Virtual Private Network Using Peer-to-Peer Techniques
|
|
- Alan Johnston
- 8 years ago
- Views:
Transcription
1 Virtual Private Network Using Peer-to-Peer Techniques Peer-to-Peer VPN Daniel Kasza Massachusetts Academy of Math and Science Abstract The low performance of traditional, client-server model based, virtual private networks (VPNs) led to the investigation of using peer-to-peer communication to improve the bandwidth and latency of the communication between the connected clients. A new peer-to-peer connection based VPN protocol was engineered. The protocol uses both TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) communication to transfer Ethernet frames between the connected clients over IPv4 and IPv6 networks, and it improves the network performance by making direct communication for the clients possible. An IPv4 compatible implementation was done in Java and C programming languages using the Java Native Interface. The tests were done using Ubuntu Linux on three computers connected to a test computer network, and it was concluded that the new protocol has better client-to-client performance than traditional VPN protocols, while it decreases the load on the server. The protocol can be used to create VPNs for applications that require low latency communication including computer games and Voice over IP. Because the protocol encapsulates Ethernet frames, it can be also used to interconnect separate Ethernet networks. Introduction Recently, high speed Internet connections became inexpensive and reliable. This led to the spread of VPN connections instead of direct dial-up or leased line connections. They connect offices in different parts of the world and make corporate networks accessible for the employees anywhere using a single Internet connection. They also help reserving the remaining IPv4 address space by making computers accessible without public IP addresses; however, they are still not practical for real-time, delay or speed sensitive applications. Online games, video streaming, and file sharing services are just a few of the numerous protocols that cannot be efficiently used with the current, point-to-point virtual private network protocols; however, recently many applications of peer-to-peer technologies proved to be efficient, fast and reliable. By combining peer-to-peer technologies with VPNs, it is possible to create faster VPN networks. Literature Review Computer Networks Modern computer networks handle data in form of small data blocks called packets. The name of this method is packet switching. Every data is encapsulated in these packets and moved toward its destination using the address provided in the packet through different networks. Packet switching can be connection less and connection-oriented. In case of a connectionless protocol, data is sent and received in form of packets by the two communicating peers; however, connection oriented protocols present an interface for the two peers to communicate using data streams. The main protocol used over the Internet is the Internet Protocol version 4 (IPv4). It was designed to interconnect packet-switched computer networks ( RFC 791, 1981). Hosts are identified by their IP address, which is a 32bit long number. It does also provide packet fragmentation. IPv4 does not provide any sort of error handling. Packets can be lost or can arrive out of order. The process of moving the packets toward their 1
2 direction is called routing and is done by routers. These devices connect subnets. An IP address contains the address of the subnet and the address of a host on that network. The successor of IPv4 is IPv6, which is incompatible with the IPv4. IPv6 has a larger, 128b address space, and numerous new features compared to IPv4 ( RFC 2460, 1998). It drops the support for fragmentation. If a packet is too big to be transmitted through a network segment, it is simply dropped by the routers. It simplifies the routing process. IPv6 is also more secure, has better support for multicasting, and has a new addressing method called anycast. The number of available IPv addresses is decreasing. It is predicted that the full IPv4 address space will be assigned by the middle of This exhaustion led to the development of different IP address preserving techniques. One of these is Network Address Translation (NAT), which provides a way to hide a private IP network behind only one public IP address ( RFC 3022, 2001). There are IP address ranges assigned to be used on private networks. The problem with NATs is that each connection has to be initiated from the private network, and hosts from the public network cannot reach the hosts of the private network. It does also mean that two hosts behind different NATs cannot connect to each other. For this reason, NAT traversal techniques were developed. One of those is UDP hole punching, which solves the problem by using a server on the public network to open the connection. The two clients connect to the public server. This opens a way through the NAT for this connection; however, the server sends the clients where they can find each other, so they can use the holes originally created for the communication with the server. The User Datagram Protocol (UDP) is a connectionless protocol used over IPv4 and IPv6. It does not guarantee that the messages (datagrams) will arrive or arrive in order ( RFC 768, 1980). It is used where lost packages do not need to be sent again because they would be invalidated before they would arrive, or where minimum delay of communication is needed. Voice over IP and gaming are good examples of these protocols. UDP is also suitable for simple devices because of its simplicity. That is why it is used for the Trivial File Transfer Protocol (TFTP). The Domain Name System is also based on the UDP protocol. Transmission Control Protocol (TCP) is a connection oriented protocol ( RFC 761, 1980). Every data sent over a TCP connection is guaranteed to arrive in order; however, that means that lost packets have to be retransmitted before the communication can be reassembled on the receiver s side. This retransmission can cause delays in the communication. TCP is also more complicated than UDP, which makes it harder to implement in embedded systems and makes connecting over TCP a relatively slow process. These make TCP suitable for applications that require long term, reliable connections. TCP is used for the Hyper Text Transfer Protocol (HTTP), the File Transfer Protocol (FTP), Post Office Protocol 3 (POP3), Simple Mail Transfer Protocol (SMTP) and many other protocols. 2
