Moving Target Defense for IP-based Control
|
|
- Sheena Shelton
- 7 years ago
- Views:
Transcription
1 Moving Target Defense for IP-based Control Vahid Heydari University of Alabama in Huntsville
2 Outline IP-based Control Remote attacks and zero-day vulnerability Moving target defense Related work Mobile IPv6 and route optimization MTM6D Implementation of MTM6D
3 Why use IP for Remote Control? Faster communication Scalability Large number of off-the-shelf test and simulation applications Remote connection capability through satellites using the Internet
4 IP-based Control
5 Boeing Uninterruptible Autopilot Take control of an aircraft away from the pilot or flight crew in the event of a hijacking through wireless connection between the aircraft and a ground station. prevent tragic events such as the 9/11 attack, the Malaysia Airlines flight 370 crash, or the Germanwings flight 9525 crash. Problem: The technology would allow cyberterrorists to hack into an airliner s controls.
6 Remote Attacks Attack from unlimited distance Two main categories: Denial-of-Service (DoS) attacks Remote exploits Take advantage of a bug or vulnerability Countermeasure IPsec Intrusion Detection and Prevention Systems (IDPS) Firewall Vulnerability scanner (Nessus) Penetration testing (Metasploit)
7 Zero-Day Vulnerability Undisclosed and uncorrected computer application vulnerability that could be exploited. Zero-day exploits can defeat the best firewalls and IDPSs. Knowing the IP address of a victim is enough to attack.
8 Moving Target Defense The first step of cyber-attacks: finding information about attack surface IP scanning, port scanning, etc. Solution: changing randomly some of the features of the attack surface Static IP addresses: Easily discoverable Long time access A mechanism to change the IP addresses randomly and dynamically is Moving Target Defense (MTD)
9 MT6D (Related Work) Proactive network layer MTD Rapidly changes IPv6 mid-session without dropping sessions. Peers use the same algorithm with pre-shared symmetric key Generate a random IPv6 per each time interval based on the MAC address as input. Use the peer s MAC address as input to find the peer s IP during the current time interval. Encapsulated by UDP
10 Limitations of MT6D Possibility of packet loss because of address collision For example lack of access to an aircraft, that is in uninterruptible autopilot, during 10 seconds could make a disaster. Key management limitation Relatively tight time synchronization is needed Static address rotation interval
11 Our Approach Static IP is needed to be transparent to the upper layers. Should not be accessible through the Internet. Dynamic IP is needed for connecting to other nodes. Changing the dynamic IP should not cause any delay or packet loss in the network. A mechanism is needed to update peer nodes with the new IP. Add capability of having dynamic address rotation interval. Combination of standard protocols should be used instead of creating a new protocol because: New protocol can add new vulnerabilities to the system. New protocols may have security or scalability problems. Avoid adding new requirements like time synchronization.
12 Mobile IPv6 Overview (RFC 6275) Mobile Node (MN) Home Agent (HA): Acts on behalf of MN (like a proxy) Home address (HoA): Permanent IP of MN typically attached to the HA Care-of-address (CoA): Actual IP that MN uses while in a foreign network Corresponding Node (CN): A node that MN is communicating with Binding Update (BU) message: Updating the HA and correspondent nodes with MN s current CoA Image source: Q. Li, T. Jinmei and K. Shima, IPv6 advanced protocols implementation. Amsterdam: Elsevier/Morgan Kaufmann Publishers, 2007.
13 Route Optimization (RFC 6275) Routing packets between a MN and a CN using the shortest possible path Return routability procedure Home Test: Verify the "right" of the MN to use a specific HoA Care-of Test: Verify the validity of the claimed CoA Image source: Q. Li, T. Jinmei and K. Shima, IPv6 advanced protocols implementation. Amsterdam: Elsevier/Morgan Kaufmann Publishers, 2007.
14 Route Optimization (RFC 4449) Static shared key method Uses a shared symmetric key to omit all messages relating to the return routability tests. Pros: HA is not needed in this process. Low signaling overhead for route optimization. Cons: The CN should have a good reason to trust the actions of the MN. (trust the peer or use Care-of Test) Shared symmetric keys between a MN and each CN are needed. (solved by IPsec + IKEv2) Cannot resist against replay attacks. (solved by IPsec + IKEv2)
15 Moving Target Mobile IPv6 Defense (MTM6D) Use a permanent IP (HoA) to avoid disrupting TCP sessions and a temporary IP for connecting to other nodes (CoA) as explained in Mobile IPv6. Each peer acts like a mobile node of Mobile IPv6. MTM6D dynamically changes the CoA for moving targets. Permanent home address is not accessible through the Internet because we do not have any HA in the network.
