobile host. This indirect routing through the Home Agent causes unnecessary overhead to the network sources. On the other hand, when the Mobile host sends a packet, in most cases it uses normal IP routing to forward it directly to its destination, without first bypassing the Mobile s host Home network. 3 Routing Optimization To overcome the problem of indirect routing, networks that support the Mobile IP must be able to perform Routing Optimization [5]. With this technique, when the Correspondent host (S), sends for the first time a packet addressed to the Mobile host, the packet is delivered by the way that described above. Then, the Home Agent informs the Correspondent host (S) about the Mobile host s current point of attachment, in order to send future packets directly to the network that the Mobile host is connected, without bypass the Home Agent. Figure 2 illustrates what happens when the Mobile host moves from one network with (FA1) to another with (FA2). In that case, in order to keep the connections alive, the (FA1) has to forward the incoming packets from (S) to (FA2), where the Mobile host is currently attached. At the same time the (FA1), informs the Home Agent about the Mobile host s movement to the new network [1]. Next, the Home Agent sends a message to the (S) that informs it about the change that happened, so that the last one will be able to send future packets addressed to the Mobile host, directly to its new point of attachment. After that, the network returns to a stable state again. This forwarding technique is working properly when all the networks belong to the same administrative domain, so that the connections to be trusted. But in real world, Mobile IP has to work in an environment of independent networks, protected by firewalls. This means, that some packets may not be delivered [4], even among

4 INTERNET CORRESPONDENT HOST (S) FOREIGN AGENT 1 (FA1) DIRECT ROUTING HOME AGENT (HA) FOREIGN AGENT 2 (FA2) MOBILE HOST (MH) Fig. 2. What happens when the Mobile host change its point of attachment. Agents (for example between Home and Foreign Agent) due to the firewall policy, which discards the connections. In this case, a possible solution is shown in figure 3. INTERNET CORRESPONDENT HOST (S) FOREIGN AGENT 1 (FA1) DIRECT ROUTING HOME AGENT (HA) FOREIGN AGENT 2 (FA2) MOBILE HOST (MH) Fig. 3. What happens when Foreign Agent (FA1) is not able to communicate with Foreign Agent (FA2). When the Mobile host move s to a new network, the (FA1) either does not know where the Mobile host is now attached, or it can not forward the packet to that network. So, in order not to discard the connection, it sends the packet to the Home network, where the Home Agent after looking up its database, finds out the new network where the Mobile host is now attached and forwards the packet directly there. In addition to that, the Home Agent informs and the (S) about the new point of attachment of the Mobile host. 4 Central Administrative Server Most of the problems that described above could be prevented by using the Central Administrative Server (CAS), which uses a database for tracking some critical information about the hosts that are involved in the Mobile IP protocol (Home and Foreign Agents, Mobile hosts, e.t.c.). Thus, it tracks the ethernet hardware address (MAC address), the PIN code, and the IP of the Mobile host at Home and at Foreign network

5 as well as the current point of attachment for any Mobile host. Moreover, the CAS would keep a log-file of the connections (successful or not) of the Mobile hosts. This logfile will also include information about attacks from or to every host (Mobile or immovable). Finally, it would keep some statistics about the connections. For example, duration, data speed transmission (upload and download) and how often the Mobile host changes its point of attachment. By using this information, the CAS is able to improve the mechanisms for routing optimization and security, compared with the classical Mobile IP protocol. This is possible, because the network administrators have all the necessary data in order to protect their system in the best possible way. The whole system also works properly at a local network which is not even connected to the Internet. To implement it, one of the hosts of the local network acts as the CAS, serving the whole network (and all the subnetworks). However, it is even better to have more than one CAS, that mirrors each other in order the system to be more reliable. As an extension of the Mobile IP protocol, any Mobile host could represent a Mobile Network, which in turn serves many Mobile hosts. 5 Improving Dynamic Registration When a Mobile host moves to a new location, it has first of all to determine if the network supports the Mobile IP protocol. The most common way to find this out is to broadcast an encrypted hello message. Unfortunately, this action may not be permitted to anyone, as if any host will be able to send broadcast messages to the whole network without any control, then it would put the system into a security risk. To overcome this problem, when the Mobile host is connected to a new network a temporary special IP address is assigned to it, for a very small time period. With this IP, the Mobile host sends the encrypted hello message directly to the CAS, acknowledging that it has been connected to a new network. When the CAS receives the acknowledge, it tries to find an appropriate IP for the Mobile host. In the next paragraph we describe how the remote network assign the IP to our Mobile host. Firstly, the CAS checks its database to find out if the Mobile host has access to that Foreign network. This check is based on the hardware address of the Mobile host s ethernet card as well as on the Mobile s host encryption key. The key is an encrypted message that differs from host to host and is described briefly bellow. There is a possibility for this key not to be valid. This occurs when the Mobile host has no access to the system, i.e. it has not a key, and tries to get access by using a random or a stolen key. When the CAS face such a case, it blocks the access to that Mobile host (specific MAC address) and updates its database about this attack. If the database contains two (or more) records pointing to different hosts but with the same MAC address or encryption key, then this means that one of the records is not true. The CAS, in order to protect the network, refuses immediately the connection to both Mobile hosts and requests from them to update their encryption keys. Then it informs all the Agents (Home and Foreign) that an attack from a specific Mobile host has been attempted. Moreover, it advises them not to provide access again to this host, until the CAS recalls the warning. At same time, it updates its database about