3 Attacks on Computer Networks Peer-to-Peer VPN host Hello! attacker Hi! host (man-in-the-middle) Hello! storage Figure 1. MITM attack. The attacker relays the communication between the two hosts. It can record and even modify packets. One of the basic attacks is the Man-In-The-Middle (MITM) attack, which has the goal to bias the packet flow between two hosts and relay it through the attacker s computer (Schneier, 2004), which can record and modify the communication on the network. Encryption and authentication can be used to protect protocols from MITM attacks. Replay attacks are usually used together with MITM attacks. The attacker replays (resends) previously recorded packets, usually without knowing their exact content. This way a vulnerable protocol can identify the packets as legitimate communication and authenticate the attacker s computer or do other operations. Figure 2. Real-world DDoS example. A Dunkin Donuts can serve limited number of customers in a given time period. If there are too many customers waiting, some of them will timeout and leave the restaurant ( Schedule, 2009; Starset, 2009). Denial-of-Service (DoS) attack is a method for rendering services unavailable by excessive traffic. The goal is to consume the resources of a service (bandwidth, computing power), so it cannot handle other requests ( RFC 4732, 2006). Distributed DoS (DDoS) is a variant of DoS attacks, where multiple computers are used to attack a service. It is harder to protect systems against DDoS attacks. On Layer 2 Ethernet networks, hosts are identified by their Media Access Control (MAC) addresses. MAC is a 6Byte long number. The parity of the first Byte determines the addressing of the packet. MACs with even first Bytes are unicast addresses (Gergő Koós, personal communication). 3
4 VPNs A virtual private network is a computer network that uses an existing computer network infrastructure to provide secure access to a network. It encapsulates the communication between the connected network devices. There are many different VPN uses of VPNs; however this paper focuses on the VPN protocols used over the Internet to provide inexpensive connections between computers. Figure 3. A typical VPN topology. Both clients are connected to the Internet, but every VPN traffic has to go through a single server. These virtual private networks were originally created to satisfy the need for a less expensive way to interconnect corporate networks than leased or owned lines. Because they were originally designed to replace leased or owned lines, a typical VPN uses a point-to-point topology; however, currently, VPNs are also used to connect individual computers together. The problem in this case is that the communication between two computers connected to the VPN is slowed and limited by the Internet connection and performance of the VPN server, and the reliability of the network depends on a single computer because every packet has to reach the VPN server first, which relays it to its destination computer. In this scenario the communication between the two computers put excessive traffic on the VPN server, and the network infrastructure rendering the communication slow, while the two communicating computers could reach each other through the underlying network of the VPN connection. Client Internet Protocol PPP PPTP Internet Protocol Internet Server Figure 4. A VPN connection the PPTP protocol. A PPTP tunnel is created above the Internet Protocol for a PPP connection that encapsulates Internet Protocol packages. A frequently used protocol for VPNs is PPTP (Point-to-Point Tunneling Protocol), which encapsulates PPP (Point-to-Point Protocol) connections ( RFC 2637, 1999). When a client wants to connect to a VPN, it has to build up a PPTP connection first, and then it should use this connection to create the actual network connection by tunneling PPP through the PPTP connection. Because PPP was already supported by most operating systems and devices this protocol was simple to implement. Any PPP traffic can be transferred transparently through a PPTP tunnel, which makes it compatible with existing software and devices. Although the point-to-point topology can make the communication slow, it has a security advantage. Because clients communicate only with the VPN server through the sometimes not secure Internet connection they have 4
5 to make only this connection secure by authentication and encryption; however, the security provided by the VPN protocols becoming less important with the increasing security of the protocols on other levels. Peer-to-Peer Communication A peer-to-peer (P2P) network comprises equally privileged participants. No participants are clearly servers or clients in the communication. They both provide and consume resources. Peer-to-peer networks are already used for Voice over IP, file sharing, and several other applications. client peer client Server peer tracker client peer Figure 5. Server-client file sharing. In the classical serverclient model the server has to provide the file to every client. Figure 6. BitTorrent file sharing. The only role of the tracker is to help peers connecting to each other. The peers download the files from each other. A highly used P2P protocol is the BitTorrent, which enables fast file sharing over the Internet by making the downloaders uploaders at the same time (Cohen, 2008). As soon as a slice of the file is available at a peer, others can start downloading that slice from that source, too. That way the original uploader of the file does not have to upload it for every client, but the spare bandwidth of the peers can be utilized. P2P protocols can be more reliable, too because they are distributed across a network. The disadvantage of a P2P network is that they are usually more difficult to develop and implement, and they can also have from security issues. Peers do not only have to authenticate a single server, but multiple peers. If encryption is used, it is also important to have different encryption keys with each connected peer. Software and Tools Linux is the name of the Unix-like operating systems based on the Linux kernel, which was originally created and released by Linus Torvalds in The kernel is typically packed together with other software to form a desktop or server operating system. These packages are called distributions. The Linux kernel is a highly 5
6 scalable portable monolithic modular kernel, which runs on numerous kinds of computing devices. It can be found on small embedded computers, mobile phones, desktops, servers, and even mainframe computers. The TAP interface is a virtual Ethernet interface implemented as a kernel driver that allows userland applications to easily communicate with the network stack of the host operating system (Krasnyansky, 2001). Because TAP is a virtual Ethernet interface it works with Ethernet packets. Every TAP has two end points: one for the kernel, and one for the userland application. From the point of view of the host operating system the TAP appears as a usual Ethernet interface; however, every packet sent to it does not go to a physical Ethernet card or interface, but is received by the application connected to the other end of the TAP. The application can also construct and send packets to the operating system using the same mechanism. That way TAP can be used to implement virtual network interfaces without modifying the operating system. It is used several VPN client applications, and it is also used to connect operating systems running in a virtual machine to the host system. Wireshark is an open source network analyzer ( Wireshark, n.d.). It can be used to capture raw Ethernet traffic on a network and analyze the contents of the packets. It is available to the major operating systems because it relies on other cross-platform open source technologies. It uses the pcap Application Programming Interface to capture network traffic, which is available for both Unix and Unix-like operating systems (Solaris, Mac OS X, Linux, BSD) in the form of libpcap and for Windows in the form of WinPcap. Wireshark is useful for troubleshooting networks, software, and network protocols. Research Plan The goal is to design, implement, and test a new virtual private network protocol that uses the recent improvements in peer-to-peer communication to make client-to-client