16 IP Address Rotator Script Randomly generate a new IP address as the CoA of the MN. Create a random 64 bits address Combine it with the highest significant 64 bits of current CoA to generate the new CoA. This new CoA is checked to be unoccupied by sending a neighbor solicitation message before registering it. Regenerate a new CoA if address collision is occurred. Remove the previous CoA after registering the new CoA. According to the Mobile IPv6, each MN will send the BU message to another MN to inform it of its new CoA.
17 Peer-to-Peer Lossless MTM6D Dynamic IPs on both peers (MN-to-MN communication). Send Binding Updates directly to the peer node s CoA. Solution for IP-based control: Dynamic IPs on both peers Zero packet loss by Multiple CoAs Security by IPsec
18 Implementation
19 Implementation (cont d)
20 Conclusion A novel mobile IPv6 based moving target defense strategy is designed to continuously change IP addresses such that attackers are difficult to find them. Zero extra network delay Zero packet loss Overhead: Signaling overhead: Each round of changing IP needs two message transmissions at each MN (BU and BA messages) with each being 158 bytes (using IPsec). Transmission overhead: For each data packet, we have 24 bytes of overhead due to the use of IPsec (ESP).
21 References P. K. Manadhata and J. M. Wing, An Attack Surface Metric, IEEE Trans. Softw. Eng., vol. 37, no. 3, pp , May 2011 M. Dunlop, S. Groat, W. Urbanski, R. Marchany, and J. Tront, MT6D: A Moving Target IPv6 Defense, in Proceedings of Military Communications Conference - MILCOM 2011, 2011, pp E. D. Brown, D. C. Cameron, K. R. Krothapalli, W. v. K. Jr, and T. M. Williams, System and method for automatically controlling a path of travel of a vehicle, U.S. Patent US B2, Nov., 2006, [Online]. Available: V. Heydari and S.M. Yoo. Securing Critical Infrastructure by Moving Target Defense. 11 th International Conference on Cyber Warfare and Security, (ICCWS 2016). V. Heydari, S. Kim, and S.M. Yoo. Anti-Censorship Framework using Mobile IPv6 based Moving Target Defense. In Proceedings of ACM 11 th Annual Cyber and Information Security Research, (CISR 2016). V. Heydari, S. Kim, and S.M. Yoo. Secure VPN using Mobile IPv6 based Moving Target Defense. Submitted to IEEE GLOBECOM V. Heydari and S.M. Yoo. Preventing Remote Cyber Attacks against Aircraft Avionics Systems. Submitted to IEEE MILCOM 2016.
22 Thank you! QUESTIONS?
REDUCING PACKET OVERHEAD IN MOBILE IPV6
REDUCING PACKET OVERHEAD IN MOBILE IPV6 ABSTRACT Hooshiar Zolfagharnasab 1 1 Department of Computer Engineering, University of Isfahan, Isfahan, Iran hoppico@eng.ui.ac.ir hozo19@gmail.com Common Mobile
More information5.0 Network Architecture. 5.1 Internet vs. Intranet 5.2 NAT 5.3 Mobile Network
5.0 Network Architecture 5.1 Internet vs. Intranet 5.2 NAT 5.3 Mobile Network 1 5.1The Internet Worldwide connectivity ISPs connect private and business users Private: mostly dial-up connections Business:
More informationVPN. Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu
VPN Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu What is VPN? A VPN (virtual private network) is a private data network that uses public telecommunicating infrastructure (Internet), maintaining
More informationMobile Internet Protocol v6 MIPv6
Mobile Internet Protocol v6 MIPv6 A brief introduction Holger.Zuleger@hznet.de 13-dec-2005 Holger Zuleger 1/15 > c Defined by MIPv6 RFC3775: Mobility Support in IPv6 (June 2004) RFC3776: Using IPsec to
More informationEarly Binding Updates for Mobile IPv6
Early Binding Updates for Mobile IPv6 Christian Vogt, chvogt@tm.uka.de Roland Bless, bless@tm.uka.de Mark Doll, doll@tm.uka.de Tobias Küfner, kuefner@tm.uka.de IEEE Wireless and Communications and Networking
More informationMPLS VPN in Cellular Mobile IPv6 Architectures(04##017)
MPLS VPN in Cellular Mobile IPv6 Architectures(04##017) Yao-Chung Chang, Han-Chieh Chao, K.M. Liu and T. G. Tsuei* Department of Electrical Engineering, National Dong Hwa University Hualien, Taiwan, Republic
More informationMobile IP Part I: IPv4
Mobile IP Part I: IPv4 Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu These slides are available on-line at: http://www.cse.wustl.edu/~jain/cse574-06/ 12-1 q Mobile
