Capture of Mission Assets

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Capture of Mission Assets"

Transcription

1 Capture of Mission Assets Vern Paxson University of California Berkeley, California USA June 2009 Presented by Giovanni Vigna

2 Outline Motivational context Tracking network system assets Passively Actively Vantage-point considerations Tying assets to mission needs Leveraging multiple examples Inferring dependencies Fault injection

3 The Role of Asset-Capture Assets & relationship to mission functioning crucial for reasoning about: Vulnerability to induced faults / subversion Robustness to incidental failure Assets include network/system components, human actors, required services and service sessions (may include multiple components), accompanying configuration info: Topology, access control Particularly significant: version information Points up attacker exploit opportunities, common failure modes Also, presence of data caching Can mask/induce errors Modeling includes producer/consumer, trust relationships, preconditions

4 Identifying Assets Simple approach: it s the system/network operator s job to track them But: done manually, this is tedious error-prone due to churn Note: some asset information necessarily tracked E.g., users present in system (defined by authentication mechanisms) E.g., devices potentially connected to network (if MAC address registration employ) Thus, part of research effort: tools & procedures to automate asset tracking Using manually provided information as ground truth

5 Passive Capture Idea: learn assets by surveillance, i.e., watching what happens Requires widespread visibility + suite of network analysis modules Link/network layer Track MAC IP address bindings to resolve aliasing ARP reveals broadcast domains, routers, switches (to limited degree) TTLs reveal IP hop counts from systems to monitors RTTs suggestive of subnet structure, underlying link technology Packet pair dispersion reveals link capacities Jitter can shed light on cross traffic implicit dependencies Deterministic loss pattern often rooted in internal buffer network sizes ICMPs reveal failure conditions (e.g., Host Unreachable)

6 Passive Capture - Net/Trans. Layer Inference of OS type / version Absent servers manifesting as TCP SYN/RST exchanges Firewalls (some forms) manifesting as SYN/SYN-ACK RST Unanswered SYNs reveal expected-but-missing services Baseline of network path characteristics Range of bandwidth/loss/delay conditions over which the mission has successfully run Behavior of TCP senders indicates their congestion-control specifics, allowing prediction of expected performance in alternative/backup environments

7 Passive Capture - Application Layer Requires rich set of app-protocol parsers Built on top of Bro system and BinPAC Extract app structure: request/response, error codes, data xfer Determine services provided, version Our previous work on Dynamic Protocol Detection unambiguously determines services via app-level parsing Our previous work on Discovery of Session Structure finds sets of interrelated connections (requires extension to > 2 hosts) related to single instance of app activity Based on observation: independent events arrive according to Poisson process Thus, those arriving quicker than Poisson are with high probability nonindependent Technique works in general for discovery causal structure But requires numerous observations of mission in access to build up statistics

8 Passive Capture - Caching Data items If some sessions lack data-transfer connections present in others, suggestive of possible caching If when we observe the transfer, it s generally the same data item Two-edged sword: Presence of cache may mean mission can continue even if server is down Depending on the caching policy But: presence of cache means we may miss its presence during passive observation, overlook a dependency

9 Passive Capture - Pros & Cons Pro: non-invasive Can apply to actual networks with minimal disruption Pro: can work retrospectively If we gather traces from a network-of-interest, can be later analyzed/ reanalyzed using passive techniques Con: things change (churn) Need to understand change time scales & reanalyze / incorporate possible change into mission planning Can only characterize what you see Can miss capabilities, quirks, and dependencies that happened not to manifest Option for increasing visibility: deploy simple agents on end hosts Especially for gaining insight into causal links difficult to infer externally

10 Active Probing By injecting traffic, can potentially address previous issues of missing capabilities: probe for services/hosts present but not active Because they are backups for the observed missions Tricky because revealing their presence may require correct authentication quirks: how in particular will given end system respond to cornercase/ambiguous packets used for evasion? dependencies: can potentially inject faults Degradation or interruption of network/service functionality Can identify both backup components and failover strategy/delay Can capture ensuing degradation, which may or may not affect mission

11 Extracting Mission Models First, analyze existing missions to develop task-based model of mission workflow Includes capturing dependencies Some tasks generic: e.g., day-to-day support for network services Others detailed: specific to particular mission s structure & objectives Models captured in mission-model database

12 Tying Mission Activity to Assets Establish mapping between tasks in cyber-missions w/ corresponding required assets Historically, a difficult/error-prone manual step Starting point: estimated mapping supplied by domain experts Likely incomplete and subject to some spurious errors Next: develop tools to automate discovery of relationships Based on observing event history over a number of runs Capture dependencies in a form that supports automated reasoning Ideally, observe numerous runs, including some with failures Need to also recognize and factor out routine background traffic