6 the attack and expects to receive a message with the new keys from the Mobile hosts. On the other hand, if the results of the check that made by the CAS are clear, the Foreign Agent is informed to grand access to the Mobile host. Of course, it makes sense that the Foreign network, and consequently the Foreign Agent, have its own security policy. This means that even though the Mobile host has granted access to the Foreign network by the CAS, it is possible this connection to be refused by the local firewall just because its own security police. In this case, the Foreign Agent informs the CAS about this refusal, so that if in the future this Mobile host tries to connect again to the same Foreign network, the access will be blocked directly from the CAS. If this policy rule changes, then a message is sent from the Foreign Agent to CAS in order to stop blocking the connection. If the previous step has been passed without a connection problem, the Foreign Agent gives an IP address to the Mobile host to use it as long as the host is connected to this network. When the Mobile host takes the new IP address, it sends a message to the CAS in order to update its database. Finally, the CAS informs the Home Agent of the Mobile host about where to forward future packets that are addressed to the specific Mobile host. 5.1 Handoff Mechanism Every Agent of the system (Home or Foreign) periodically sends an encrypted heartbeat message, which is received from all the hosts that are successfully connected to the same administrative domain. The use of this message is to determine if all the Mobile hosts are still connected to the same network. When a Mobile host receives such a message, it replies immediately with a new encrypted message that includes its identity and a timestamp. By the time this reply arrives to the Agent during a specific time period, the Agent recognizes that the Mobile host is still connected to the local network. If the Agent does not receive such a reply in a reasonable time span, it assumes that the Mobile host is still connected to the local network. This assumption is based on the fact that the Mobile host has not send any message to the Agent expressing its will to disconnect. Thus, the Agent expects another heartbeat message, to clarify the situation. If the Agent does not receive again a reply from the specific Mobile host, it informs the CAS to update its database, and to block the packets that are addressed to this Mobile host in order to reduce network load. On the other hand, when the Mobile host leaves its network to visit a new one, a message is sent from the Foreign Agent to the CAS, reporting that the Mobile host is disconnected from this network. At the same time, the Agent removes the route related to this Mobile host from its routing table. By receiving this message, the CAS updates its database and informs the Mobile s host Home Agent to block all the packets addressed to the Mobile host until it is connected again successfully to a new network (or to the same, if the Mobile host returns back). All the mechanism that takes place during the Mobile s host movement from a network to another is shown in figure 4.

7 INTERNET CORRESPONDENT HOST (S) CENTRAL ADMINISTRATIVE SERVER (CAS) DIRECT ROUTING HOME AGENT (HA) FOREIGN AGENT (FA) MOBILE HOST (MH) Fig. 4. The mechanism that take place when the Mobile host moves to a new network. 6 How CAS Improves Routing Optimization In this section we examine what happens when the host S wants to send a packet to the Mobile host. The host S probably does not know if the target host is immovable or mobile. It only knows the Mobile host s IP address at the Home network, so it send the packet there. When the Home Agent receives the packet, it contacts the CAS to find out if this host S is responsible for attacks to known networks. If the answer is affirmative, the CAS warns the Home Agent either to discard the connection or to monitor it. Otherwise, the packet tunneled to the Mobile host s current Foreign network. Next, the Home Agent informs the host S that the Mobile host has a new IP address, so that future packets will be sent directly to the Mobile host without first bypass the Home Agent. However, it is sometimes desirable for the Mobile host not to advertise its current point of attachment. For instance, the Mobile host may not want to receive packets that comes from a certain Corresponder host S. In this case, it sends a special encrypted message to the Foreign Agent informing it about this. The Agent with in turn first notifies the CAS to update its database about this choose and then informs the Home Agent, that when this host S sends again a packet to the Mobile host, the Home Agent not forward it. Also, the Home Agent should not inform any more the host S about the Mobile s host current point of attachment. Furthermore, this implementation of the Mobile IP protocol, if is supported in both the host S and the Foreign network, it could be used to help combined networks to handle situations of network congestion with the minimum cost for them. To achieve in this, the Foreign Agent should be able to make a decision about when the Foreign network is going to be in congestion. When something like this is going to happen, the correspond Agent informs the CAS to find out a backup network. This network should be close enough to the Foreign network and must support this extension of the Mobile IP protocol. When the CAS finds a backup network, informs the host S not to send packets to the congested network, but instead to forward them to the backup network. When the congestion is passed by, the packets moved from the backup network to the Mobile s host current point of attachment. Finally, when the Mobile host is at the Home network, it is important that its performance should be

8 approximately the same as if it was an immovable host. This ensures that the extensions of the Mobile IP protocol do not reduce the Home network performance. In this case, the Mobile host no longer needs to periodically re-register with its Home Agent and the Mobile host s routing table should be set for normal IP routing. 7 Tying System s Security First of all, it is common secret among security specialists that no computer system that is connected to the Internet can ever be completely secure, but it is usual to make it increasingly difficult for someone to compromise it. On the other hand, the more secure the whole system is, the more intrusive and hard to use it becomes. Systems such as kerberos can solve some of the security problems by providing privacy and authentication between applications at either end of the network. The aims of the CAS system are to maintain the Internet s current level of security for existing applications and help to prevent denial of service attacks on all applications, even those with end to end security [3]. 7.1 Key Management A common parameter for all the connections that transfer administrative messages is that they must be well encrypted, as they are the backbone of the whole system. The method of encryption may be based on a 1024-bit key algorithm like the MD5 one way hash function. This key, which will periodically change randomly when the TTL (Time To Live) expires, in addition to the ethernet MAC address and the PIN code, will assign every host (stationary or Mobile) that supports the Mobile IP protocol. The key of the encryption must be transparent to the Mobile host s user, as well as to the administrator of the Foreign Agent. Whenever this key changes, the CAS is informed through a special link, which is encrypted with the PIN code, in order to update its database. After the successful execution of the change key function, the Mobile host could use the new key to encrypt or decrypt messages. Despite the TTL expiration, when a Mobile host recognizes or is suspicious of someone else having learned the encryption key, it executes the change key function that is described above to generate a new key. The authentication and authorization of the Mobile host is done by a fixed PIN (Personal Identifier Number) code, which is an encrypted message that can not be changed by anyone. To increase the security, the PIN code is not transmitted through the network but it is assigned to the Mobile host during the Mobile IP protocol configuration. All the PIN codes are also stored in encrypted form in a database, located at the CAS. 7.2 Security Risks A possible security risk that might appear is when a Mobile host that has no admission to connect to a Foreign network, changes its ethernet card. Then probably the system will not be able to recognize this host any more. So, it can connect successfully at