More informationIntroducing Reliability and Load Balancing in Mobile IPv6 based Networks
Introducing Reliability and Load Balancing in Mobile IPv6 based Networks Jahanzeb Faizan Southern Methodist University Dallas, TX, USA jfaizan@engr.smu.edu Hesham El-Rewini Southern Methodist University
More informationIntroduction to Mobile IPv6
1 Introduction to Mobile IPv6 III IPv6 Global Summit Moscow Dr. Dimitrios Kalogeras dkalo@grnet.gr GRNET Outline Introduction Relevant Features of IPv6 Major Differences between MIPv4 and MIPv6 Mobile
More informationPríprava štúdia matematiky a informatiky na FMFI UK v anglickom jazyku
Univerzita Komenského v Bratislave Fakulta matematiky, fyziky a informatiky Príprava štúdia matematiky a informatiky na FMFI UK v anglickom jazyku ITMS: 26140230008 dopytovo orientovaný projekt Moderné
More informationAn Active Network Based Hierarchical Mobile Internet Protocol Version 6 Framework
An Active Network Based Hierarchical Mobile Internet Protocol Version 6 Framework Zutao Zhu Zhenjun Li YunYong Duan Department of Business Support Department of Computer Science Department of Business
More informationAPNIC elearning: IPSec Basics. Contact: training@apnic.net. esec03_v1.0
APNIC elearning: IPSec Basics Contact: training@apnic.net esec03_v1.0 Overview Virtual Private Networks What is IPsec? Benefits of IPsec Tunnel and Transport Mode IPsec Architecture Security Associations
More informationSERVICE DISCOVERY AND MOBILITY MANAGEMENT
Objectives: 1) Understanding some popular service discovery protocols 2) Understanding mobility management in WLAN and cellular networks Readings: 1. Fundamentals of Mobile and Pervasive Computing (chapt7)
More informationMobile Routing. When a host moves, its point of attachment in the network changes. This is called a handoff.
Mobile Routing Basic Notions of Mobility When a host moves, its point of attachment in the changes. This is called a handoff. The point of attachment is a base station (BS) for cellular, or an access point
More informationChapter 9. IP Secure
Chapter 9 IP Secure 1 Network architecture is usually explained as a stack of different layers. Figure 1 explains the OSI (Open System Interconnect) model stack and IP (Internet Protocol) model stack.
More informationInternet Architecture for Robust Mobility. Sangheon Pack (백상헌) Korea University shpack@korea.ac.kr
Internet Architecture for Robust Mobility Sangheon Pack (백상헌) Korea University shpack@korea.ac.kr Contents Introduction IETF Activity Home Agent Reliability Protocol P2P-based Approaches ROAM and SAMP
More informationKeywords: VoIP, Mobile convergence, NGN networks
VoIP Mobility Issues Gábor Bányász, Renáta Iváncsy Department of Automation and Applied Informatics and HAS-BUTE Control Research Group Budapest University of Technology and Economics Goldmann Gy. tér
More informationSecurity of IPv6 and DNSSEC for penetration testers
Security of IPv6 and DNSSEC for penetration testers Vesselin Hadjitodorov Master education System and Network Engineering June 30, 2011 Agenda Introduction DNSSEC security IPv6 security Conclusion Questions
More informationMobility Management 嚴 力 行 高 雄 大 學 資 工 系
Mobility Management 嚴 力 行 高 雄 大 學 資 工 系 Mobility Management in Cellular Systems Cellular System HLR PSTN MSC MSC VLR BSC BSC BSC cell BTS BTS BTS BTS MT BTS BTS BTS BTS HLR and VLR HLR (Home Location Register)
More information13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode
13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) PPP-based remote access using dial-in PPP encryption control protocol (ECP) PPP extensible authentication protocol (EAP) 13.2 Layer 2/3/4
More information6 Mobility Management
Politecnico di Milano Facoltà di Ingegneria dell Informazione 6 Mobility Management Reti Mobili Distribuite Prof. Antonio Capone Introduction Mobility management allows a terminal to change its point of
More informationIPv6 SECURITY. May 2011. The Government of the Hong Kong Special Administrative Region
IPv6 SECURITY May 2011 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without the express
