Position Aware Firewall
|
|
- Oliver Anthony
- 8 years ago
- Views:
Transcription
1 Position Aware Firewall ELEC Progress Report #2 University of Victoria March 3, 2008 Students Adam Verigin - averigin@uvic.ca Sean Boyd - seanboyd@uvic.ca Steve Gillan - swgillan@gmail.com Tyler Price - taprice@engr.uvic.ca Group Number 10 Supervisors Stephen W. Neville Michael McGuire
2 Table of Contents Table of Contents i List of Figures ii 1 Project Summary 1 2 Equipment Acquisition 2 3 Gathering Signal Strength Information 3 4 Positioning Testing Link Verification Orientation Variance Graphical Interface Design Goal Application Design Progress Made Remaining Work Future Unplanned Work Firewalling Possible Solutions Website And Other Documentation 10
3 List of Figures 7.1 Inspired Solutions Company Logo Postition Aware Firewall System Diagram
4 1. Project Summary The goal of this project is to design a Position Aware Firewall system that will be able to track the position of an indoor wireless user and grant, limit or deny access depending on the logical restrictions associated with the user s location within the physical domain. Restricting access based on a physical location allows a number of cyber-security issues to be reduced to ones of physical security, which is more easily enforced and regulated. Such an approach is obviously limited by the ability to accurately resolve user positions, so the project will focus on two core areas: 1. Developing the basic function of the overall system 2. Investigating the density of wireless access points (WAP) required to resolve a user s position down to reasonable levels (i.e., within a given room) This project has many applications in real-world systems. A typical application is that this system would deny users in a parking lot outside of a business from using the business wireless connection. Another application would be to restrict students sitting in a lecture to only view content from that course s webpage. One last example would be that a company hosting guests in a conference room would be able to grant them internet privileges, but deny them access to any proprietary information. All these situations occur on a frequent basis in many locations, thus evidencing the marketability of this product.
5 2. Equipment Acquisition In order to achieve accurate position aware firewalling, a number of wireless access points (WAP s) were needed. These WAP s needed to be able to run some form of Linux, perform basic routing, and allow for simple customization. After considering several routers, the Linksys WRT54GL was chosen as the best option due to its ability to run a number of firmware distributions designed including OpenWrt, DD-WRT, and others. Because accuracy is a critical aspect of the project, it was desirable to acquire approximately 10 routers in order ascertain how densely the routers need to be distributed in order to gain usable position resolution. The routers were purchased at Netlink Computers in Vancouver for $63.98 each and picked up to avoid shipping charges. Other necessary equipment included a network switch, CAT5 cabling, and a Linux-based PC to act as a server. All of this equipment has been loaned to the team by the InSPiRe Lab, project supervisors, or the team members themselves.
6 3. Gathering Signal Strength Information The process of gathering signal strength information proved to be much more challenging than anticipated. Firstly, several different firmwares were considered and tested. The list included OpenWrt WhiteRussian, OpenWrt Kamikaze (newer than WhiteRussian) and DD-WRT, which is based upon the OpenWrt package. The main advantage WhiteRussian and DD-WRT held over Kamikaze was that they had a web interface for configuring the router. This issue, while not critical, drastically facilitated the configuration of routers. However, DD-WRT is not, by default, able to store changes outside of the router s configuration into static memory, and enabling such a functionality is quite difficult. This was an issue for this project because the routers needed to run custom software files, which, with DD-WRT, it would be possible to load and run, but if the router were to be rebooted, then the software would be lost since it would be stored in volatile memory. Thus, weighing the options, OpenWrt WhiteRussian was selected as the best operating firmware on which to develop this system, although if time permits, it would be desirable to use DD-WRT and automate the process of committing files to static memory since it has the nicest web interface of all the firmwares tested. In order to make use of these routers for position-aware firewalling, they needed to be able to gather signal strength information. Upon initial observation, it appeared that the WL package, available for all 3 firmwares, would provide the functions needed. The most appealing of these was a scan function that claimed to return Received Signal Strength Information (RSSI) measurements. However, this function was realized to be of no use for gathering client signal strength information as if would only return information for other WAP s; not for clients. Upon this discovery, an alternative method was conceived. This new method would be to use wl assoclist, which would return a list of MAC addresses associated with the measuring WAP, and then use wl rssi macaddress for each associated client to gather an RSSI reading for each. This was possible and resulted in the first measured client signal strengths. However, this method fell short because, in order to gather RSSI measurements for a client, it had to be associated with the measuring WAP, meaning RSSI measurements could only