13 Inferring Types of Dependencies Some dependencies are indirect E.g., use of a URL for coordination results in a dependency on DNS Caching can hide the DNS lookup in example runs, but we can infer it when we see use of the URL Some dependencies have complex failover behavior E.g., a videoconference might fail over to audio-only Manifests as use of quite different service elements Requires hierarchical modeling to identify subtasks that differ while maintaining the same overall task structure

14 Abstracting Types of Dependencies Any member of a pool of services can provide the service with the same performance/cost An asset relies on a partition of services (of different types) when it requires an instance of each service to achieve full performance However, may operate at a degraded level if only can access a subset Assets rely on alternate services when multiple elements provide the service, but at varying performance/cost levels An asset requires a composition of services if each is vital for the asset being available

15 Classes of Dependencies, con t Each dependency type (pool, alternate, etc.) has different implications for mission availability Research target: develop algorithms for inferring type of dependency Based on observing failures during in situ mission runs Challenge #1: robustly recognizing service failure Failed network connections Application-specific error messages Failure codes Alteration of task structure Challenge #2: failures are rare If we don t observe them in situ, we may need to inject faults in a controlled fashion Requires highly cooperative mission operators

16 Summary We require a methodical approach to (1) understanding what assets are available including issues of churn and rarely-seen backup services for which we can apply both passive and active techniques to then (2) extracting dependencies among assets and their ties to mission progression based on observing multiple mission runs across which we apply inference techniques Given these dependencies, we then abstract them based how they play sole and/or critical roles, capturing both: models of missions, and formalism to reason across the structure of the different types of dependencies

EECS 489 Winter 2010 Midterm Exam

EECS 489 Winter 2010 Midterm Exam EECS 489 Winter 2010 Midterm Exam Name: This is an open-book, open-resources exam. Explain or show your work for each question. Your grade will be severely deducted if you don t show your work, even if

More information

Basic & Advanced Administration for Citrix NetScaler 9.2

Basic & Advanced Administration for Citrix NetScaler 9.2 Basic & Advanced Administration for Citrix NetScaler 9.2 Day One Introducing and deploying Citrix NetScaler Key - Brief Introduction to the NetScaler system Planning a NetScaler deployment Deployment scenarios

More information

On the Deficiencies of Active Network Discovery Systems

On the Deficiencies of Active Network Discovery Systems On the Deficiencies of Active Network Discovery Systems Ofir Arkin Chief Technology Officer Insightix Copyright 2012 - All Rights Reserved. This material is proprietary of Insightix. Any unauthorized

More information

Demystifying the Myth of Passive Network Discovery and Monitoring Systems

Demystifying the Myth of Passive Network Discovery and Monitoring Systems Demystifying the Myth of Passive Network Discovery and Monitoring Systems Ofir Arkin Chief Technology Officer Insightix Copyright 2012 - All Rights Reserved. This material is proprietary of Insightix.

More information

INTRODUCTION TO FIREWALL SECURITY

INTRODUCTION TO FIREWALL SECURITY INTRODUCTION TO FIREWALL SECURITY SESSION 1 Agenda Introduction to Firewalls Types of Firewalls Modes and Deployments Key Features in a Firewall Emerging Trends 2 Printed in USA. What Is a Firewall DMZ

More information

Tools for penetration tests 1. Carlo U. Nicola, HT FHNW With extracts from documents of : Google; Wireshark; nmap; Nessus.

Tools for penetration tests 1. Carlo U. Nicola, HT FHNW With extracts from documents of : Google; Wireshark; nmap; Nessus. Tools for penetration tests 1 Carlo U. Nicola, HT FHNW With extracts from documents of : Google; Wireshark; nmap; Nessus. What is a penetration test? Goals: 1. Analysis of an IT-environment and search

More information

The Trivial Cisco IP Phones Compromise

The Trivial Cisco IP Phones Compromise Security analysis of the implications of deploying Cisco Systems SIP-based IP Phones model 7960 Ofir Arkin Founder The Sys-Security Group ofir@sys-security.com http://www.sys-security.com September 2002

More information

Creating the Conceptual Design by Gathering and Analyzing Business and Technical Requirements

Creating the Conceptual Design by Gathering and Analyzing Business and Technical Requirements Creating the Conceptual Design by Gathering and Analyzing Business and Technical Requirements Analyze the impact of Active Directory on the existing technical environment. Analyze hardware and software

More information

Advanced Administration for Citrix NetScaler 9.0 Platinum Edition

Advanced Administration for Citrix NetScaler 9.0 Platinum Edition Advanced Administration for Citrix NetScaler 9.0 Platinum Edition Course Length: 5 Days Course Code: CNS-300 Course Description This course provides the foundation to manage, configure and monitor advanced

More information

Network Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. April 23, 2015

Network Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. April 23, 2015 Network Security Dr. Ihsan Ullah Department of Computer Science & IT University of Balochistan, Quetta Pakistan April 23, 2015 1 / 24 Secure networks Before the advent of modern telecommunication network,