communication through the VPN faster. The server application will be programmed in Java. Only a simple server will be made to test the protocol.the client application will be programmed in Java and C. The TAP interface will be used to communicate with the host operating system. Because there is no TAP library available for Java, it will be programmed using the Java Native Interface (JNI). TAP interface is a virtual Ethernet network interface driver, which provides userland applications a way to create virtual network interfaces to communicate with the built-in networking stack of the operating system. It is already in use by several VPN applications and available for the major operating systems, including Linux, Windows, Mac OS X, and different BSD variants. That makes it suitable for a project like this. Although Java applications are platform independent, the client application will be only Linux compatible because the JNI code is Linux-specific; however, the program will be easily portable for other platforms. The client-client communications will use the User Datagram Protocol (UDP) for fast communication. UDP hole punching will be utilized to traverse Network Address Translators. The clients will use the Transmission Control Protocol (TCP) to communicate with the server. Although TCP is slower than UDP, it is more reliable. Because every communication between the clients and the server is critical, TCP is more suitable for this part of the communication because it removes error handling from the protocol. Although encryption will not be used, a challenge-response authentication method will be used to authenticate the clients on the network, and the protocol will be designed to be able to handle encryption with later extensions. During the testing a server computer and at least two client computers will be used. The computers will run Linux. The program code will be written using NetBeans. To find programming errors in the communication Wireshark, a network sniffing application, will be used to record the communication between the clients. 6
7 Methodology The programs were written using NetBeans (version 6.9.1, downloaded from netbeans.org). The computers used for testing were running Ubuntu Linux (version 10.10, downloaded from ubuntu.com) with the latest updates and the default-jdk installed. The computers were connected to the Internet through a standard 10Mb Ethernet hub. One computer was used to write the program and run the server application. Two computers were used to test the client application. One computer was running Wireshark and recording communication. This data was used to find the causes of unexpected errors. A single computer was set up as a VPSN and PPTP server, and it was connected to a Cisco Systems router (Cisco 2620XM). Two other computers were connected to a standard 10Mb Ethernet hub that was also connected to the router. The router was set to add a 25ms delay to the communication between the two subnets. The two computers were connected to the VPSN and PPTP networks served by the third computer. A command was given to one of the client computers to simultaneously measure and record the latency between the two clients through the two VPNs and the direct path through the Ethernet hub and the latency to the server computer. The latency was measured using the built-in ping application of the operating system measurements were made using 200Byte packets. Five measurements were done in every second. Data was recorded to text files. After these measurements, both the direct connection and the VPSN connection were flooded with ICMP echo requests (200B each). Total time and packet loss were measured and recorded in text files. The data was processed using Microsoft Excel. 7
8 Results Figure 7. Comparison of latency on different networks. Network latency is an important aspect of network performance. The smaller values are better. 8
9 Table 1. Average latency and performance comparison. Connection to server Direct Connection VPSN PPTP Average (ms) Performance: 100% 1046% 11% 6% Table 2. Flooding data with packets. Direct Connection VPSN Time (ms) Figure 8. Comparison of network traffic between the clients and between the clients and the server on a logarithmic scale. In traditional protocols, the clients traffic would go through the server. 9
10 Data Analysis and Discussion The average latency values on Table 1 show that Virtual Private Switched Network (VPSN, the peer-to-peer protocol) decreases the latency between clients compared to other protocols. The direct connection is even faster than the VPSN connection, but this is expected because VPSN also uses this connection. Figure 7 shows that although the average latency is low, the pairing process that happens every 60 seconds (300 packets) slows down the connection for a short period of time. The origin of the other high values is unknown. They may be caused by other traffic on the network during the measurements. Table 2 shows that the performance of the network does not decrease under heavy load. Although it takes about twelve times more time for VPSN to handle packets, it is expected because it has ten times higher latency than the direct connection. Because VPSN uses the direct connection to transfer data and that was also flooded, it was expected that VPSN will not have the same performance as the direct connection. An important aspect of peer-to-peer protocols is that they decrease the load on the servers. Figure 8 shows that VPSN can make client-client communication more efficient. The traffic on the server is less than the of the traffic between the clients. That means a server that could serve a single network with traditional VPNs could serve more than 170 networks with a peer-to-peer protocol. Conclusions Based on the data collected, peer-to-peer communication is a viable solution for the drawbacks of traditional VPN protocols in case of client-client communication. Although the current version of VPSN is not ready for everyday use, it shows that with further research peer-to-peer VPNs could be real replacements for server-client model based protocols. The collected data also shows which parts of the protocol should be changed to improve the overall performance of the protocol. Limitations and Assumptions The protocol does not support encryption. It is assumed that encryption would not change the speed of the communication significantly. The protocol was designed to speed up unicast communication. It is assumed that the majority of the communication between the clients is unicast traffic. In some rare cases, it is possible that the clients could communicate faster through the server than directly. Although the timeout in the pairing process may filter these cases, it was generally assumed that the direct communication is faster because other cases are very rare and the role of direct communication is not only to speed up the communication, but to decrease the load on the server. 10