7 3. Gathering Signal Strength Information 4 be gathered for a client by one WAP. This was useless for position aware firewalling because each WAP needed to be able to gather readings for a given client so their position could be triangulated. Because of this, only two further options remained: create a protocol by which multiple WAP s would switch on and off in sequence so as to gather the readings, of somehow passively intercept packets using wireless routers in monitor mode on top of an existing network. Since implementing a protocol that would synchronize multiple routers in a manner that could disrupt client connections would be difficult and could have detestable side-effects, passive measurement options were sought out. Kismet, an layer 2 wireless network detector, sniffer, and intrusion detection system, emerged as the best possible means by which to gain such measurements. This system used a drone application installed upon one or more WAPs which would intercept packets, and a server application installed on a Linux machine which would localize the intercepted packets and compile the information they contain. Further, a client program could be run on the same machine as the server to take the information and display it in a basic graphical interface, making it easy to observe lists of APs and clients. Thus, as an initial test, the drone application was loaded onto a WAP running OpenWrt Kamikaze, and the server application was installed on an HP Pavillion dv6700 laptop running Ubuntu Upon a successful configuration of both applications, the server was able to connect to the drone and gather data and upon loading the client, a list of observable WAPs and clients was compiled. However, shortly after this achievement, it was observed that no signal strength information was displayed. Upon further investigation, it turned out that Kismet was not able to gather per-packet RSSI from the Broadcom chipset used in the test WAP. Further research, however, lead to the discovery of the IEEE article, Positioning in the Home, written by James Salter, et. al. In this article, he explained that he had edited the Kismet source code so that he could collect per-packet signal strength information. Thus, the next step for progress was to contact him and inquire about what changes he had made. Thankfully, he was willing to send a customized OpenWrt build file with a set of patch files which summarized his changes to the Kismet source code. Further investigation of his changes yielded that he had changed one line of code to extract the signal strength information properly, and had created a protocol named NOMAD that allowed for a TCP client to connect to the Kismet server and receive
8 3. Gathering Signal Strength Information 5 signal strength information for every packet intercepted by the WAP. As a test, a Kismet server was established on one WRT54GL, and telnet was used to log in an initialize the NOMAD protocol. This returned a list including time stamps, source and destination MAC addresses, and signal levels. Next, the Kismet source code for the version running on the laptop was manually edited to apply the necessary changes for NOMAD, and this was also successfully tested. Finally, since the NOMAD protocol did not include an entry for the data s source, modifications were made to the NOMAD code so that this field was also reported, and a script was written to telnet into the Kismet server and log the retrieved data. Using this system, initial testing of the system was conducted. The most recent development regarding RSSI collection has been the writing of a C++ program to connect to the Kismet server and log it with the enhanced functionality of parsing the data and exporting it to a CSV file which can easily be imported into MATLAB. The main goal of this program is to automate the data collection process, and drastically shorten the analysis of the data as well. In the future, position calculation and MySQL logging will be added to this program, which will form the heart of the position aware firewall.
9 4. Positioning Testing 4.1 Link Verification Once the signal strength information has been collected, questions arose regarding the validity of these results. The main issue was whether the value being returned by the Kismet drones was the link between the client and the localized drone (which is desired) or if it just the signal strength value between the client and the broadcast AP. To help determine which scenario was occurring, a broadcast access point and a Kismet drone were placed in opposite corners of a room. The client, connected at the broadcast router, moved toward the Kismet router at an interval of 0.25 m. The expected result was to have a plot where the signal strength reported by the Kismet drone became stronger as a the distance from the client decreased, which will validate that the signal returned by the Kismet drone is a the link between it and the client. If the output would have been a constant line, or the signal was weaker as the distance between the drone and client became closer, it would appear that the RSSI values were being extracted from the packet between the broadcast router and client. From these tests, it was determined that the signal strength increased as the distance decreased, which validated the collected data. 4.2 Orientation Variance Initial results of the positioning measurement tests revealed that the RSSI values are highly affected by the orientation of the wireless user. This can be shown in the results taken at the same location, when rotated by 90 degrees. The non-similarity in the signal will provide a challenge in ensuring that the position calculation is able to negotiate between varying user orientation.