More information

Transport and Network Layer

Transport and Network Layer Transport and Network Layer 1 Introduction Responsible for moving messages from end-to-end in a network Closely tied together TCP/IP: most commonly used protocol o Used in Internet o Compatible with a

More information

ACHILLES CERTIFICATION. SIS Module SLS 1508

ACHILLES CERTIFICATION. SIS Module SLS 1508 ACHILLES CERTIFICATION PUBLIC REPORT Final DeltaV Report SIS Module SLS 1508 Disclaimer Wurldtech Security Inc. retains the right to change information in this report without notice. Wurldtech Security

More information

Internet Infrastructure Measurement: Challenges and Tools

Internet Infrastructure Measurement: Challenges and Tools Internet Infrastructure Measurement: Challenges and Tools Internet Infrastructure Measurement: Challenges and Tools Outline Motivation Challenges Tools Conclusion Why Measure? Why Measure? Internet, with

More information

Packet Sniffer Detection with AntiSniff

Packet Sniffer Detection with AntiSniff Ryan Spangler University of Wisconsin - Whitewater Department of Computer and Network Administration May 2003 Abstract Packet sniffing is a technique of monitoring every packet that crosses the network.

More information

MOC 6435A Designing a Windows Server 2008 Network Infrastructure

MOC 6435A Designing a Windows Server 2008 Network Infrastructure MOC 6435A Designing a Windows Server 2008 Network Infrastructure Course Number: 6435A Course Length: 5 Days Certification Exam This course will help you prepare for the following Microsoft exam: Exam 70647:

More information

2. What is the maximum value of each octet in an IP address? A. 28 B. 255 C. 256 D. None of the above

2. What is the maximum value of each octet in an IP address? A. 28 B. 255 C. 256 D. None of the above CCNA1 V3.0 Mod 10 (Ch 8) 1. How many bits are in an IP C. 64 2. What is the maximum value of each octet in an IP A. 28 55 C. 256 3. The network number plays what part in an IP A. It specifies the network

More information

Configuring Health Monitoring

Configuring Health Monitoring CHAPTER 6 This chapter describes how to configure the health monitoring on the CSM and contains these sections: Configuring Probes for Health Monitoring, page 6-1 Configuring Route Health Injection, page

More information

Final exam review, Fall 2005 FSU (CIS-5357) Network Security

Final exam review, Fall 2005 FSU (CIS-5357) Network Security Final exam review, Fall 2005 FSU (CIS-5357) Network Security Instructor: Breno de Medeiros 1. What is an insertion attack against a NIDS? Answer: An insertion attack against a network intrusion detection

More information

PROFESSIONAL SECURITY SYSTEMS

PROFESSIONAL SECURITY SYSTEMS PROFESSIONAL SECURITY SYSTEMS Security policy, active protection against network attacks and management of IDP Introduction Intrusion Detection and Prevention (IDP ) is a new generation of network security

More information

Detecting rogue systems

Detecting rogue systems Product Guide Revision A McAfee Rogue System Detection 4.7.1 For use with epolicy Orchestrator 4.6.3-5.0.0 Software Detecting rogue systems Unprotected systems, referred to as rogue systems, are often

More information

A Standard Modest WebSite

A Standard Modest WebSite A Standard Modest WebSite 3-tier application using Servlets and JDBC HTTP Servlet JDBC JSP...... Servlet DBMS Clients Application Server Roadmap Want to grow to robust enterprise-scale systems: replicated

More information

Layer 4-7 Server Load Balancing. Security, High-Availability and Scalability of Web and Application Servers

Layer 4-7 Server Load Balancing. Security, High-Availability and Scalability of Web and Application Servers Layer 4-7 Server Load Balancing Security, High-Availability and Scalability of Web and Application Servers Foundry Overview Mission: World Headquarters San Jose, California Performance, High Availability,

More information

Lab 2. CS-335a. Fall 2012 Computer Science Department. Manolis Surligas surligas@csd.uoc.gr

Lab 2. CS-335a. Fall 2012 Computer Science Department. Manolis Surligas surligas@csd.uoc.gr Lab 2 CS-335a Fall 2012 Computer Science Department Manolis Surligas surligas@csd.uoc.gr 1 Summary At this lab we will cover: Basics of Transport Layer (TCP, UDP) Broadcast ARP DNS More Wireshark filters

More information

DNS ROUND ROBIN HIGH-AVAILABILITY LOAD SHARING

DNS ROUND ROBIN HIGH-AVAILABILITY LOAD SHARING PolyServe High-Availability Server Clustering for E-Business 918 Parker Street Berkeley, California 94710 (510) 665-2929 wwwpolyservecom Number 990903 WHITE PAPER DNS ROUND ROBIN HIGH-AVAILABILITY LOAD