9 any Foreign network without problems. But in this case, the PIN code can solve this security problem. As the Mobile host tries to connect to the Foreign network, the missing or incorrect PIN code will discard the connection. When such a case happens, the CAS is informed in order to block future attempts from this Mobile host with the new ethernet hardware address (MAC) [10]. However, a valid Mobile host has the opportunity to change its ethernet card without any problems. In this case, if the authentication is based only on the ethernet s hardware address (MAC), then the host would not be able to communicate any more with other computers because the new MAC would not be known at the CAS. Due to this, a special function that informs the Foreign Agent and the CAS securely about the ethernet change, is executed. The encryption used for those messages could be based on the Mobile host s PIN code. Another way to improve the system s security is to compare the logfiles from the CAS to them of any Agent. The most reasonable way for this, is the periodical logfile upload from any Foreign or Home Agent to the CAS. Then, a script running at the CAS will check and compare them to the local ones. Possible signs of system s attack may be found during this examination and the most common of them are the short, incomplete, missing logfiles, or even logfiles that contain strange timestamps. Moreover, records of starting or stopping services without reason and without first notify the CAS, as well as the access provision to a Mobile host without (or ignoring) the CAS advice is not something usual. It does not matter if the connections for the logfiles upload are slow, because the only data that are transmitted among them are administrative messages with small size. These connections may be implemented by Virtual Privates networks (VPNs) that are often used to connect securely two networks over the public Internet [6]. The timestamps that are attached to the administrative messages as reported above, consist of a critical point in the secure use of the Mobile IP protocol. Due to this, all the hosts that support the Mobile IP protocol should have the same time reference. This can be accomplished, if the CAS acts also as a timeserver. Then the Home and the Foreign Agent, as well as the Mobile host will periodically request from the CAS to send them each time in order to adjust their system clocks. Finally it is possible for security reasons not to permit Mobile hosts, when they are connected to a Foreign network, to have access to IP s that are blocked in their Home network. In order to manage this, the Home Agent informs the CAS about what connections are blocked for the specific Mobile host. So, when the Mobile host moves to a Foreign network, the Foreign Agent after finishing the algorithm for obtaining address, as described above, requests from the CAS to be informed about what connections of the Mobile host should be rejected. After receiving the reply from the CAS, it blocks that connection, simply by discarding them. 8 Future Work We plan to implement the ideas presented in this paper on a Linux box running kernel

10 9 Conclusion This implementation of the Mobile IP protocol has clearly some advantages over the classic one. The most important of them is the system s capability to reduce the system administrator s work load, without reducing the security standard. In other words, the scripts that run at CAS act as a super administrator who is authorized to protect all the networks. Moreover, the logfiles from the whole system are available to any network administrator, so that the protection is even better. On the other hand, at the classic Mobile IP protocol, any network has to protect itself alone, ignoring the experience of previous attacks to other networks. Acknowledgement We thank Apostolos Syropoulos for his valuable suggestions and comments. References 1. Stuart Cheshire and Mary Baker. Internet Mobility 4x4. In SIGCOMM 96, Also available from 2. Ralph Droms. Dynamic Host Configuration Protocol. RFC 1541 (available from http: //www.faqs.org/rfcs/rfc1541.html). 3. Kevin Fenzi. Linux security howto. Electronic document available from linux.com/howto/security-howto.html, S. Glass, T. Hiller, S. Jacobs, and C. Perkins. Mobile IP Authentication, Authorization and Accounting Requirements. Electronic document available from org/rfcs/rfc2977.html, David B. Johnson and David A. Maltz. Protocols for Adaptive Wireless and Mobile Networking. Electronic document available from johnson96protocols.html, S. Kent and R. Atkinson. Security Architecture for the Internet Protocol. RFC 2401 (available from G. Montenegro. Bi-directional Tunneling for Mobile IP. Electronic document available from txt, C. Perkins. IP Encapsulation within IP. RFC 2003 (available from org/rfcs/rfc2003.html), C. Perkins. IP Mobility Support. RFC 2002 (available from rfc2002.html), David C. Plummer. An Ethernet Address Resolution Protocol. RFC 826 (available from

Mobile IP. 10.1 The Requirements of Mobile IP CHAPTER 10. Adrian Farrel

Mobile IP. 10.1 The Requirements of Mobile IP CHAPTER 10. Adrian Farrel CHAPTER 10 Mobile IP Adrian Farrel Today s computers are smaller and more mobile than they once were. Processing power that used to take up a whole air-conditioned room can now be easily carried around

More information

Mobile IP. Bheemarjuna Reddy Tamma IIT Hyderabad. Source: Slides of Charlie Perkins and Geert Heijenk on Mobile IP

Mobile IP. Bheemarjuna Reddy Tamma IIT Hyderabad. Source: Slides of Charlie Perkins and Geert Heijenk on Mobile IP Mobile IP Bheemarjuna Reddy Tamma IIT Hyderabad Source: Slides of Charlie Perkins and Geert Heijenk on Mobile IP IP Refresher Mobile IP Basics 3 parts of Mobile IP: Outline Advertising Care-of Addresses

More information

6 Mobility Management

6 Mobility Management Politecnico di Milano Facoltà di Ingegneria dell Informazione 6 Mobility Management Reti Mobili Distribuite Prof. Antonio Capone Introduction Mobility management allows a terminal to change its point of

More information

Distributed Authentication Mechanism for Mobile IP Route Optimization

Distributed Authentication Mechanism for Mobile IP Route Optimization Distributed Authentication Mechanism for Mobile IP Route Optimization Neeraj Jaggi Department of ECSE Rensselaer Polytechnic Institute jaggin@rpi.edu Koushik Kar Department of ECSE Rensselaer Polytechnic