11 Applications and Future Experiments The protocol in its current state could be used where security is less important than low latency or where encryption is already provided on higher protocol levels. Although VPSN does not currently support encryption, it was designed to make the later addition of encryption algorithms simple. Key exchange and authentication could be part of the pairing process. One of the current weaknesses of VPSN is the slow pairing process. It could be improved to make the value of latency more stable. One way to do this would be to start the re-pairing before the last pairing expires. That way the clients would be always paired and packets would not have to wait until pairing process is completed. Literature Cited Schneier, B. (2004). Crypto-Gram. Retrieved November 15, 2010, from Starset, R. (2009). Dunkin Donuts DDoS. Retrieved November 15, 2010, from Internet Denial-of-Service Considerations (RFC 4732). (2006). Retrieved November 15, 2010, from Internet Protocol (RFC 791). (1981). Retrieved November 15, 2010, from Internet Protocol, Version 6 (RFC 2460). (1998). Retrieved November 15, 2010, from Point-to-Point Tunneling Protocol (RFC 2637). (1999). Retrieved November 15, 2010, from Schedule 26C3 Public wiki. (2009). Retrieved November 15, 2010, from Cohen, B. (2008). The BitTorrent Protocol Specification. Retrieved November 15, 2010, from Traditional IP Network Address Translator (RFC 3022). (2001). Retrieved November 15, 2010, from Transmission Control Protocol (RFC 761). (1980). Retrieved November 15, 2010, from Krasnyansky, M. (2001). Universal TUN/TAP device driver Frequently Asked Question. Retrieved November 15, 2010, from 11
12 User Datagram Protocol (RFC 768). (1980). Retrieved November 15, 2010, from Wireshark Go Deep. (n.d.) Retrieved November 15, 2010, from Included appendices: Appendices VPSN Alpha 0 specifications VPSN simple server source code Acknowledgements I would like to express my appreciation for Ms. Karen Lang, my advisor who helped me with several aspects of my project. I would like to show my gratitude to Dr. Judith Sumner for helping me writing this paper. I would also like to say thanks to Gergő Koós who helped me figure out how to handle the Ethernet packets. 12
Virtual Private Networks
Virtual Private Networks Jonathan Reed jdreed@mit.edu MIT IS&T VPN Release Team Overview Basic Networking Terms General Concepts How the VPN works Why it s useful What to watch out for Q&A Networking 101
More informationInternet Protocol: IP packet headers. vendredi 18 octobre 13
Internet Protocol: IP packet headers 1 IPv4 header V L TOS Total Length Identification F Frag TTL Proto Checksum Options Source address Destination address Data (payload) Padding V: Version (IPv4 ; IPv6)
More informationCourse Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.
Course Name: TCP/IP Networking Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network. TCP/IP is the globally accepted group of protocols
More informationTechnical Support Information Belkin internal use only
The fundamentals of TCP/IP networking TCP/IP (Transmission Control Protocol / Internet Protocols) is a set of networking protocols that is used for communication on the Internet and on many other networks.
More informationChapter 5. Data Communication And Internet Technology
Chapter 5 Data Communication And Internet Technology Purpose Understand the fundamental networking concepts Agenda Network Concepts Communication Protocol TCP/IP-OSI Architecture Network Types LAN WAN
More informationEthernet. Ethernet. Network Devices
Ethernet Babak Kia Adjunct Professor Boston University College of Engineering ENG SC757 - Advanced Microprocessor Design Ethernet Ethernet is a term used to refer to a diverse set of frame based networking
More informationOverview of TCP/IP. TCP/IP and Internet
Overview of TCP/IP System Administrators and network administrators Why networking - communication Why TCP/IP Provides interoperable communications between all types of hardware and all kinds of operating
More informationLecture 28: Internet Protocols
Lecture 28: Internet Protocols 15-110 Principles of Computing, Spring 2016 Dilsun Kaynar, Margaret Reid-Miller, Stephanie Balzer Reminder: Exam 2 Exam 2 will take place next Monday, on April 4. Further
More informationComputer Networks and the Internet
? Computer the IMT2431 - Data Communication and Network Security January 7, 2008 ? Teachers are Lasse Øverlier and http://www.hig.no/~erikh Lectures and Lab in A126/A115 Course webpage http://www.hig.no/imt/in/emnesider/imt2431
More informationRaritan Valley Community College Academic Course Outline. CISY 253 - Advanced Computer Networking
Raritan Valley Community College Academic Course Outline CISY 253 - Advanced Computer Networking I. Basic Course Information A. Course number and Title: CISY 253- Advanced Computer Networking (TCP/IP)
More informationFrom Centralization to Distribution: A Comparison of File Sharing Protocols
From Centralization to Distribution: A Comparison of File Sharing Protocols Xu Wang, Teng Long and Alan Sussman Department of Computer Science, University of Maryland, College Park, MD, 20742 August, 2015
More informationChapter 4: Security of the architecture, and lower layer security (network security) 1
Chapter 4: Security of the architecture, and lower layer security (network security) 1 Outline Security of the architecture Access control Lower layer security Data link layer VPN access Wireless access
More informationAdvanced Higher Computing. Computer Networks. Homework Sheets
Advanced Higher Computing Computer Networks Homework Sheets Topic : Network Protocols and Standards. Name the organisation responsible for setting international standards and explain why network standards
More informationProject 4: IP over DNS Due: 11:59 PM, Dec 14, 2015
CS168 Computer Networks Jannotti Project 4: IP over DNS Due: 11:59 PM, Dec 14, 2015 Contents 1 Introduction 1 2 Components 1 2.1 Creating the tunnel..................................... 2 2.2 Using the
More informationGuide to Network Defense and Countermeasures Third Edition. Chapter 2 TCP/IP
Guide to Network Defense and Countermeasures Third Edition Chapter 2 TCP/IP Objectives Explain the fundamentals of TCP/IP networking Describe IPv4 packet structure and explain packet fragmentation Describe
More informationVirtual Private Networks
Virtual Private Networks ECE 4886 Internetwork Security Dr. Henry Owen Definition Virtual Private Network VPN! Virtual separation in protocol provides a virtual network using no new hardware! Private communication
More informationVPN. Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu
VPN Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu What is VPN? A VPN (virtual private network) is a private data network that uses public telecommunicating infrastructure (Internet), maintaining
More informationFirewall Defaults, Public Server Rule, and Secondary WAN IP Address
Firewall Defaults, Public Server Rule, and Secondary WAN IP Address This quick start guide provides the firewall defaults and explains how to configure some basic firewall rules for the ProSafe Wireless-N
More informationCOMPUTER NETWORK TECHNOLOGY (300)
Page 1 of 10 Contestant Number: Time: Rank: COMPUTER NETWORK TECHNOLOGY (300) REGIONAL 2014 TOTAL POINTS (500) Failure to adhere to any of the following rules will result in disqualification: 1. Contestant
More informationAbout Firewall Protection
1. This guide describes how to configure basic firewall rules in the UTM to protect your network. The firewall then can provide secure, encrypted communications between your local network and a remote
More informationIP - The Internet Protocol
Orientation IP - The Internet Protocol IP (Internet Protocol) is a Network Layer Protocol. IP s current version is Version 4 (IPv4). It is specified in RFC 891. TCP UDP Transport Layer ICMP IP IGMP Network
More informationSY0-201. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.