More informationEarly Binding Updates and Credit-Based Authorization A Status Update
Status update New drafts Implementation Experimentation results Early Binding Updates and Credit-Based Authorization A Status Update Why Do We Need Enhancement? Mobile IPv6 Route Optimization uses return-routability
More informationPerformance Evaluation of a QoS-Aware Handover Mechanism
Performance Evaluation of a QoS-Aware Handover Mechanism 1.Introduction Background Requirements in mobile communication Seamless mobility support Guarantee certain levels of QoS Mobile communications over
More informationSHISA: The IPv6 Mobility Framework for BSD Operating Systems
SHISA: The IPv6 Mobility Framework for BSD Operating Systems Keiichi Shima Internet Initiative Japan Inc. Ryuji Wakikawa, Koshiro Mitsuya, Keisuke Uehara Keio University Tsuyoshi Momose NEC Corporation
More informationNetwork Security Administrator
Network Security Administrator Course ID ECC600 Course Description This course looks at the network security in defensive view. The ENSA program is designed to provide fundamental skills needed to analyze
More informationEnhancing network security with SDN
11.4.2014 Overview Security in Traditional Networks SDN Security Solutions Ethane OpenFlow Random Host Mutation Security of SDN Potential Threats Possible Solutions Enterprise and Campus Networks Networks
More informationNetwork Security Part II: Standards
Network Security Part II: Standards Raj Jain Washington University Saint Louis, MO 63131 Jain@cse.wustl.edu These slides are available on-line at: http://www.cse.wustl.edu/~jain/cse473-05/ 18-1 Overview
More informationBoosting mobility performance with Multi-Path TCP
Boosting mobility performance with Multi-Path TCP Name SURNAME 1, Name SURNAME 2 1 Organisation, Address, City, Postcode, Country Tel: +countrycode localcode number, Fax: + countrycode localcode number,
More informationAppendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003
http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with
More information21.4 Network Address Translation (NAT) 21.4.1 NAT concept
21.4 Network Address Translation (NAT) This section explains Network Address Translation (NAT). NAT is also known as IP masquerading. It provides a mapping between internal IP addresses and officially
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationSECURE DATA TRANSMISSION USING INDISCRIMINATE DATA PATHS FOR STAGNANT DESTINATION IN MANET
SECURE DATA TRANSMISSION USING INDISCRIMINATE DATA PATHS FOR STAGNANT DESTINATION IN MANET MR. ARVIND P. PANDE 1, PROF. UTTAM A. PATIL 2, PROF. B.S PATIL 3 Dept. Of Electronics Textile and Engineering
More informationMobility Management Advanced
Mobility Management Advanced Summer Semester 2011 Integrated Communication Systems Group Ilmenau University of Technology Outline Motivation Mobility Management Approaches in the TCP/IP Reference Model
More informationEntropy-Based Collaborative Detection of DDoS Attacks on Community Networks
Entropy-Based Collaborative Detection of DDoS Attacks on Community Networks Krishnamoorthy.D 1, Dr.S.Thirunirai Senthil, Ph.D 2 1 PG student of M.Tech Computer Science and Engineering, PRIST University,
More informationBehavior Analysis of TCP Traffic in Mobile Ad Hoc Network using Reactive Routing Protocols
Behavior Analysis of TCP Traffic in Mobile Ad Hoc Network using Reactive Routing Protocols Purvi N. Ramanuj Department of Computer Engineering L.D. College of Engineering Ahmedabad Hiteishi M. Diwanji
More informationG.Vijaya kumar et al, Int. J. Comp. Tech. Appl., Vol 2 (5), 1413-1418
An Analytical Model to evaluate the Approaches of Mobility Management 1 G.Vijaya Kumar, *2 A.Lakshman Rao *1 M.Tech (CSE Student), Pragati Engineering College, Kakinada, India. Vijay9908914010@gmail.com
More informationOutline. CSc 466/566. Computer Security. 18 : Network Security Introduction. Network Topology. Network Topology. Christian Collberg
Outline Network Topology CSc 466/566 Computer Security 18 : Network Security Introduction Version: 2012/05/03 13:59:29 Department of Computer Science University of Arizona collberg@gmail.com Copyright
More informationProtocol Security Where?