More information

Mobile IP and DHCP. Motivation for Mobile IP. Terminology

Mobile IP and DHCP. Motivation for Mobile IP. Terminology Motivation for Mobile IP Motivation transfer Encapsulation Security Mobile IP and DHCP Problems DHCP Dr. Ka-Cheong Leung CSIS 7304 The Wireless and Mobile Computing 1 Routing based on IP destination address,

More information

Virtual Private Networks

Virtual Private Networks Virtual Private Networks ECE 4886 Internetwork Security Dr. Henry Owen Definition Virtual Private Network VPN! Virtual separation in protocol provides a virtual network using no new hardware! Private communication

More information

RARP: Reverse Address Resolution Protocol

RARP: Reverse Address Resolution Protocol SFWR 4C03: Computer Networks and Computer Security January 19-22 2004 Lecturer: Kartik Krishnan Lectures 7-9 RARP: Reverse Address Resolution Protocol When a system with a local disk is bootstrapped it

More information

Security Considerations for Intrinsic Monitoring within IPv6 Networks: Work in Progress

Security Considerations for Intrinsic Monitoring within IPv6 Networks: Work in Progress Security Considerations for Intrinsic Monitoring within IPv6 Networks: Work in Progress Alan Davy and Lei Shi Telecommunication Software&Systems Group, Waterford Institute of Technology, Ireland adavy,lshi@tssg.org

More information

Internet Firewall CSIS 3230. Internet Firewall. Spring 2012 CSIS 4222. net13 1. Firewalls. Stateless Packet Filtering

Internet Firewall CSIS 3230. Internet Firewall. Spring 2012 CSIS 4222. net13 1. Firewalls. Stateless Packet Filtering Internet Firewall CSIS 3230 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 8.8: Packet filtering, firewalls, intrusion detection Ch

More information

Case Study for Layer 3 Authentication and Encryption

Case Study for Layer 3 Authentication and Encryption CHAPTER 2 Case Study for Layer 3 Authentication and Encryption This chapter explains the basic tasks for configuring a multi-service, extranet Virtual Private Network (VPN) between a Cisco Secure VPN Client

More information

IP and Mobility. Requirements to a Mobile IP. Terminology in Mobile IP

IP and Mobility. Requirements to a Mobile IP. Terminology in Mobile IP IP and Mobility Chapter 2 Technical Basics: Layer Methods for Medium Access: Layer 2 Chapter Wireless Networks: Bluetooth, WLAN, WirelessMAN, WirelessWAN Mobile Telecommunication Networks: GSM, GPRS, UMTS

More information

MPLS VPN in Cellular Mobile IPv6 Architectures(04##017)

MPLS VPN in Cellular Mobile IPv6 Architectures(04##017) MPLS VPN in Cellular Mobile IPv6 Architectures(04##017) Yao-Chung Chang, Han-Chieh Chao, K.M. Liu and T. G. Tsuei* Department of Electrical Engineering, National Dong Hwa University Hualien, Taiwan, Republic

More information

Lecture 10: Virtual LANs (VLAN) and Virtual Private Networks (VPN)

Lecture 10: Virtual LANs (VLAN) and Virtual Private Networks (VPN) Lecture 10: Virtual LANs (VLAN) and Virtual Private Networks (VPN) Prof. Shervin Shirmohammadi SITE, University of Ottawa Prof. Shervin Shirmohammadi CEG 4185 10-1 Virtual LANs Description: Group of devices

More information

Scalable Support for Transparent Mobile Host Internetworking

Scalable Support for Transparent Mobile Host Internetworking Scalable Support for Transparent Mobile Host Internetworking David B. Johnson Computer Science Department Carnegie Mellon University 5000 Forbes Avenue Pittsburgh, PA 15213-3891 dbj@cs.cmu.edu Abstract

More information

ICS 351: Today's plan

ICS 351: Today's plan ICS 351: Today's plan Quiz, on overall Internet function, linux and IOS commands, network monitoring, protocols IPv4 addresses: network part and host part address masks IP interface configuration IPv6

More information

VXLAN: Scaling Data Center Capacity. White Paper

VXLAN: Scaling Data Center Capacity. White Paper VXLAN: Scaling Data Center Capacity White Paper Virtual Extensible LAN (VXLAN) Overview This document provides an overview of how VXLAN works. It also provides criteria to help determine when and where

More information

ReadyNAS Remote White Paper. NETGEAR May 2010

ReadyNAS Remote White Paper. NETGEAR May 2010 ReadyNAS Remote White Paper NETGEAR May 2010 Table of Contents Overview... 3 Architecture... 3 Security... 4 Remote Firewall... 5 Performance... 5 Overview ReadyNAS Remote is a software application that

More information

Application Note. Onsight TeamLink And Firewall Detect v6.3

Application Note. Onsight TeamLink And Firewall Detect v6.3 Application Note Onsight And Firewall Detect v6.3 1 ONSIGHT TEAMLINK HTTPS TUNNELING SERVER... 3 1.1 Encapsulation... 3 1.2 Firewall Detect... 3 1.2.1 Firewall Detect Test Server Options:... 5 1.2.2 Firewall

More information

VPN s and Mobile Apps for Security Camera Systems: EyeSpyF-Xpert

VPN s and Mobile Apps for Security Camera Systems: EyeSpyF-Xpert VPN s and Mobile Apps for Security Camera Systems: EyeSpyF-Xpert Contents: 1.0 Introduction p2 1.1 Ok, what is the problem? p2 1.2 Port Forwarding and Edge based Solutions p2 1.3 What is a VPN? p2 1.4

More information

Network Security. by David G. Messerschmitt. Secure and Insecure Authentication. Security Flaws in Public Servers. Firewalls and Packet Filtering