system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. From a high-level standpoint, attacks on computer systems and networks can be grouped
More informationUPPER LAYER SWITCHING
52-20-40 DATA COMMUNICATIONS MANAGEMENT UPPER LAYER SWITCHING Gilbert Held INSIDE Upper Layer Operations; Address Translation; Layer 3 Switching; Layer 4 Switching OVERVIEW The first series of LAN switches
More informationFrequently Asked Questions
Frequently Asked Questions 1. Q: What is the Network Data Tunnel? A: Network Data Tunnel (NDT) is a software-based solution that accelerates data transfer in point-to-point or point-to-multipoint network
More informationHow do I get to www.randomsite.com?
Networking Primer* *caveat: this is just a brief and incomplete introduction to networking to help students without a networking background learn Network Security. How do I get to www.randomsite.com? Local
More informationComputer Networks CS321
Computer Networks CS321 Dr. Ramana I.I.T Jodhpur Dr. Ramana ( I.I.T Jodhpur ) Computer Networks CS321 1 / 22 Outline of the Lectures 1 Introduction OSI Reference Model Internet Protocol Performance Metrics
More informationInternetworking. Problem: There is more than one network (heterogeneity & scale)
Internetworking Problem: There is more than one network (heterogeneity & scale) Hongwei Zhang http://www.cs.wayne.edu/~hzhang Internetworking: Internet Protocol (IP) Routing and scalability Group Communication
More informationComputer Networks/DV2 Lab
Computer Networks/DV2 Lab Room: BB 219 Additional Information: http://www.fb9dv.uni-duisburg.de/ti/en/education/teaching/ss08/netlab Equipment for each group: - 1 Server computer (OS: Windows 2000 Advanced
More informationTransport and Network Layer
Transport and Network Layer 1 Introduction Responsible for moving messages from end-to-end in a network Closely tied together TCP/IP: most commonly used protocol o Used in Internet o Compatible with a
More informationNetworking Basics and Network Security
Why do we need networks? Networking Basics and Network Security Shared Data and Functions Availability Performance, Load Balancing What is needed for a network? ISO 7-Layer Model Physical Connection Wired:
More informationProtocols. Packets. What's in an IP packet
Protocols Precise rules that govern communication between two parties TCP/IP: the basic Internet protocols IP: Internet Protocol (bottom level) all packets shipped from network to network as IP packets
More informationBasic Networking Concepts. 1. Introduction 2. Protocols 3. Protocol Layers 4. Network Interconnection/Internet
Basic Networking Concepts 1. Introduction 2. Protocols 3. Protocol Layers 4. Network Interconnection/Internet 1 1. Introduction -A network can be defined as a group of computers and other devices connected
More informationNote! The problem set consists of two parts: Part I: The problem specifications pages Part II: The answer pages
Part I: The problem specifications NTNU The Norwegian University of Science and Technology Department of Telematics Note! The problem set consists of two parts: Part I: The problem specifications pages
More informationA Performance Analysis of Gateway-to-Gateway VPN on the Linux Platform
A Performance Analysis of Gateway-to-Gateway VPN on the Linux Platform Peter Dulany, Chang Soo Kim, and James T. Yu PeteDulany@yahoo.com, ChangSooKim@yahoo.com, jyu@cs.depaul.edu School of Computer Science,
More informationWhy SSL is better than IPsec for Fully Transparent Mobile Network Access
Why SSL is better than IPsec for Fully Transparent Mobile Network Access SESSION ID: SP01-R03 Aidan Gogarty HOB Inc. aidan.gogarty@hob.de What are we all trying to achieve? Fully transparent network access
More informationA Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method.
A Brief Overview of VoIP Security By John McCarron Voice of Internet Protocol is the next generation telecommunications method. It allows to phone calls to be route over a data network thus saving money
More informationLecture Computer Networks
Prof. Dr. H. P. Großmann mit M. Rabel sowie H. Hutschenreiter und T. Nau Sommersemester 2012 Institut für Organisation und Management von Informationssystemen Thomas Nau, kiz Lecture Computer Networks
More informationLayered protocol (service) architecture
Layered protocol (service) architecture The Internet is complex! many pieces : hosts access network routers links of various media applications protocols Question: Is there any hope of organizing a structure
More informationThe OSI and TCP/IP Models. Lesson 2
The OSI and TCP/IP Models Lesson 2 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Introduction to the OSI Model Compare the layers of the OSI and TCP/IP
More informationIntroduction To Computer Networking
Introduction To Computer Networking Alex S. 1 Introduction 1.1 Serial Lines Serial lines are generally the most basic and most common communication medium you can have between computers and/or equipment.