More information

SANE: A Protection Architecture For Enterprise Networks

SANE: A Protection Architecture For Enterprise Networks Fakultät IV Elektrotechnik und Informatik Intelligent Networks and Management of Distributed Systems Research Group Prof. Anja Feldmann, Ph.D. SANE: A Protection Architecture For Enterprise Networks WS

More information

Set Up a VM-Series Firewall on the Citrix SDX Server

Set Up a VM-Series Firewall on the Citrix SDX Server Set Up a VM-Series Firewall on the Citrix SDX Server Palo Alto Networks VM-Series Deployment Guide PAN-OS 6.1 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa

More information

WhatsUpGold. v3.0. WhatsConnected User Guide

WhatsUpGold. v3.0. WhatsConnected User Guide WhatsUpGold v3.0 WhatsConnected User Guide Contents CHAPTER 1 Welcome to WhatsConnected Finding more information and updates... 2 Sending feedback... 3 CHAPTER 2 Installing and Configuring WhatsConnected

More information

Autumn Oct 21, Oct 21, 2004 CS573: Network Protocols and Standards 1 Oct 21, 2004 CS573: Network Protocols and Standards 2

Autumn Oct 21, Oct 21, 2004 CS573: Network Protocols and Standards 1 Oct 21, 2004 CS573: Network Protocols and Standards 2 IPv4 IP: Addressing, ARP, Routing Protocols and Standards Autumn 2004-2005 IP Datagram Format IPv4 Addressing ARP and RARP IP Routing Basics Subnetting and Supernetting ICMP Address Translation (NAT) Dynamic

More information

Non-intrusive, complete network protocol decoding with plain mnemonics in English

Non-intrusive, complete network protocol decoding with plain mnemonics in English The Triple Play Analysis Suite - DATA The Triple Play Analysis Suite - Data are meant for emulating the client s application such as FTP downloading or Web Browser testing at the termination point of DSL

More information

co Characterizing and Tracing Packet Floods Using Cisco R

co Characterizing and Tracing Packet Floods Using Cisco R co Characterizing and Tracing Packet Floods Using Cisco R Table of Contents Characterizing and Tracing Packet Floods Using Cisco Routers...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1

More information

CYBER ATTACKS EXPLAINED: PACKET CRAFTING

CYBER ATTACKS EXPLAINED: PACKET CRAFTING CYBER ATTACKS EXPLAINED: PACKET CRAFTING Protect your FOSS-based IT infrastructure from packet crafting by learning more about it. In the previous articles in this series, we explored common infrastructure

More information

Architecture Overview

Architecture Overview Architecture Overview Design Fundamentals The networks discussed in this paper have some common design fundamentals, including segmentation into modules, which enables network traffic to be isolated and

More information

Load Balancing and Sessions. C. Kopparapu, Load Balancing Servers, Firewalls and Caches. Wiley, 2002.

Load Balancing and Sessions. C. Kopparapu, Load Balancing Servers, Firewalls and Caches. Wiley, 2002. Load Balancing and Sessions C. Kopparapu, Load Balancing Servers, Firewalls and Caches. Wiley, 2002. Scalability multiple servers Availability server fails Manageability Goals do not route to it take servers

More information

Flow Analysis Versus Packet Analysis. What Should You Choose?

Flow Analysis Versus Packet Analysis. What Should You Choose? Flow Analysis Versus Packet Analysis. What Should You Choose? www.netfort.com Flow analysis can help to determine traffic statistics overall, but it falls short when you need to analyse a specific conversation

More information

Microsoft Office Communications Server 2007 R2

Microsoft Office Communications Server 2007 R2 Microsoft Office Communications Server 2007 R2 Scale to a Load Balanced Enterprise Edition Pool with WebMux Walkthrough Published: Sept. 2009 For the most up-to-date version of the Scale to a Load Balanced

More information

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks

More information

Firewall Load Balancing

Firewall Load Balancing CHAPTER 6 This chapter describes the (FWLB) feature. It includes the following sections: FWLB Overview, page 6-1 FWLB Features, page 6-2 FWLB Configuration Tasks, page 6-3 Monitoring and Maintaining FWLB,

More information

CMPT 471 Networking II

CMPT 471 Networking II CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access

More information

Visualizations and Correlations in Troubleshooting

Visualizations and Correlations in Troubleshooting Visualizations and Correlations in Troubleshooting Kevin Burns Comcast kevin_burns@cable.comcast.com 1 Comcast Technology Groups Cable CMTS, Modem, Edge Services Backbone Transport, Routing Converged Regional

More information

Global Server Load Balancing

Global Server Load Balancing White Paper Overview Many enterprises attempt to scale Web and network capacity by deploying additional servers and increased infrastructure at a single location, but centralized architectures are subject

More information

DATA CENTER. Best Practices for High Availability Deployment for the Brocade ADX Switch