Network Security. by David G. Messerschmitt. Secure and Insecure Authentication. Security Flaws in Public Servers. Firewalls and Packet Filtering Network Security by David G. Messerschmitt Supplementary section for Understanding Networked Applications: A First Course, Morgan Kaufmann, 1999. Copyright notice: Permission is granted to copy and distribute

More information

Security vulnerabilities in the Internet and possible solutions

Security vulnerabilities in the Internet and possible solutions Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in

More information

co Characterizing and Tracing Packet Floods Using Cisco R

co Characterizing and Tracing Packet Floods Using Cisco R co Characterizing and Tracing Packet Floods Using Cisco R Table of Contents Characterizing and Tracing Packet Floods Using Cisco Routers...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1

More information

REDUCING PACKET OVERHEAD IN MOBILE IPV6

REDUCING PACKET OVERHEAD IN MOBILE IPV6 REDUCING PACKET OVERHEAD IN MOBILE IPV6 ABSTRACT Hooshiar Zolfagharnasab 1 1 Department of Computer Engineering, University of Isfahan, Isfahan, Iran hoppico@eng.ui.ac.ir hozo19@gmail.com Common Mobile

More information

IPv6, Mobile IP & Mobile IPv6. Tolga Numanoglu

IPv6, Mobile IP & Mobile IPv6. Tolga Numanoglu IPv6, Mobile IP & Mobile IPv6 Tolga Numanoglu Outline IPv6 Background Features Details Mobile IP Mobile Node, Home Agent, Foreign Agent Mobile IPv6 What s different? IPv6 Background IP has been patched

More information

APNIC elearning: IPSec Basics. Contact: training@apnic.net. esec03_v1.0

APNIC elearning: IPSec Basics. Contact: training@apnic.net. esec03_v1.0 APNIC elearning: IPSec Basics Contact: training@apnic.net esec03_v1.0 Overview Virtual Private Networks What is IPsec? Benefits of IPsec Tunnel and Transport Mode IPsec Architecture Security Associations

More information

EE6390. Fall 1999. Research Report. Mobile IP in General Packet Radio System

EE6390. Fall 1999. Research Report. Mobile IP in General Packet Radio System EE6390 Introduction to Wireless Communications Systems Fall 1999 Research Report Mobile IP in General Packet Radio System Kelvin K. W. Wong Ramzi Hamati Date: Dec. 6, 1999 1.0 Abstract Tunneling is one

More information

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead

More information

Tomás P. de Miguel DIT-UPM. dit UPM

Tomás P. de Miguel DIT-UPM. dit UPM Tomás P. de Miguel DIT- 15 12 Internet Mobile Market Phone.com 15 12 in Millions 9 6 3 9 6 3 0 1996 1997 1998 1999 2000 2001 0 Wireless Internet E-mail subscribers 2 (January 2001) Mobility The ability

More information

An Experimental Study on Wireless Security Protocols over Mobile IP Networks

An Experimental Study on Wireless Security Protocols over Mobile IP Networks An Experimental Study on Wireless Security Protocols over Mobile IP Networks Avesh K. Agarwal Department of Computer Science Email: akagarwa@unity.ncsu.edu Jorinjit S. Gill Department of Electrical and

More information

Implementing and Managing Security for Network Communications

Implementing and Managing Security for Network Communications 3 Implementing and Managing Security for Network Communications............................................... Terms you ll need to understand: Internet Protocol Security (IPSec) Authentication Authentication

More information

Wireless Encryption Protection

Wireless Encryption Protection Wireless Encryption Protection We re going to jump around a little here and go to something that I really find interesting, how do you secure yourself when you connect to a router. Now first and foremost

More information

Understanding the Cisco VPN Client

Understanding the Cisco VPN Client Understanding the Cisco VPN Client The Cisco VPN Client for Windows (referred to in this user guide as VPN Client) is a software program that runs on a Microsoft Windows -based PC. The VPN Client on a

More information

DATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0

DATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS

More information

SCADA SYSTEMS AND SECURITY WHITEPAPER

SCADA SYSTEMS AND SECURITY WHITEPAPER SCADA SYSTEMS AND SECURITY WHITEPAPER Abstract: This paper discusses some of the options available to companies concerned with the threat of cyber attack on their critical infrastructure, who as part of

More information

Mobile IP Protocols CHAPTER 25 25.1 INTRODUCTION

Mobile IP Protocols CHAPTER 25 25.1 INTRODUCTION Handbook of Wireless Networks and Mobile Computing, Edited by Ivan Stojmenović Copyright 2002 John Wiley & Sons, Inc. ISBNs: 0-471-41902-8 (Paper); 0-471-22456-1 (Electronic) CHAPTER 25 Mobile IP Protocols

More information

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network. Course Name: TCP/IP Networking Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network. TCP/IP is the globally accepted group of protocols

More information

VPN. Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu

VPN. Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu VPN Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu What is VPN? A VPN (virtual private network) is a private data network that uses public telecommunicating infrastructure (Internet), maintaining

More information

OSI Network Layer OSI Layer 3

OSI Network Layer OSI Layer 3 OSI Network Layer OSI Layer 3 Network Fundamentals Chapter 5 ١ Objectives Identify the role of the Network Layer, as it describes communication from one end device to another end device Examine the most

More information

Security Technology: Firewalls and VPNs

Security Technology: Firewalls and VPNs Security Technology: Firewalls and VPNs 1 Learning Objectives Understand firewall technology and the various approaches to firewall implementation Identify the various approaches to remote and dial-up

More information

Detection of Promiscuous Nodes Using ARP Packets

Detection of Promiscuous Nodes Using ARP Packets Detection of Promiscuous Nodes Using ARP Packets Version 1.0 Written by: 31Aug01 Daiji Sanai Translated by: Kelvin KingPang Tsang http://www.securityfriday.com 1 Contents Abstract...3

More information

7.1. Remote Access Connection

7.1. Remote Access Connection 7.1. Remote Access Connection When a client uses a dial up connection, it connects to the remote access server across the telephone system. Windows client and server operating systems use the Point to