More informationQuality of Service Analysis of site to site for IPSec VPNs for realtime multimedia traffic.
Quality of Service Analysis of site to site for IPSec VPNs for realtime multimedia traffic. A Network and Data Link Layer infrastructure Design to Improve QoS in Voice and video Traffic Jesús Arturo Pérez,
More informationSecurity+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security Objectives List the different types of network security devices and explain how they can be used Define network
More informationIntroduction to IP v6
IP v 1-3: defined and replaced Introduction to IP v6 IP v4 - current version; 20 years old IP v5 - streams protocol IP v6 - replacement for IP v4 During developments it was called IPng - Next Generation
More information1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet
Review questions 1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet C Media access method D Packages 2 To which TCP/IP architecture layer
More informationICS 153 Introduction to Computer Networks. Inst: Chris Davison cbdaviso@uci.edu
ICS 153 Introduction to Computer Networks Inst: Chris Davison cbdaviso@uci.edu 1 ICS 153 Introduction to Computer Networks Course Goals Understand the basic principles of computer networks Design Architecture
More informationWhat is CSG150 about? Fundamentals of Computer Networking. Course Outline. Lecture 1 Outline. Guevara Noubir noubir@ccs.neu.
What is CSG150 about? Fundamentals of Computer Networking Guevara Noubir noubir@ccs.neu.edu CSG150 Understand the basic principles of networking: Description of existing networks, and networking mechanisms
More informationOverview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP
Overview Securing TCP/IP Chapter 6 TCP/IP Open Systems Interconnection Model Anatomy of a Packet Internet Protocol Security (IPSec) Web Security (HTTP over TLS, Secure-HTTP) Lecturer: Pei-yih Ting 1 2
More informationParallels Plesk Panel. VPN Module for Parallels Plesk Panel 10 for Linux/Unix Administrator's Guide. Revision 1.0
Parallels Plesk Panel VPN Module for Parallels Plesk Panel 10 for Linux/Unix Administrator's Guide Revision 1.0 Copyright Notice Parallels Holdings, Ltd. c/o Parallels International GMbH Vordergasse 49
More informationUnderstanding TCP/IP. Introduction. What is an Architectural Model? APPENDIX
APPENDIX A Introduction Understanding TCP/IP To fully understand the architecture of Cisco Centri Firewall, you need to understand the TCP/IP architecture on which the Internet is based. This appendix
More informationIP Security. IPSec, PPTP, OpenVPN. Pawel Cieplinski, AkademiaWIFI.pl. MUM Wroclaw
IP Security IPSec, PPTP, OpenVPN Pawel Cieplinski, AkademiaWIFI.pl MUM Wroclaw Introduction www.akademiawifi.pl WCNG - Wireless Network Consulting Group We are group of experienced professionals. Our company
More informationCTS2134 Introduction to Networking. Module 07: Wide Area Networks
CTS2134 Introduction to Networking Module 07: Wide Area Networks WAN cloud Central Office (CO) Local loop WAN components Demarcation point (demarc) Consumer Premises Equipment (CPE) Channel Service Unit/Data
More informationNetwork Security. Vorlesung Kommunikation und Netze SS 10 E. Nett
Network Security Internet not originally designed with (much) security in mind original vision: a group of mutually trusting users attached to a transparent network Security considerations in all layers!
More informationDistrict of Columbia Courts Attachment 1 Video Conference Bridge Infrastructure Equipment Performance Specification
1.1 Multipoint Control Unit (MCU) A. The MCU shall be capable of supporting (20) continuous presence HD Video Ports at 720P/30Hz resolution and (40) continuous presence ports at 480P/30Hz resolution. B.
More informationNote! The problem set consists of two parts: Part I: The problem specifications pages Part II: The answer pages
Part I: The problem specifications NTNU The Norwegian University of Science and Technology Department of Telematics Note! The problem set consists of two parts: Part I: The problem specifications pages
More informationVirtual Private Networks
Virtual Private Networks The Ohio State University Columbus, OH 43210 Jain@cse.ohio-State.Edu http://www.cse.ohio-state.edu/~jain/ 1 Overview Types of VPNs When and why VPN? VPN Design Issues Security
More informationProtocols and Architecture. Protocol Architecture.
Protocols and Architecture Protocol Architecture. Layered structure of hardware and software to support exchange of data between systems/distributed applications Set of rules for transmission of data between
More informationCSIS 3230. CSIS 3230 Spring 2012. Networking, its all about the apps! Apps on the Edge. Application Architectures. Pure P2P Architecture
Networking, its all about the apps! CSIS 3230 Chapter 2: Layer Concepts Chapter 5.4: Link Layer Addressing Networks exist to support apps Web Social ing Multimedia Communications Email File transfer Remote
More informationIT4504 - Data Communication and Networks (Optional)
- Data Communication and Networks (Optional) INTRODUCTION This is one of the optional courses designed for Semester 4 of the Bachelor of Information Technology Degree program. This course on Data Communication
More informationSecuring IP Networks with Implementation of IPv6
Securing IP Networks with Implementation of IPv6 R.M.Agarwal DDG(SA), TEC Security Threats in IP Networks Packet sniffing IP Spoofing Connection Hijacking Denial of Service (DoS) Attacks Man in the Middle
More informationAbstract. Introduction. Section I. What is Denial of Service Attack?