IPsec: AH and ESP 1 Protocol Security Where? Application layer: (+) easy access to user credentials, extend without waiting for OS vendor, understand data; (-) design again and again; e.g., PGP, ssh, Kerberos
More informationIT 3202 Internet Working (New)
[All Rights Reserved] SLIATE SRI LANKA INSTITUTE OF ADVANCED TECHNOLOGICAL EDUCATION (Established in the Ministry of Higher Education, vide in Act No. 29 of 1995) Instructions for Candidates: Answer any
More informationCourse Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)
Page 1 of 6 Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits) TNCC Cybersecurity Program web page: http://tncc.edu/programs/cyber-security Course Description: Encompasses
More informationMobility on IPv6 Networks
Mobility on IPv6 Networks Pedro M. Ruiz Project Manager Agora Systems S.A. Global IPv6 Summit Madrid 13-15 March 2002 Pedro M. Ruiz (c) Agora Systems S.A, 2002 1 Outline Motivation MIPv6 architecture MIPv6
More informationIP Security. IPSec, PPTP, OpenVPN. Pawel Cieplinski, AkademiaWIFI.pl. MUM Wroclaw
IP Security IPSec, PPTP, OpenVPN Pawel Cieplinski, AkademiaWIFI.pl MUM Wroclaw Introduction www.akademiawifi.pl WCNG - Wireless Network Consulting Group We are group of experienced professionals. Our company
More informationInternet Firewall CSIS 4222. Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS 4222. net15 1. Routers can implement packet filtering
Internet Firewall CSIS 4222 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 27: Internet Routing Ch 30: Packet filtering & firewalls
More informationWireless Networks: Network Protocols/Mobile IP
Wireless Networks: Network Protocols/Mobile IP Mo$va$on Data transfer Encapsula$on Security IPv6 Problems DHCP Adapted from J. Schiller, Mobile Communications 1 Mo$va$on for Mobile IP Rou$ng based on IP
More informationResearch Article A Two-Layered Mobility Architecture Using Fast Mobile IPv6 and Session Initiation Protocol
Hindawi Publishing Corporation EURA Journal on Wireless Communications and Networking Volume 2008, Article ID 348594, 8 pages doi:10.1155/2008/348594 Research Article A Two-Layered Mobility Architecture
More informationLecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References
Lecture Objectives Wireless Networks and Mobile Systems Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks Introduce security vulnerabilities and defenses Describe security functions
More informationSecurity vulnerabilities in the Internet and possible solutions
Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in
More informationMOBILITY SUPPORT USING INTELLIGENT USER SHADOWS FOR NEXT-GENERATION WIRELESS NETWORKS
MOBILITY SUPPORT USING INTELLIGENT USER SADOWS FOR NEXT-GENERATION WIRELESS NETWORKS Gergely V. Záruba, Wei Wu, Mohan J. Kumar, Sajal K. Das enter for Research in Wireless Mobility and Networking Department
More informationProvider-Based Deterministic Packet Marking against Distributed DoS Attacks
Provider-Based Deterministic Packet Marking against Distributed DoS Attacks Vasilios A. Siris and Ilias Stavrakis Institute of Computer Science, Foundation for Research and Technology - Hellas (FORTH)
More informationThwarting Selective Insider Jamming Attacks in Wireless Network by Delaying Real Time Packet Classification
Thwarting Selective Insider Jamming Attacks in Wireless Network by Delaying Real Time Packet Classification LEKSHMI.M.R Department of Computer Science and Engineering, KCG College of Technology Chennai,
More informationXPROBE-NG. What s new with upcoming version of the tool. Fyodor Yarochkin Armorize Technologies
XPROBE-NG What s new with upcoming version of the tool Fyodor Yarochkin Armorize Technologies Abstract Attacks trends analysis and network modern discovery requirements lazy scanning, application level
More information7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?