More information

G.Vijaya kumar et al, Int. J. Comp. Tech. Appl., Vol 2 (5), 1413-1418

G.Vijaya kumar et al, Int. J. Comp. Tech. Appl., Vol 2 (5), 1413-1418 An Analytical Model to evaluate the Approaches of Mobility Management 1 G.Vijaya Kumar, *2 A.Lakshman Rao *1 M.Tech (CSE Student), Pragati Engineering College, Kakinada, India. Vijay9908914010@gmail.com

More information

5.0 Network Architecture. 5.1 Internet vs. Intranet 5.2 NAT 5.3 Mobile Network

5.0 Network Architecture. 5.1 Internet vs. Intranet 5.2 NAT 5.3 Mobile Network 5.0 Network Architecture 5.1 Internet vs. Intranet 5.2 NAT 5.3 Mobile Network 1 5.1The Internet Worldwide connectivity ISPs connect private and business users Private: mostly dial-up connections Business:

More information

A SENSIBLE GUIDE TO LATENCY MANAGEMENT

A SENSIBLE GUIDE TO LATENCY MANAGEMENT A SENSIBLE GUIDE TO LATENCY MANAGEMENT By Wayne Rash Wayne Rash has been writing technical articles about computers and networking since the mid-1970s. He is a former columnist for Byte Magazine, a former

More information

Network Security Part II: Standards

Network Security Part II: Standards Network Security Part II: Standards Raj Jain Washington University Saint Louis, MO 63131 Jain@cse.wustl.edu These slides are available on-line at: http://www.cse.wustl.edu/~jain/cse473-05/ 18-1 Overview

More information

Sage ERP Accpac Online

Sage ERP Accpac Online Sage ERP Accpac Online Mac Resource Guide Thank you for choosing Sage ERP Accpac Online. This Resource Guide will provide important information and instructions on how you can get started using your Mac

More information

Sage 300 ERP Online. Mac Resource Guide. (Formerly Sage ERP Accpac Online) Updated June 1, 2012. Page 1

Sage 300 ERP Online. Mac Resource Guide. (Formerly Sage ERP Accpac Online) Updated June 1, 2012. Page 1 Sage 300 ERP Online (Formerly Sage ERP Accpac Online) Mac Resource Guide Updated June 1, 2012 Page 1 Table of Contents 1.0 Introduction... 3 2.0 Getting Started with Sage 300 ERP Online using a Mac....

More information

Final for ECE374 05/06/13 Solution!!

Final for ECE374 05/06/13 Solution!! 1 Final for ECE374 05/06/13 Solution!! Instructions: Put your name and student number on each sheet of paper! The exam is closed book. You have 90 minutes to complete the exam. Be a smart exam taker -

More information

Cisco Which VPN Solution is Right for You?

Cisco Which VPN Solution is Right for You? Table of Contents Which VPN Solution is Right for You?...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1 Components Used...1 NAT...2 Generic Routing Encapsulation Tunneling...2

More information

Routing Protocol Evaluation for IP Mobility

Routing Protocol Evaluation for IP Mobility Rossano Marchesani, Sebastiano Schillaci Thales Italia S.p.A Via E. Mattei 2 6613 Chieti Scalo (Chieti) ITALY email: {rossano.marchesani sebastiano.schillaci}@it.thalesgroup.com ABSTRACT Since IP is becoming

More information

Raptor Firewall Products

Raptor Firewall Products Axent Technologies, Ltd The Leader in Integrated Firewall and VPN Solutions Raptor Firewall Products Security Cannot Be Ignored >100M Users on WWW E Commerce Shift Billions Lost to Cyberthieves 150,000

More information

Computer Networks. Wireless and Mobile Networks. László Böszörményi Computer Networks Mobile - 1

Computer Networks. Wireless and Mobile Networks. László Böszörményi Computer Networks Mobile - 1 Computer Networks Wireless and Mobile Networks László Böszörményi Computer Networks Mobile - 1 Background Number of wireless (mobile) phone subscribers now exceeds number of wired phone subscribers! Computer

More information

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

Firewalls and VPNs. Principles of Information Security, 5th Edition 1 Firewalls and VPNs Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to: Understand firewall technology and the various approaches

More information

The next generation of knowledge and expertise Wireless Security Basics

The next generation of knowledge and expertise Wireless Security Basics The next generation of knowledge and expertise Wireless Security Basics HTA Technology Security Consulting., 30 S. Wacker Dr, 22 nd Floor, Chicago, IL 60606, 708-862-6348 (voice), 708-868-2404 (fax), www.hta-inc.com

More information

VRRP Technology White Paper

VRRP Technology White Paper Issue 01 Date 2012-08-31 HUAWEI TECHNOLOGIES CO., LTD. 2012. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of

More information

(Refer Slide Time: 01:38 01:37)

(Refer Slide Time: 01:38 01:37) Computer Networks Prof. S. Ghosh Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Lecture No: 29 IP Version 6 & Mobile IP Good day, in the last lecture we discussed

More information

Mobility (and philosophical questions about names and identity) David Andersen CMU CS 15-744. The problem

Mobility (and philosophical questions about names and identity) David Andersen CMU CS 15-744. The problem Mobility (and philosophical questions about names and identity) David Andersen CMU CS 15-744 The problem How to support mobile users What do we mean by support? Make it easy and convenient to effectively

More information

Internet Protocol: IP packet headers. vendredi 18 octobre 13

Internet Protocol: IP packet headers. vendredi 18 octobre 13 Internet Protocol: IP packet headers 1 IPv4 header V L TOS Total Length Identification F Frag TTL Proto Checksum Options Source address Destination address Data (payload) Padding V: Version (IPv4 ; IPv6)

More information

Best practices for protecting network data

Best practices for protecting network data Best practices for protecting network data A company s value at risk The biggest risk to network security is underestimating the threat to network security. Recent security breaches have proven that much