10 5. Graphical Interface 5.1 Design Goal A front-end application is being designed to allow a system administrator to set the physical locations of the drone WAPs and the areas that the access zones cover. Additionally the system administrator, or other system user, should be able to use the application to view the locations of each of the users connected to the wireless network that the drone WAPs are monitoring. 5.2 Application Design The application is currently being developed in Java in order to run on any one of the platforms we are using as part of the system. A simple graphical user interface is being constructed based on the Swing Application Framework, and Hibernate has been implemented for a robust database persistence layer. Interaction with the rest of the system is performed by the server making position calculations and writing the results to a MySQL database server. Time-stamped positions of users (relative to the floor plan coordinates) are written to the database by the position calculator, which are in turn read by the application. 5.3 Progress Made Currently the application is a basic framework for performing the initial setup of the system (not including initial training of the drones). This includes the following functionality: 1. Importing an image of the building s floor plan. 2. Placing the drone access points. 3. Drawing the physical access zones.
11 5.4 Remaining Work 8 4. Saving the setup to the database. The data model for storing the setup to the database has also been created, but work still remains on setting up the position calculator to access the database as well. 5.4 Remaining Work There are several tasks which are remaining before this application will be fully functional: 1. Fixing bugs: there is an error with database transactions in the persistence layer, and the floor plan image is not correctly saved. 2. User locations need to be displayed in real time. A thread needs to be created that constantly grabs the user data from the database and draws the locations on the floor plan. 3. Additional options need to be added for system setup so that the different access zones that are being drawn can be matched to specific rules in the firewall application. 5.5 Future Unplanned Work Unfortunately some of the functionality that would be ideal for this system cannot be completed due to time constraints. For this application to be fully deliverable with the entire system the following should be implemented: 1. Integration with training done for position measurements 2. Integration with firewall application for modifying and creating access rules. 3. Improving precision of drawing the access zones and drone WAPs.
12 6. Firewalling 6.1 Possible Solutions The firewall is being considered to reside on a separate machine that will be connected to the system over an Ethernet link, which will also be connected to the database. The reason for this is to simulate an existing firewall that will tie into the Positioning system. Possible challenges in tying in a firewall application is related to how the firewall will handle the position value calculated by the system. Two options are available for implementing a firewall application that will restrict access via a user s IP address or MAC address: 1. Alter an existing open source firewall application to query the database used by the position calculator and floor plan UI application to associate an IP address with a physical access zone. The difficulty with this option is learning the existing code well enough to make the necessary changes - many open source projects are fairly immature and lack documentation and organization or have matured to a state where the code is large and difficult to maintain. 2. Program a thin layer on top of Iptables to match up IP addresses with rules based on the users location stored in the database. The request would then either be blocked or redirected to a default access denied page.
13 7. Website And Other Documentation The documentation for this project is well under way. Since the inception of this project, a online Wiki was created so that all team members could post any and all information related to the project. The framework for the final report has been created using the document preparation system, L A TEX. Information will be transfered from the Wiki to the final report document. The framework for the website is now under development. A simple, modern, and clean design is desired. The website will contain information regarding the project and team members will be included. All documents related to the project will be available for download. A number of diagrams have been created to include in both the website and final report. Examples of these graphics include a company logo, Figure 7.1, and a system diagram, Figure 7.2. Figure 7.1: Inspired Solutions Company Logo
14 7. Website And Other Documentation 11 Figure 7.2: Postition Aware Firewall System Diagram
Position Aware Firewall
Position Aware Firewall ELEC 499 - Final Report University of Victoria April 4, 2008 Students Adam Verigin - averigin@uvic.ca Sean Boyd - seanboyd@uvic.ca Steve Gillan - swgillan@uvic.ca Tyler Price -
More informationLab 8.4.2 Configuring Access Policies and DMZ Settings
Lab 8.4.2 Configuring Access Policies and DMZ Settings Objectives Log in to a multi-function device and view security settings. Set up Internet access policies based on IP address and application. Set
More informationVIA CONNECT PRO Deployment Guide
VIA CONNECT PRO Deployment Guide www.true-collaboration.com Infinite Ways to Collaborate CONTENTS Introduction... 3 User Experience... 3 Pre-Deployment Planning... 3 Connectivity... 3 Network Addressing...