Abstract In this report, I am describing the main types of DoS attacks and their effect on computer and network environment. This report will form the basis of my forthcoming report which will discuss
More informationKick starting science...
Computer ing (TDDD63): Part 1 Kick starting science... Niklas Carlsson, Associate Professor http://www.ida.liu.se/~nikca/ What do you have in the future? What do you have in the future? How does it keep
More informationComputer Networks & Security 2014/2015
Computer Networks & Security 2014/2015 IP Protocol Stack & Application Layer (02a) Security and Embedded Networked Systems time Protocols A human analogy All Internet communication is governed by protocols!
More informationSecurity Technology White Paper
Security Technology White Paper Issue 01 Date 2012-10-30 HUAWEI TECHNOLOGIES CO., LTD. 2012. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without
More informationChapter 1 Personal Computer Hardware------------------------------------------------ 7 hours
Essential Curriculum Networking Essentials Total Hours: 244 Cisco Discovery 1: Networking for Home and Small Businesses 81.5 hours teaching time Chapter 1 Personal Computer Hardware------------------------------------------------
More informationUsing IPM to Measure Network Performance
CHAPTER 3 Using IPM to Measure Network Performance This chapter provides details on using IPM to measure latency, jitter, availability, packet loss, and errors. It includes the following sections: Measuring
More informationVirtual Private Networks Solutions for Secure Remote Access. White Paper
Virtual Private Networks Solutions for Secure Remote Access White Paper Copyright Decipher Information Systems, 2005. All rights reserved. The information in this publication is furnished for information
More informationThe Problem with TCP. Overcoming TCP s Drawbacks
White Paper on managed file transfers How to Optimize File Transfers Increase file transfer speeds in poor performing networks FileCatalyst Page 1 of 6 Introduction With the proliferation of the Internet,
More informationNetwork-Oriented Software Development. Course: CSc4360/CSc6360 Instructor: Dr. Beyah Sessions: M-W, 3:00 4:40pm Lecture 2
Network-Oriented Software Development Course: CSc4360/CSc6360 Instructor: Dr. Beyah Sessions: M-W, 3:00 4:40pm Lecture 2 Topics Layering TCP/IP Layering Internet addresses and port numbers Encapsulation
More informationOutline. CSc 466/566. Computer Security. 18 : Network Security Introduction. Network Topology. Network Topology. Christian Collberg
Outline Network Topology CSc 466/566 Computer Security 18 : Network Security Introduction Version: 2012/05/03 13:59:29 Department of Computer Science University of Arizona collberg@gmail.com Copyright
More informationChapter 12 Supporting Network Address Translation (NAT)
[Previous] [Next] Chapter 12 Supporting Network Address Translation (NAT) About This Chapter Network address translation (NAT) is a protocol that allows a network with private addresses to access information
More informationRemote Access VPNs Performance Comparison between Windows Server 2003 and Fedora Core 6
Remote Access VPNs Performance Comparison between Windows Server 2003 and Fedora Core 6 Ahmed A. Joha, Fathi Ben Shatwan, Majdi Ashibani The Higher Institute of Industry Misurata, Libya goha_99@yahoo.com
More informationComputer Networks CCNA Module 1
Chapter 1: Quiz 1 Q1: Which statement describes a network that supports QoS? The fewest possible devices are affected by a failure. The network should be able to expand to keep up with user demand. The
More informationINTERNET SECURITY: THE ROLE OF FIREWALL SYSTEM
INTERNET SECURITY: THE ROLE OF FIREWALL SYSTEM Okumoku-Evroro Oniovosa Lecturer, Department of Computer Science Delta State University, Abraka, Nigeria Email: victorkleo@live.com ABSTRACT Internet security
More informationStateful Firewalls. Hank and Foo
Stateful Firewalls Hank and Foo 1 Types of firewalls Packet filter (stateless) Proxy firewalls Stateful inspection Deep packet inspection 2 Packet filter (Access Control Lists) Treats each packet in isolation
More information2057-15. First Workshop on Open Source and Internet Technology for Scientific Environment: with case studies from Environmental Monitoring
2057-15 First Workshop on Open Source and Internet Technology for Scientific Environment: with case studies from Environmental Monitoring 7-25 September 2009 TCP/IP Networking Abhaya S. Induruwa Department
More informationNETWORK LAYER/INTERNET PROTOCOLS
CHAPTER 3 NETWORK LAYER/INTERNET PROTOCOLS You will learn about the following in this chapter: IP operation, fields and functions ICMP messages and meanings Fragmentation and reassembly of datagrams IP
More informationTraffic Analyzer Based on Data Flow Patterns
AUTOMATYKA 2011 Tom 15 Zeszyt 3 Artur Sierszeñ*, ukasz Sturgulewski* Traffic Analyzer Based on Data Flow Patterns 1. Introduction Nowadays, there are many systems of Network Intrusion Detection System
More informationAllocating Network Bandwidth to Match Business Priorities
Allocating Network Bandwidth to Match Business Priorities Speaker Peter Sichel Chief Engineer Sustainable Softworks psichel@sustworks.com MacWorld San Francisco 2006 Session M225 12-Jan-2006 10:30 AM -
More informationCorporate VPN Using Mikrotik Cloud Feature. By SOUMIL GUPTA BHAYA Mikortik Certified Trainer
Corporate VPN Using Mikrotik Cloud Feature By SOUMIL GUPTA BHAYA Mikortik Certified Trainer What is a VPN? A virtual private network (VPN) is a method for the extension of a private network across a public
More informationCS335 Sample Questions for Exam #2