More information

Wireless Networks: Network Protocols/Mobile IP

Wireless Networks: Network Protocols/Mobile IP Wireless Networks: Network Protocols/Mobile IP Mo$va$on Data transfer Encapsula$on Security IPv6 Problems DHCP Adapted from J. Schiller, Mobile Communications 1 Mo$va$on for Mobile IP Rou$ng based on IP

More information

Frequently Asked Questions

Frequently Asked Questions Frequently Asked Questions 1. Q: What is the Network Data Tunnel? A: Network Data Tunnel (NDT) is a software-based solution that accelerates data transfer in point-to-point or point-to-multipoint network

More information

An Experimental Study of Cross-Layer Security Protocols in Public Access Wireless Networks

An Experimental Study of Cross-Layer Security Protocols in Public Access Wireless Networks An Experimental Study of Cross-Layer Security Protocols in Public Access Wireless Networks Avesh K. Agarwal Wenye Wang Department of Electrical and Computer Engineering North Carolina State University,

More information

Chapter 5. Data Communication And Internet Technology

Chapter 5. Data Communication And Internet Technology Chapter 5 Data Communication And Internet Technology Purpose Understand the fundamental networking concepts Agenda Network Concepts Communication Protocol TCP/IP-OSI Architecture Network Types LAN WAN

More information

High Performance VPN Solutions Over Satellite Networks

High Performance VPN Solutions Over Satellite Networks High Performance VPN Solutions Over Satellite Networks Enhanced Packet Handling Both Accelerates And Encrypts High-Delay Satellite Circuits Characteristics of Satellite Networks? Satellite Networks have

More information

Transport and Network Layer

Transport and Network Layer Transport and Network Layer 1 Introduction Responsible for moving messages from end-to-end in a network Closely tied together TCP/IP: most commonly used protocol o Used in Internet o Compatible with a

More information

Chapter 4 Virtual Private Networking

Chapter 4 Virtual Private Networking Chapter 4 Virtual Private Networking This chapter describes how to use the virtual private networking (VPN) features of the FVL328 Firewall. VPN tunnels provide secure, encrypted communications between

More information

Mobile Routing. When a host moves, its point of attachment in the network changes. This is called a handoff.

Mobile Routing. When a host moves, its point of attachment in the network changes. This is called a handoff. Mobile Routing Basic Notions of Mobility When a host moves, its point of attachment in the changes. This is called a handoff. The point of attachment is a base station (BS) for cellular, or an access point

More information

Net Integrator Firewall

Net Integrator Firewall Net Integration Technologies, Inc. http://www.net itech.com Net Integrator Firewall Technical Overview Version 1.00 TABLE OF CONTENTS 1 Introduction...1 2 Firewall Architecture...2 2.1 The Life of a Packet...2

More information

Client Server Registration Protocol

Client Server Registration Protocol Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are

More information

Tunnel Broker System Using IPv4 Anycast

Tunnel Broker System Using IPv4 Anycast Tunnel Broker System Using IPv4 Anycast Xin Liu Department of Electronic Engineering Tsinghua Univ. lx@ns.6test.edu.cn Xing Li Department of Electronic Engineering Tsinghua Univ. xing@cernet.edu.cn ABSTRACT

More information

Mobile Communications Chapter 9: Mobile Transport Layer

Mobile Communications Chapter 9: Mobile Transport Layer Mobile Communications Chapter 9: Mobile Transport Layer Motivation TCP-mechanisms Classical approaches Indirect TCP Snooping TCP Mobile TCP PEPs in general Additional optimizations Fast retransmit/recovery

More information

Security issues with Mobile IP

Security issues with Mobile IP Technical report, IDE1107, February 2011 Security issues with Mobile IP Master s Thesis in Computer Network Engineering Abdel Rahman Alkhawaja & Hatem Sheibani School of Information Science, Computer and

More information

Static and Dynamic Network Configuration

Static and Dynamic Network Configuration CHAPTER 6 This chapter describes: Static Networks Dynamic Networks Static Networks The mobile access router can be part of a static network or a dynamic network. A static network supports stub routers

More information

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1 Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions

More information

Scalable Support for Transparent Mobile Host Internetworking

Scalable Support for Transparent Mobile Host Internetworking To appear in Proceedings of the Ninth Annual IEEE Workshop on Computer Communications, October1994. Scalable Support for Transparent Mobile Host Internetworking David B. Johnson Computer Science Department

More information

INF3510 Information Security University of Oslo Spring 2011. Lecture 9 Communication Security. Audun Jøsang

INF3510 Information Security University of Oslo Spring 2011. Lecture 9 Communication Security. Audun Jøsang INF3510 Information Security University of Oslo Spring 2011 Lecture 9 Communication Security Audun Jøsang Outline Network security concepts Communication security Perimeter security Protocol architecture

More information

IMHP: A Mobile Host Protocol for the Internet. Abstract

IMHP: A Mobile Host Protocol for the Internet. Abstract IMHP: A Mobile Host Protocol for the Internet Charles Perkins T. J. Watson Research Center IBM Corporation P. O. Box 218 Yorktown Heights, NY 10598 Andrew Myles Department of Electronics

More information

TCP for Wireless Networks

TCP for Wireless Networks TCP for Wireless Networks Outline Motivation TCP mechanisms Indirect TCP Snooping TCP Mobile TCP Fast retransmit/recovery Transmission freezing Selective retransmission Transaction oriented TCP Adapted

More information

Basics of Internet Security

Basics of Internet Security Basics of Internet Security Premraj Jeyaprakash About Technowave, Inc. Technowave is a strategic and technical consulting group focused on bringing processes and technology into line with organizational

More information

IP Security. Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49

IP Security. Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49 IP Security Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49 1 Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security

More information

Availability Digest. www.availabilitydigest.com. Redundant Load Balancing for High Availability July 2013