More informationHacking. Aims. Naming, Acronyms, etc. Sources
Free Technology Workshop Hacking Hands on with wireless LAN routers, packet capture and wireless security Organised by Steven Gordon Bangkadi 3 rd floor IT Lab 10:30-13:30 Friday 18 July 2014 http://ict.siit.tu.ac.th/moodle/.-----.-----.-----..----.
More informationFairsail. Implementer. Fairsail to Active Directory Synchronization. Version 1.0 FS-PS-FSAD-IG-201310--R001.00
Fairsail Implementer Fairsail to Active Directory Synchronization Version 1.0 FS-PS-FSAD-IG-201310--R001.00 Fairsail 2013. All rights reserved. This document contains information proprietary to Fairsail
More informationLab 8.4.2 Configuring Access Policies and DMZ Settings
Lab 8.4.2 Configuring Access Policies and DMZ Settings Objectives Log in to a multi-function device and view security settings. Set up Internet access policies based on IP address and application. Set
More informationVIA COLLAGE Deployment Guide
VIA COLLAGE Deployment Guide www.true-collaboration.com Infinite Ways to Collaborate CONTENTS Introduction... 3 User Experience... 3 Pre-Deployment Planning... 3 Connectivity... 3 Network Addressing...
More informationWiPG Presentation Gateway
WiPG Presentation Gateway Deployment Guide For more information www.wepresentwifi.com Sales: sales@wepresentwifi.com Support: help@wepresentwifi.com wepresent 2015 Contents Introduction 1 User Experience
More informationCCT vs. CCENT Skill Set Comparison
Operation of IP Data Networks Recognize the purpose and functions of various network devices such as Routers, Switches, Bridges and Hubs Select the components required to meet a given network specification
More informationForeScout CounterACT. Device Host and Detection Methods. Technology Brief
ForeScout CounterACT Device Host and Detection Methods Technology Brief Contents Introduction... 3 The ForeScout Approach... 3 Discovery Methodologies... 4 Passive Monitoring... 4 Passive Authentication...
More informationCase Study 2 SPR500 Fall 2009
Case Study 2 SPR500 Fall 2009 6 th November 2009 Due Date: 9 th December 2009 Securing Sotnec's web site using Linux Firewall technology Sotnec corporation, an Open Source Company, consists of a small
More informationLinux Network Security
Linux Network Security Course ID SEC220 Course Description This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Host Security course. Protocols
More informationChapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding
Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding This chapter describes the configuration for the SSL VPN Tunnel Client and for Port Forwarding. When a remote user accesses the SSL VPN
More informationWhat is VLAN Routing?
Application Note #38 February 2004 What is VLAN Routing? This Application Notes relates to the following Dell product(s): 6024 and 6024F 33xx Abstract Virtual LANs (VLANs) offer a method of dividing one
More informationSavvius Insight Initial Configuration
The configuration utility on Savvius Insight lets you configure device, network, and time settings. Additionally, if you are forwarding your data from Savvius Insight to a Splunk server, You can configure
More informationWIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006
WIRELESS SECURITY Information Security in Systems & Networks Public Development Program Sanjay Goel University at Albany, SUNY Fall 2006 1 Wireless LAN Security Learning Objectives Students should be able
More informationOpenWRT - embedded Linux for wireless routers
OpenWRT - embedded Linux for wireless routers Ted Faber USC/ISI USC Viterbi School of Engineering 22 Mar 2007 Outline ISO 1131/IBM 001 Disclaimer: Not an OpenWRT designer or developer There s more than
More information이 기기는 업무용 급 으로 전자파적합등록을 한 기기이오니 판매자 또는 사용자는 이점을 주의하시기 바라며 가정 외의 지역에서 사용하는 것을 목적으로 합니다
020-101186-01 020-101186-01 이 기기는 업무용 급 으로 전자파적합등록을 한 기기이오니 판매자 또는 사용자는 이점을 주의하시기 바라며 가정 외의 지역에서 사용하는 것을 목적으로 합니다 Table of Contents About this Document... 1 Document Conventions... 1 Audience... 1 Related
More informationTen top problems network techs encounter
Ten top problems network techs encounter Networks today have evolved quickly to include business critical applications and services, relied on heavily by users in the organization. In this environment,