DATA CENTER. Best Practices for High Availability Deployment for the Brocade ADX Switch DATA CENTER Best Practices for High Availability Deployment for the Brocade ADX Switch CONTENTS Contents... 2 Executive Summary... 3 Introduction... 3 Brocade ADX HA Overview... 3 Hot-Standby HA... 4 Active-Standby

More information

Session Hijacking Exploiting TCP, UDP and HTTP Sessions

Session Hijacking Exploiting TCP, UDP and HTTP Sessions Session Hijacking Exploiting TCP, UDP and HTTP Sessions Shray Kapoor shray.kapoor@gmail.com Preface With the emerging fields in e-commerce, financial and identity information are at a higher risk of being

More information

HP Load Balancing Module

HP Load Balancing Module HP Load Balancing Module Load Balancing Configuration Guide Part number: 5998-2685 Document version: 6PW101-20120217 Legal and notice information Copyright 2012 Hewlett-Packard Development Company, L.P.

More information

XPROBE. Building Efficient Network Discovery Tools. Fyodor Yarochkin

XPROBE. Building Efficient Network Discovery Tools. Fyodor Yarochkin XPROBE Building Efficient Network Discovery Tools Fyodor Yarochkin Outline Introduction Some motivating stories: real-life attacks Efficient network mapping with Lazy Scan mode Layer 7 extensions Scripting

More information

Availability Digest. www.availabilitydigest.com. Redundant Load Balancing for High Availability July 2013

Availability Digest. www.availabilitydigest.com. Redundant Load Balancing for High Availability July 2013 the Availability Digest Redundant Load Balancing for High Availability July 2013 A large data center can comprise hundreds or thousands of servers. These servers must not only be interconnected, but they

More information

Network Measurement. Why Measure the Network? Types of Measurement. Traffic Measurement. Packet Monitoring. Monitoring a LAN Link. ScienLfic discovery

Network Measurement. Why Measure the Network? Types of Measurement. Traffic Measurement. Packet Monitoring. Monitoring a LAN Link. ScienLfic discovery Why Measure the Network? Network Measurement Jennifer Rexford COS 461: Computer Networks Lectures: MW 10-10:50am in Architecture N101 ScienLfic discovery Characterizing traffic, topology, performance Understanding

More information

CLE202 Introduction to ServerIron ADX Application Switching and Load Balancing

CLE202 Introduction to ServerIron ADX Application Switching and Load Balancing Introduction to ServerIron ADX Application Switching and Load Balancing Student Guide Revision : Introduction to ServerIron ADX Application Switching and Load Balancing Corporate Headquarters - San

More information

Top-Down Network Design

Top-Down Network Design Top-Down Network Design Chapter Five Designing a Network Topology Copyright 2010 Cisco Press & Priscilla Oppenheimer Topology A map of an internetwork that indicates network segments, interconnection points,

More information

20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7

20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7 20-CS-6053-00X Network Security Spring, 2014 An Introduction To Network Security Week 1 January 7 Attacks Criminal: fraud, scams, destruction; IP, ID, brand theft Privacy: surveillance, databases, traffic

More information

Outline VLAN. Inter-VLAN communication. Layer-3 Switches. Spanning Tree Protocol Recap

Outline VLAN. Inter-VLAN communication. Layer-3 Switches. Spanning Tree Protocol Recap Outline Network Virtualization and Data Center Networks 263-3825-00 DC Virtualization Basics Part 2 Qin Yin Fall Semester 2013 More words about VLAN Virtual Routing and Forwarding (VRF) The use of load

More information

Digi Certified Transport Technician Training Course (DCTT)

Digi Certified Transport Technician Training Course (DCTT) 1 2 A roadblock to this might be if dynamic routing using proprietary protocols, like EIGRP, are required. 3 (VRRP Can also be used over FDDI/Token Ring) HSRP (Hot Standby Router Protocol) is the Cisco

More information

Creating Web Farms with Linux (Linux High Availability and Scalability)

Creating Web Farms with Linux (Linux High Availability and Scalability) Creating Web Farms with Linux (Linux High Availability and Scalability) Horms (Simon Horman) horms@verge.net.au December 2001 For Presentation in Tokyo, Japan http://verge.net.au/linux/has/ http://ultramonkey.org/

More information

Networking and High Availability

Networking and High Availability TECHNICAL BRIEF Networking and High Availability Deployment Note Imperva appliances support a broad array of deployment options, enabling seamless integration into any data center environment. can be configured

More information

XPROBE-NG. What s new with upcoming version of the tool. Fyodor Yarochkin Armorize Technologies

XPROBE-NG. What s new with upcoming version of the tool. Fyodor Yarochkin Armorize Technologies XPROBE-NG What s new with upcoming version of the tool Fyodor Yarochkin Armorize Technologies Abstract Attacks trends analysis and network modern discovery requirements lazy scanning, application level

More information

Routing & Traffic Analysis for Converged Networks. Filling the Layer 3 Gap in VoIP Management