7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk
More informationEthernet. Ethernet Frame Structure. Ethernet Frame Structure (more) Ethernet: uses CSMA/CD
Ethernet dominant LAN technology: cheap -- $20 for 100Mbs! first widely used LAN technology Simpler, cheaper than token rings and ATM Kept up with speed race: 10, 100, 1000 Mbps Metcalfe s Etheret sketch
More informationDDOS WALL: AN INTERNET SERVICE PROVIDER PROTECTOR
Journal homepage: www.mjret.in DDOS WALL: AN INTERNET SERVICE PROVIDER PROTECTOR Maharudra V. Phalke, Atul D. Khude,Ganesh T. Bodkhe, Sudam A. Chole Information Technology, PVPIT Bhavdhan Pune,India maharudra90@gmail.com,
More informationCS335 Sample Questions for Exam #2
CS335 Sample Questions for Exam #2.) Compare connection-oriented with connectionless protocols. What type of protocol is IP? How about TCP and UDP? Connection-oriented protocols Require a setup time to
More informationOn the Design of Mobility Management Scheme for 802.16-based Network Environment
On the Design of obility anagement Scheme for 802.16-based Network Environment Junn-Yen Hu and Chun-Chuan Yang ultimedia and Communications Laboratory Department of Computer Science and Information Engineering
More informationMobility Management for Vehicular Ad Hoc Networks
Mobility Management for Vehicular Ad Hoc Networks Marc Bechler, Lars Wolf Institute of Operating Systems and Computer Networks Technische Universität Braunschweig, Germany Email: [bechler, wolf]@ibr.cs.tu-bs.de
More informationBit Chat: A Peer-to-Peer Instant Messenger
Bit Chat: A Peer-to-Peer Instant Messenger Shreyas Zare shreyas@technitium.com https://technitium.com December 20, 2015 Abstract. Bit Chat is a peer-to-peer instant messaging concept, allowing one-to-one
More informationUsing IPsec VPN to provide communication between offices
Using IPsec VPN to provide communication between offices This example provides secure, transparent communication between two FortiGates located at different offices using route-based IPsec VPN. In this
More informationNetwork Access Control and Cloud Security
Network Access Control and Cloud Security Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
More informationNetworked AV Systems Pretest
Networked AV Systems Pretest Instructions Choose the best answer for each question. Score your pretest using the key on the last page. If you miss three or more out of questions 1 11, consider taking Essentials
More informationEC-Council Network Security Administrator (ENSA) Duration: 5 Days Method: Instructor-Led
EC-Council Network Security Administrator (ENSA) Duration: 5 Days Method: Instructor-Led Certification: ENSA Exam 312-38 Course Description This course looks at the network security in defensive view.
More informationHandover Management based on the Number of Retries for VoIP on WLANs
Handover Management based on the Number of Retries for VoIP on WLANs Shigeru Kashihara Yuji Oie Department of Computer Science and Electronics, Kyushu Institute of Technology Kawazu 68-4, Iizuka, 82-852
More informationA Proxy Mobile IP based Layer-3 Handover Scheme for Mobile WiMAX based Wireless Mesh Networks
A Proxy Mobile IP based Layer-3 Handover Scheme for Mobile WiMAX based Wireless Mesh Networks Min-Kim, Jong-min Kim, Hwa-sung Kim Dept. of Electronics and Communications Engineering Kwangwoon University
More informationQuality-of-Service Support for Mobile Users using NSIS Roland Bless, Martin Röhricht Networking 2009, Aachen
Quality-of-Service Support for Mobile Users using NSIS Roland Bless, Martin Röhricht Motivation 1 More and more resource demanding Internet applications and multimedia streams video broadcasts, Voice-over-IP,
More informationTomás P. de Miguel DIT-UPM. dit UPM
Tomás P. de Miguel DIT- 15 12 Internet Mobile Market Phone.com 15 12 in Millions 9 6 3 9 6 3 0 1996 1997 1998 1999 2000 2001 0 Wireless Internet E-mail subscribers 2 (January 2001) Mobility The ability
More informationSecurity issues with Mobile IP
Technical report, IDE1107, February 2011 Security issues with Mobile IP Master s Thesis in Computer Network Engineering Abdel Rahman Alkhawaja & Hatem Sheibani School of Information Science, Computer and
More informationInternet, Part 2. 1) Session Initiating Protocol (SIP) 2) Quality of Service (QoS) support. 3) Mobility aspects (terminal vs. personal mobility)
Internet, Part 2 1) Session Initiating Protocol (SIP) 2) Quality of Service (QoS) support 3) Mobility aspects (terminal vs. personal mobility) 4) Mobile IP Session Initiation Protocol (SIP) SIP is a protocol
More informationPost-Class Quiz: Telecommunication & Network Security Domain
1. What type of network is more likely to include Frame Relay, Switched Multi-megabit Data Services (SMDS), and X.25? A. Local area network (LAN) B. Wide area network (WAN) C. Intranet D. Internet 2. Which
More informationA NOVEL OVERLAY IDS FOR WIRELESS SENSOR NETWORKS
A NOVEL OVERLAY IDS FOR WIRELESS SENSOR NETWORKS Sumanta Saha, Md. Safiqul Islam, Md. Sakhawat Hossen School of Information and Communication Technology The Royal Institute of Technology (KTH) Stockholm,
More informationMobile IP Network Layer Lesson 02 TCP/IP Suite and IP Protocol
Mobile IP Network Layer Lesson 02 TCP/IP Suite and IP Protocol 1 TCP/IP protocol suite A suite of protocols for networking for the Internet Transmission control protocol (TCP) or User Datagram protocol
More informationCS 5480/6480: Computer Networks Spring 2012 Homework 4 Solutions Due by 1:25 PM on April 11 th 2012
CS 5480/6480: Computer Networks Spring 2012 Homework 4 Solutions Due by 1:25 PM on April 11 th 2012 Important: The solutions to the homework problems from the course book have been provided by the authors.