CS335 Sample Questions for Exam #2.) Compare connection-oriented with connectionless protocols. What type of protocol is IP? How about TCP and UDP? Connection-oriented protocols Require a setup time to
More informationITL BULLETIN FOR JANUARY 2011
ITL BULLETIN FOR JANUARY 2011 INTERNET PROTOCOL VERSION 6 (IPv6): NIST GUIDELINES HELP ORGANIZATIONS MANAGE THE SECURE DEPLOYMENT OF THE NEW NETWORK PROTOCOL Shirley Radack, Editor Computer Security Division
More informationIntroduction to Computer Networks
Introduction to Computer Networks Chen Yu Indiana University Basic Building Blocks for Computer Networks Nodes PC, server, special-purpose hardware, sensors Switches Links: Twisted pair, coaxial cable,
More informationThe Cisco IOS Firewall feature set is supported on the following platforms: Cisco 2600 series Cisco 3600 series
Cisco IOS Firewall Feature Set Feature Summary The Cisco IOS Firewall feature set is available in Cisco IOS Release 12.0. This document includes information that is new in Cisco IOS Release 12.0(1)T, including
More informationSecurity Technology: Firewalls and VPNs
Security Technology: Firewalls and VPNs 1 Learning Objectives Understand firewall technology and the various approaches to firewall implementation Identify the various approaches to remote and dial-up
More informationProtocol Data Units and Encapsulation
Chapter 2: Communicating over the 51 Protocol Units and Encapsulation For application data to travel uncorrupted from one host to another, header (or control data), which contains control and addressing
More informationSSVVP SIP School VVoIP Professional Certification
SSVVP SIP School VVoIP Professional Certification Exam Objectives The SSVVP exam is designed to test your skills and knowledge on the basics of Networking, Voice over IP and Video over IP. Everything that
More informationFirewalls, IDS and IPS
Session 9 Firewalls, IDS and IPS Prepared By: Dr. Mohamed Abd-Eldayem Ref.: Corporate Computer and Network Security By: Raymond Panko Basic Firewall Operation 2. Internet Border Firewall 1. Internet (Not
More informationIP Networking. Overview. Networks Impact Daily Life. IP Networking - Part 1. How Networks Impact Daily Life. How Networks Impact Daily Life
Overview Dipl.-Ing. Peter Schrotter Institute of Communication Networks and Satellite Communications Graz University of Technology, Austria Fundamentals of Communicating over the Network Application Layer
More informationCisco Which VPN Solution is Right for You?
Table of Contents Which VPN Solution is Right for You?...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1 Components Used...1 NAT...2 Generic Routing Encapsulation Tunneling...2
More informationFirewall Defaults and Some Basic Rules
Firewall Defaults and Some Basic Rules ProSecure UTM Quick Start Guide This quick start guide provides the firewall defaults and explains how to configure some basic firewall rules for the ProSecure Unified
More informationNetwork Models and Protocols
669-5ch01.fm Page 1 Friday, April 12, 2002 2:01 PM C H A P T E R Network Models and Protocols 1 EXAM OBJECTIVES 1.1 Layered Network Models 1.2 The Layers of the TCP/IP 5-Layer Model 1.3 Network Protocols
More informationVOICE OVER IP AND NETWORK CONVERGENCE
POZNAN UNIVE RSITY OF TE CHNOLOGY ACADE MIC JOURNALS No 80 Electrical Engineering 2014 Assaid O. SHAROUN* VOICE OVER IP AND NETWORK CONVERGENCE As the IP network was primarily designed to carry data, it
More informationNetwork: several computers who can communicate. bus. Main example: Ethernet (1980 today: coaxial cable, twisted pair, 10Mb 1000Gb).
1 / 17 Network: several computers who can communicate. Bus topology: bus Main example: Ethernet (1980 today: coaxial cable, twisted pair, 10Mb 1000Gb). Hardware has globally unique MAC addresses (IDs).
More informationFirewall Introduction Several Types of Firewall. Cisco PIX Firewall
Firewall Introduction Several Types of Firewall. Cisco PIX Firewall What is a Firewall? Non-computer industries: a wall that controls the spreading of a fire. Networks: a designed device that controls
More informationNetworking 4 Voice and Video over IP (VVoIP)
Networking 4 Voice and Video over IP (VVoIP) Course Objectives This course will give delegates a good understanding of LANs, WANs and VVoIP (Voice and Video over IP). It is aimed at those who want to move
More informationChapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding
Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding This chapter describes the configuration for the SSL VPN Tunnel Client and for Port Forwarding. When a remote user accesses the SSL VPN
More informationComputer Networks Vs. Distributed Systems
Computer Networks Vs. Distributed Systems Computer Networks: A computer network is an interconnected collection of autonomous computers able to exchange information. A computer network usually require
More informationNetworks: IP and TCP. Internet Protocol
Networks: IP and TCP 11/1/2010 Networks: IP and TCP 1 Internet Protocol Connectionless Each packet is transported independently from other packets Unreliable Delivery on a best effort basis No acknowledgments
More informationBasic Network Configuration
Basic Network Configuration 2 Table of Contents Basic Network Configuration... 25 LAN (local area network) vs WAN (wide area network)... 25 Local Area Network... 25 Wide Area Network... 26 Accessing the
More informationObjectives of Lecture. Network Architecture. Protocols. Contents
Objectives of Lecture Network Architecture Show how network architecture can be understood using a layered approach. Introduce the OSI seven layer reference model. Introduce the concepts of internetworking
More information