Routing & Traffic Analysis for Converged Networks. Filling the Layer 3 Gap in VoIP Management Routing & Traffic Analysis for Converged Networks Filling the Layer 3 Gap in VoIP Management Executive Summary Voice over Internet Protocol (VoIP) is transforming corporate and consumer communications

More information

- Basic Router Security -

- Basic Router Security - 1 Enable Passwords - Basic Router Security - The enable password protects a router s Privileged mode. This password can be set or changed from Global Configuration mode: Router(config)# enable password

More information

3. MONITORING AND TESTING THE ETHERNET NETWORK

3. MONITORING AND TESTING THE ETHERNET NETWORK 3. MONITORING AND TESTING THE ETHERNET NETWORK 3.1 Introduction The following parameters are covered by the Ethernet performance metrics: Latency (delay) the amount of time required for a frame to travel

More information

Scaling Next-Generation Firewalls with Citrix NetScaler

Scaling Next-Generation Firewalls with Citrix NetScaler Scaling Next-Generation Firewalls with Citrix NetScaler SOLUTION OVERVIEW Citrix NetScaler service and application delivery solutions are deployed in thousands of networks around the globe to optimize

More information

IBM QRadar Security Intelligence April 2013

IBM QRadar Security Intelligence April 2013 IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence

More information

Network Virtualization and Data Center Networks 263-3825-00 Data Center Virtualization - Basics. Qin Yin Fall Semester 2013

Network Virtualization and Data Center Networks 263-3825-00 Data Center Virtualization - Basics. Qin Yin Fall Semester 2013 Network Virtualization and Data Center Networks 263-3825-00 Data Center Virtualization - Basics Qin Yin Fall Semester 2013 1 Walmart s Data Center 2 Amadeus Data Center 3 Google s Data Center 4 Data Center

More information

Application Note Gigabit Ethernet Port Modes

Application Note Gigabit Ethernet Port Modes Application Note Gigabit Ethernet Port Modes Application Note Gigabit Ethernet Port Modes Table of Contents Description... 3 Benefits... 4 Theory of Operation... 4 Interaction with Other Features... 7

More information

Visio Enabled Solution: One-Click Switched Network Vision

Visio Enabled Solution: One-Click Switched Network Vision Visio Enabled Solution: One-Click Switched Network Vision Tim Wittwer, Senior Software Engineer Alan Delwiche, Senior Software Engineer March 2001 Applies to: All Microsoft Visio 2002 Editions All Microsoft

More information

Deploying IP Anycast. Core DNS Services for University of Minnesota Introduction and General discussion

Deploying IP Anycast. Core DNS Services for University of Minnesota Introduction and General discussion Deploying IP Anycast Core DNS Services for University of Minnesota Introduction and General discussion Agenda Deploying IPv4 anycast DNS What is ANYCAST Why is ANYCAST important? Monitoring and using ANYCAST

More information

Network Management and Monitoring Software

Network Management and Monitoring Software Page 1 of 7 Network Management and Monitoring Software Many products on the market today provide analytical information to those who are responsible for the management of networked systems or what the

More information

Content Switching Module for the Catalyst 6500 and Cisco 7600 Internet Router

Content Switching Module for the Catalyst 6500 and Cisco 7600 Internet Router Content Switching Module for the Catalyst 6500 and Cisco 7600 Internet Router Product Overview The Cisco Content Switching Module (CSM) is a Catalyst 6500 line card that balances client traffic to farms

More information

CHAPTER 2 MODELLING FOR DISTRIBUTED NETWORK SYSTEMS: THE CLIENT- SERVER MODEL

CHAPTER 2 MODELLING FOR DISTRIBUTED NETWORK SYSTEMS: THE CLIENT- SERVER MODEL CHAPTER 2 MODELLING FOR DISTRIBUTED NETWORK SYSTEMS: THE CLIENT- SERVER MODEL This chapter is to introduce the client-server model and its role in the development of distributed network systems. The chapter

More information

Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst

Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst INTEGRATED INTELLIGENCE CENTER Technical White Paper William F. Pelgrin, CIS President and CEO Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst This Center for Internet Security

More information

LAB THREE STATIC ROUTING

LAB THREE STATIC ROUTING LAB THREE STATIC ROUTING In this lab you will work with four different network topologies. The topology for Parts 1-4 is shown in Figure 3.1. These parts address router configuration on Linux PCs and a

More information

Scalable Linux Clusters with LVS

Scalable Linux Clusters with LVS Scalable Linux Clusters with LVS Considerations and Implementation, Part I Eric Searcy Tag1 Consulting, Inc. emsearcy@tag1consulting.com April 2008 Abstract Whether you are perusing mailing lists or reading

More information

Looking for Trouble: ICMP and IP Statistics to Watch

Looking for Trouble: ICMP and IP Statistics to Watch Looking for Trouble: ICMP and IP Statistics to Watch Laura Chappell, Senior Protocol Analyst Protocol Analysis Institute [lchappell@packet-level.com] www.packet-level.com www.podbooks.com HTCIA Member,