More informationNetwork Security: A Practical Approach. Jan L. Harrington
Network Security: A Practical Approach Jan L. Harrington ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Morgan Kaufmann is an imprint of
More informationPerformance Evaluation of AODV, OLSR Routing Protocol in VOIP Over Ad Hoc
(International Journal of Computer Science & Management Studies) Vol. 17, Issue 01 Performance Evaluation of AODV, OLSR Routing Protocol in VOIP Over Ad Hoc Dr. Khalid Hamid Bilal Khartoum, Sudan dr.khalidbilal@hotmail.com
More informationIntroduction to Security and PIX Firewall
Introduction to Security and PIX Firewall Agenda Dag 28 Föreläsning LAB PIX Firewall VPN A Virtual Private Network (VPN) is a service offering secure, reliable connectivity over a shared, public network
More informationReliable Multicast Protocol with Packet Forwarding in Wireless Internet
Reliable Multicast Protocol with Packet Forwarding in Wireless Internet Taku NOGUCHI, Toru YOSHIKAWA and Miki YAMAMOTO College of Information Science and Engineering, Ritsumeikan University 1-1-1, Nojihigashi,
More informationNetwork Layer: Network Layer and IP Protocol
1 Network Layer: Network Layer and IP Protocol Required reading: Garcia 7.3.3, 8.1, 8.2.1 CSE 3213, Winter 2010 Instructor: N. Vlajic 2 1. Introduction 2. Router Architecture 3. Network Layer Protocols
More informationComputer Networks. Wireless and Mobile Networks. László Böszörményi Computer Networks Mobile - 1
Computer Networks Wireless and Mobile Networks László Böszörményi Computer Networks Mobile - 1 Background Number of wireless (mobile) phone subscribers now exceeds number of wired phone subscribers! Computer
More informationOF-RHM: Transparent Moving Target Defense using Software Defined Networking
OF-RHM: Transparent Moving Target Defense using Software Defined Networking Haadi Jafarian, Qi Duan and Ehab Al-Shaer ACM SIGCOMM HotSDN Workshop August 2012 Helsinki, Finland Why IP Mutation Static assignment
More informationMobile IP. Bheemarjuna Reddy Tamma IIT Hyderabad. Source: Slides of Charlie Perkins and Geert Heijenk on Mobile IP
Mobile IP Bheemarjuna Reddy Tamma IIT Hyderabad Source: Slides of Charlie Perkins and Geert Heijenk on Mobile IP IP Refresher Mobile IP Basics 3 parts of Mobile IP: Outline Advertising Care-of Addresses
More informationInternet Control Protocols Reading: Chapter 3
Internet Control Protocols Reading: Chapter 3 ARP - RFC 826, STD 37 DHCP - RFC 2131 ICMP - RFC 0792, STD 05 1 Goals of Today s Lecture Bootstrapping an end host Learning its own configuration parameters
More informationNETWORK SECURITY (W/LAB) Course Syllabus
6111 E. Skelly Drive P. O. Box 477200 Tulsa, OK 74147-7200 NETWORK SECURITY (W/LAB) Course Syllabus Course Number: NTWK-0008 OHLAP Credit: Yes OCAS Code: 8131 Course Length: 130 Hours Career Cluster: Information
More informationEthernet. Ethernet. Network Devices
Ethernet Babak Kia Adjunct Professor Boston University College of Engineering ENG SC757 - Advanced Microprocessor Design Ethernet Ethernet is a term used to refer to a diverse set of frame based networking
More informationCS5008: Internet Computing
CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is
More informationComparison of Various Passive Distributed Denial of Service Attack in Mobile Adhoc Networks
Comparison of Various Passive Distributed Denial of Service in Mobile Adhoc Networks YOGESH CHABA #, YUDHVIR SINGH, PRABHA RANI Department of Computer Science & Engineering GJ University of Science & Technology,
More informationHow To Improve Alancom Vpn On A Pc Or Mac Or Ipad (For A Laptop) With A Network Card (For Ipad) With An Ipad Or Ipa (For An Ipa) With The Ipa 2.