Availability Digest. www.availabilitydigest.com. Redundant Load Balancing for High Availability July 2013 the Availability Digest Redundant Load Balancing for High Availability July 2013 A large data center can comprise hundreds or thousands of servers. These servers must not only be interconnected, but they

More information

Efficient Addressing. Outline. Addressing Subnetting Supernetting CS 640 1

Efficient Addressing. Outline. Addressing Subnetting Supernetting CS 640 1 Efficient Addressing Outline Addressing Subnetting Supernetting CS 640 1 IPV4 Global Addresses Properties IPv4 uses 32 bit address space globally unique hierarchical: network + host 7 24 Dot Notation 10.3.2.4

More information

Network Security TCP/IP Refresher

Network Security TCP/IP Refresher Network Security TCP/IP Refresher What you (at least) need to know about networking! Dr. David Barrera Network Security HS 2014 Outline Network Reference Models Local Area Networks Internet Protocol (IP)

More information

Definition. A Historical Example

Definition. A Historical Example Overlay Networks This lecture contains slides created by Ion Stoica (UC Berkeley). Slides used with permission from author. All rights remain with author. Definition Network defines addressing, routing,

More information

CCNA R&S: Introduction to Networks. Chapter 5: Ethernet

CCNA R&S: Introduction to Networks. Chapter 5: Ethernet CCNA R&S: Introduction to Networks Chapter 5: Ethernet 5.0.1.1 Introduction The OSI physical layer provides the means to transport the bits that make up a data link layer frame across the network media.

More information

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security? 7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk

More information

8.2 The Internet Protocol

8.2 The Internet Protocol TCP/IP Protocol Suite HTTP SMTP DNS RTP Distributed applications Reliable stream service TCP UDP User datagram service Best-effort connectionless packet transfer Network Interface 1 IP Network Interface

More information

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security Objectives List the different types of network security devices and explain how they can be used Define network

More information

DYNAMIC MULTIPOINT VPN HUB AND SPOKE INTRODUCTION

DYNAMIC MULTIPOINT VPN HUB AND SPOKE INTRODUCTION DYNAMIC MULTIPOINT VPN HUB AND SPOKE INTRODUCTION NOVEMBER 2004 1 INTRODUCTION Spoke, Presentation_ID 11/04 2004, Cisco Systems, Inc. All rights reserved. 2 What is Dynamic Multipoint VPN? Dynamic Multipoint

More information

Own your LAN with Arp Poison Routing

Own your LAN with Arp Poison Routing Own your LAN with Arp Poison Routing By: Rorik Koster April 17, 2006 Security is a popular buzzword heard every day throughout our American culture and possibly even more so in our global economy. From

More information

Wireless VPN White Paper. WIALAN Technologies, Inc. http://www.wialan.com

Wireless VPN White Paper. WIALAN Technologies, Inc. http://www.wialan.com Wireless VPN White Paper WIALAN Technologies, Inc. http://www.wialan.com 2014 WIALAN Technologies, Inc. all rights reserved. All company and product names are registered trademarks of their owners. Abstract

More information

Mobile IP Part I: IPv4

Mobile IP Part I: IPv4 Mobile IP Part I: IPv4 Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu These slides are available on-line at: http://www.cse.wustl.edu/~jain/cse574-06/ 12-1 q Mobile

More information

WAN Traffic Management with PowerLink Pro100

WAN Traffic Management with PowerLink Pro100 Whitepaper WAN Traffic Management with PowerLink Pro100 Overview In today s Internet marketplace, optimizing online presence is crucial for business success. Wan/ISP link failover and traffic management

More information

Wireless ATA: A New Data Transport Protocol for Wireless Storage

Wireless ATA: A New Data Transport Protocol for Wireless Storage Wireless ATA: A New Data Transport Protocol for Wireless Storage Serdar Ozler and Ibrahim Korpeoglu Department of Computer Engineering, Bilkent University, 06800 Bilkent, Ankara, Turkey {ozler, korpe}@cs.bilkent.edu.tr

More information

TCP and Wireless Networks Classical Approaches Optimizations TCP for 2.5G/3G Systems. Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme

TCP and Wireless Networks Classical Approaches Optimizations TCP for 2.5G/3G Systems. Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme Chapter 2 Technical Basics: Layer 1 Methods for Medium Access: Layer 2 Chapter 3 Wireless Networks: Bluetooth, WLAN, WirelessMAN, WirelessWAN Mobile Networks: GSM, GPRS, UMTS Chapter 4 Mobility on the

More information

SCADA System Security. ECE 478 Network Security Oregon State University March 7, 2005

SCADA System Security. ECE 478 Network Security Oregon State University March 7, 2005 SCADA System Security ECE 478 Network Security Oregon State University March 7, 2005 David Goeke Hai Nguyen Abstract Modern public infrastructure systems

More information

Internetworking. Mobile IP. Literature: Forouzan, TCP/IP Protocol Suite: Ch 24

Internetworking. Mobile IP. Literature: Forouzan, TCP/IP Protocol Suite: Ch 24 Internetworking Mobile IP Literature: Forouzan, TCP/IP Protocol Suite: Ch 24 Mobile use of Internet Mobility, Wireless and Portable are different terms Mobility: allows systems to move from one (network)

More information

Mobile Host Internetworking Using IP Loose Source Routing

Mobile Host Internetworking Using IP Loose Source Routing Mobile Host Internetworking Using IP Loose Source Routing David B. Johnson February 1993 CMU-CS-93-128 School of Computer Science Carnegie Mellon University Pittsburgh, PA 15213 This research was supported

More information

Chapter 9. IP Secure

Chapter 9. IP Secure Chapter 9 IP Secure 1 Network architecture is usually explained as a stack of different layers. Figure 1 explains the OSI (Open System Interconnect) model stack and IP (Internet Protocol) model stack.

More information

JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA

JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA To purchase Full version of Practice exam click below; http://www.certshome.com/jk0-022-practice-test.html FOR CompTIA JK0-022 Exam Candidates

More information