More information

Smart Tips. Enabling WAN Load Balancing. Key Features. Network Diagram. Overview. Featured Products. WAN Failover. Enabling WAN Load Balancing Page 1

Smart Tips. Enabling WAN Load Balancing. Key Features. Network Diagram. Overview. Featured Products. WAN Failover. Enabling WAN Load Balancing Page 1 Smart Tips Enabling WAN Load Balancing Overview Many small businesses today use broadband links such as DSL or Cable, favoring them over the traditional link such as T1/E1 or leased lines because of the

More information

Scalable Extraction, Aggregation, and Response to Network Intelligence

Scalable Extraction, Aggregation, and Response to Network Intelligence Scalable Extraction, Aggregation, and Response to Network Intelligence Agenda Explain the two major limitations of using Netflow for Network Monitoring Scalability and Visibility How to resolve these issues

More information

Secure Software Programming and Vulnerability Analysis

Secure Software Programming and Vulnerability Analysis Secure Software Programming and Vulnerability Analysis Christopher Kruegel chris@auto.tuwien.ac.at http://www.auto.tuwien.ac.at/~chris Operations and Denial of Service Secure Software Programming 2 Overview

More information

Introduction. The Inherent Unpredictability of IP Networks # $# #

Introduction. The Inherent Unpredictability of IP Networks # $# # Introduction " $ % & ' The Inherent Unpredictability of IP Networks A major reason that IP became the de facto worldwide standard for data communications networks is its automated resiliency based on intelligent

More information

A very short history of networking

A very short history of networking A New vision for network architecture David Clark M.I.T. Laboratory for Computer Science September, 2002 V3.0 Abstract This is a proposal for a long-term program in network research, consistent with the

More information

Networking and High Availability

Networking and High Availability yeah SecureSphere Deployment Note Networking and High Availability Imperva SecureSphere appliances support a broad array of deployment options, enabling seamless integration into any data center environment.

More information

Concierge SIEM Reporting Overview

Concierge SIEM Reporting Overview Concierge SIEM Reporting Overview Table of Contents Introduction... 2 Inventory View... 3 Internal Traffic View (IP Flow Data)... 4 External Traffic View (HTTP, SSL and DNS)... 5 Risk View (IPS Alerts

More information

Virtualized Domain Name System and IP Addressing Environments. White Paper September 2010

Virtualized Domain Name System and IP Addressing Environments. White Paper September 2010 Virtualized Domain Name System and IP Addressing Environments White Paper September 2010 Virtualized DNS and IP Addressing Environments As organizations initiate virtualization projects in their operating

More information

Network-based Modeling of Assets and Malicious Actors

Network-based Modeling of Assets and Malicious Actors Network-based Modeling of Assets and Malicious Actors Christopher Kruegel Computer Security Group MURI Meeting Santa Barbara, August 23-24, 2010 Motivation Thrust I: Obtaining an up-to-date view of the

More information

Understanding Slow Start

Understanding Slow Start Chapter 1 Load Balancing 57 Understanding Slow Start When you configure a NetScaler to use a metric-based LB method such as Least Connections, Least Response Time, Least Bandwidth, Least Packets, or Custom

More information

Host Discovery with nmap

Host Discovery with nmap Host Discovery with nmap By: Mark Wolfgang moonpie@moonpie.org November 2002 Table of Contents Host Discovery with nmap... 1 1. Introduction... 3 1.1 What is Host Discovery?... 4 2. Exploring nmap s Default

More information

12. Firewalls Content

12. Firewalls Content Content 1 / 17 12.1 Definition 12.2 Packet Filtering & Proxy Servers 12.3 Architectures - Dual-Homed Host Firewall 12.4 Architectures - Screened Host Firewall 12.5 Architectures - Screened Subnet Firewall

More information

Internet Control Protocols Reading: Chapter 3

Internet Control Protocols Reading: Chapter 3 Internet Control Protocols Reading: Chapter 3 ARP - RFC 826, STD 37 DHCP - RFC 2131 ICMP - RFC 0792, STD 05 1 Goals of Today s Lecture Bootstrapping an end host Learning its own configuration parameters

More information

CCNP SWITCH: Implementing High Availability and Redundancy in a Campus Network

CCNP SWITCH: Implementing High Availability and Redundancy in a Campus Network CCNP SWITCH: Implementing High Availability and Redundancy in a Campus Network Olga Torstensson SWITCHv6 1 Components of High Availability Redundancy Technology (including hardware and software features)

More information

TCP/IP Fundamentals. OSI Seven Layer Model & Seminar Outline

TCP/IP Fundamentals. OSI Seven Layer Model & Seminar Outline OSI Seven Layer Model & Seminar Outline TCP/IP Fundamentals This seminar will present TCP/IP communications starting from Layer 2 up to Layer 4 (TCP/IP applications cover Layers 5-7) IP Addresses Data