Information regarding LANCOM Advanced VPN Client 2.31 Copyright (c) 2002-2013 LANCOM Systems GmbH, Wuerselen (Germany) LANCOM Systems GmbH does not take any guarantee and liability for software not developed,
More informationCourse Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.
Course Name: TCP/IP Networking Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network. TCP/IP is the globally accepted group of protocols
More informationCisco Integrated Services Routers Performance Overview
Integrated Services Routers Performance Overview What You Will Learn The Integrated Services Routers Generation 2 (ISR G2) provide a robust platform for delivering WAN services, unified communications,
More informationSCADA SYSTEMS AND SECURITY WHITEPAPER
SCADA SYSTEMS AND SECURITY WHITEPAPER Abstract: This paper discusses some of the options available to companies concerned with the threat of cyber attack on their critical infrastructure, who as part of
More informationProxy Mobile IPv6-Based Handovers for VoIP Services in Wireless Heterogeneous Networks
IACSIT International Journal of Engineering and Technology, Vol. 4, No. 5, October 12 Proxy Mobile IPv6-Based Handovers for VoIP Services in Wireless Heterogeneous Networks N. P. Singh and Brahmjit Singh
More information... Lecture 10. Network Security I. Information & Communication Security (WS 2014) Prof. Dr. Kai Rannenberg
Lecture 10 Network Security I Information & Communication Security (WS 2014) Prof. Dr. Kai Rannenberg T-Mobile Chair of Mobile Business & Multilateral Security Goethe University Frankfurt a. M. Introduction
More informationLANs. Local Area Networks. via the Media Access Control (MAC) SubLayer. Networks: Local Area Networks
LANs Local Area Networks via the Media Access Control (MAC) SubLayer 1 Local Area Networks Aloha Slotted Aloha CSMA (non-persistent, 1-persistent, p-persistent) CSMA/CD Ethernet Token Ring 2 Network Layer
More information60467 Project 1. Net Vulnerabilities scans and attacks. Chun Li
60467 Project 1 Net Vulnerabilities scans and attacks Chun Li Hardware used: Desktop PC: Windows Vista service pack Service Pack 2 v113 Intel Core 2 Duo 3GHz CPU, 4GB Ram, D-Link DWA-552 XtremeN Desktop
More informationIPv6 Security Best Practices. Eric Vyncke evyncke@cisco.com Distinguished System Engineer
IPv6 Best Practices Eric Vyncke evyncke@cisco.com Distinguished System Engineer security 2007 Cisco Systems, Inc. All rights reserved. Cisco CPub 1 Agenda Shared Issues by IPv4 and IPv6 Specific Issues
More informationA Review on Zero Day Attack Safety Using Different Scenarios
Available online www.ejaet.com European Journal of Advances in Engineering and Technology, 2015, 2(1): 30-34 Review Article ISSN: 2394-658X A Review on Zero Day Attack Safety Using Different Scenarios
More informationIPsec Details 1 / 43. IPsec Details
Header (AH) AH Layout Other AH Fields Mutable Parts of the IP Header What is an SPI? What s an SA? Encapsulating Security Payload (ESP) ESP Layout Padding Using ESP IPsec and Firewalls IPsec and the DNS
More informationSecuring Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.
Securing Modern Substations With an Open Standard Network Security Solution Kevin Leech Schweitzer Engineering Laboratories, Inc. Copyright SEL 2009 What Makes a Cyberattack Unique? While the resources
More informationAERONAUTICAL COMMUNICATIONS PANEL (ACP) ATN and IP
AERONAUTICAL COMMUNICATIONS PANEL (ACP) Working Group I - 7 th Meeting Móntreal, Canada 2 6 June 2008 Agenda Item x : ATN and IP Information Paper Presented by Naoki Kanada Electronic Navigation Research
More informationSchool of Computer Science
Cost and Scalability Analysis of Mobility Management Entities of NEMO Md. Shohrab Hossain and Mohammed Atiquzzaman TR-OU-TNRL-11-102 February 2011 Telecommunication & Network Research Lab School of Computer
More information