More information

CSE 4482 Computer Security Management: Assessment and Forensics. Protection Mechanisms: Firewalls

CSE 4482 Computer Security Management: Assessment and Forensics. Protection Mechanisms: Firewalls CSE 4482 Computer Security Management: Assessment and Forensics Protection Mechanisms: Firewalls Instructor: N. Vlajic, Fall 2013 Required reading: Management of Information Security (MIS), by Whitman

More information

Configuring Failover

Configuring Failover Configuring Failover 2015 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective

More information

Collecting information

Collecting information Mag. iur. Dr. techn. Michael Sonntag Collecting information E-Mail: sonntag@fim.uni-linz.ac.at http://www.fim.uni-linz.ac.at/staff/sonntag.htm Institute for Information Processing and Microprocessor Technology

More information

ARP and DNS. ARP entries are cached by network devices to save time, these cached entries make up a table

ARP and DNS. ARP entries are cached by network devices to save time, these cached entries make up a table ARP and DNS Both protocols do conversions of a sort, but the distinct difference is ARP is needed for packet transfers and DNS is not needed but makes things much easier. ARP Address Resolution Protocol

More information

Content Distribution Networks (CDNs)

Content Distribution Networks (CDNs) 229 Content Distribution Networks (CDNs) A content distribution network can be viewed as a global web replication. main idea: each replica is located in a different geographic area, rather then in the

More information

Superior Disaster Recovery with Radware s Global Server Load Balancing (GSLB) Solution

Superior Disaster Recovery with Radware s Global Server Load Balancing (GSLB) Solution Superior Disaster Recovery with Radware s Global Server Load Balancing (GSLB) Solution White Paper January 2012 Radware GSLB Solution White Paper Page 1 Table of Contents 1. EXECUTIVE SUMMARY... 3 2. GLOBAL

More information

Fundamentals of Windows Server 2008 Network and Applications Infrastructure

Fundamentals of Windows Server 2008 Network and Applications Infrastructure Fundamentals of Windows Server 2008 Network and Applications Infrastructure MOC6420 About this Course This five-day instructor-led course introduces students to network and applications infrastructure

More information

Networking Overview. (as usual, thanks to Dave Wagner and Vern Paxson)

Networking Overview. (as usual, thanks to Dave Wagner and Vern Paxson) Networking Overview (as usual, thanks to Dave Wagner and Vern Paxson) Focus For This Lecture Sufficient background in networking to then explore security issues in next few lectures Networking = the Internet

More information

PIX/ASA: Transparent Firewall Configuration Example

PIX/ASA: Transparent Firewall Configuration Example PIX/ASA: Transparent Firewall Configuration Example Document ID: 97853 Contents Introduction Prerequisites Requirements Components Used Related Products Conventions Transparent Firewall Guidelines Allowed

More information

Leveraging Best Practices for SolarWinds IP Address Manager

Leveraging Best Practices for SolarWinds IP Address Manager Leveraging Best Practices for SolarWinds IP Address Manager Share: Leveraging Best Practices for SolarWinds IPAM SolarWinds IP Address Manager (IPAM) is a comprehensive IP address management solution that

More information

Network Security. Network Packet Analysis

Network Security. Network Packet Analysis Network Security Network Packet Analysis Module 3 Keith A. Watson, CISSP, CISA IA Research Engineer, CERIAS kaw@cerias.purdue.edu 1 Network Packet Analysis Definition: Examining network packets to determine

More information

LinkProof DNS Quick Start Guide

LinkProof DNS Quick Start Guide LinkProof DNS Quick Start Guide TABLE OF CONTENTS 1 INTRODUCTION...3 2 SIMPLE SCENARIO SINGLE LINKPROOF WITH EXTERNAL SOA...3 3 MODIFYING DNS ON THE EXTERNAL SOA...4 3.1 REFERRING THE A RECORD RESOLUTION

More information

F5 Configuring BIG-IP Local Traffic Manager (LTM) - V11. Description

F5 Configuring BIG-IP Local Traffic Manager (LTM) - V11. Description F5 Configuring BIG-IP Local Traffic Manager (LTM) - V11 Description This four-day course gives networking professionals a functional understanding of the BIG-IP LTM v11 system as it is commonly used, as

More information

Distributed Denial of Service Attack Tools

Distributed Denial of Service Attack Tools Distributed Denial of Service Attack Tools Introduction: Distributed Denial of Service Attack Tools Internet Security Systems (ISS) has identified a number of distributed denial of service tools readily

More information

Firewalls P+S Linux Router & Firewall 2013

Firewalls P+S Linux Router & Firewall 2013 Firewalls P+S Linux Router & Firewall 2013 Firewall Techniques What is a firewall? A firewall is a hardware or software device which is configured to permit, deny, or proxy data through a computer network

More information