More informationDebugging Network Communications. 1 Check the Network Cabling
Debugging Network Communications Situation: you have a computer and your NetBurner device on a network, but you cannot communicate between the two. This application note provides a set of debugging steps
More informationVirtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN
Virtual private network Network security protocols COMP347 2006 Len Hamey Instead of a dedicated data link Packets securely sent over a shared network Internet VPN Public internet Security protocol encrypts
More informationTYLER JUNIOR COLLEGE School of Continuing Studies 1530 SSW Loop 323 Tyler, TX 75701 1.800.298.5226 www.tjc.edu/continuingstudies/mycaa
TYLER JUNIOR COLLEGE School of Continuing Studies 1530 SSW Loop 323 Tyler, TX 75701 1.800.298.5226 www.tjc.edu/continuingstudies/mycaa Education & Training Plan CompTIA N+ Specialist Program Student Full
More informationParticularities of security design for wireless networks in small and medium business (SMB)
Revista Informatica Economică, nr. 4 (44)/2007 93 Particularities of security design for wireless networks in small and medium business (SMB) Nicolae TOMAI, Cluj-Napoca, Romania, tomai@econ.ubbcluj.ro
More informationHow To Configure The Fortigate Cluster Protocol In A Cluster Of Three (Fcfc) On A Microsoft Ipo (For A Powerpoint) On An Ipo 2.5 (For An Ipos 2.2.5)
FortiGate High Availability Guide FortiGate High Availability Guide Document Version: 5 Publication Date: March 10, 2005 Description: This document describes FortiGate FortiOS v2.80 High Availability.
More informationBroadband Phone Gateway BPG510 Technical Users Guide
Broadband Phone Gateway BPG510 Technical Users Guide (Firmware version 0.14.1 and later) Revision 1.0 2006, 8x8 Inc. Table of Contents About your Broadband Phone Gateway (BPG510)... 4 Opening the BPG510's
More informationCDH installation & Application Test Report
CDH installation & Application Test Report He Shouchun (SCUID: 00001008350, Email: she@scu.edu) Chapter 1. Prepare the virtual machine... 2 1.1 Download virtual machine software... 2 1.2 Plan the guest
More informationInstallation of the On Site Server (OSS)
Installation of the On Site Server (OSS) rev 1.1 Step #1 - Initial Connection to the OSS Having plugged in power and an ethernet cable in the eth0 interface (see diagram below) you can connect to the unit
More informationMN-700 Base Station Configuration Guide
MN-700 Base Station Configuration Guide Contents pen the Base Station Management Tool...3 Log ff the Base Station Management Tool...3 Navigate the Base Station Management Tool...4 Current Base Station
More informationΕΠΛ 674: Εργαστήριο 5 Firewalls
ΕΠΛ 674: Εργαστήριο 5 Firewalls Παύλος Αντωνίου Εαρινό Εξάμηνο 2011 Department of Computer Science Firewalls A firewall is hardware, software, or a combination of both that is used to prevent unauthorized
More informationRemote PC Guide for Standalone PC Implementation
Remote PC Guide for Standalone PC Implementation Updated: 2007-01-22 The guide covers features available in NETLAB+ version 3.6.1 and later. IMPORTANT Standalone PC implementation is no longer recommended.
More informationLoad Balancing SIP Quick Reference Guide v1.3.1
Load Balancing SIP Quick Reference Guide v1.3.1 About this Guide This guide provides a quick reference for setting up SIP load balancing using Loadbalancer.org appliances. SIP Ports Port Protocol 5060
More informationOVERVIEW OF TYPICAL WINDOWS SERVER ROLES
OVERVIEW OF TYPICAL WINDOWS SERVER ROLES Before you start Objectives: learn about common server roles which can be used in Windows environment. Prerequisites: no prerequisites. Key terms: network, server,
More informationVoIP technology employs several network protocols such as MGCP, SDP, H323, SIP.
1 VoIP support configuration First used in the mid-1990s, VoIP is an emerging technology for telephone calls and other data transfer. The concept is relatively simple: Use the multiple networks that comprise
More informationImplementation of Virtual Local Area Network using network simulator
1060 Implementation of Virtual Local Area Network using network simulator Sarah Yahia Ali Department of Computer Engineering Techniques, Dijlah University College, Iraq ABSTRACT Large corporate environments,
More informationSSL-VPN 200 Getting Started Guide
Secure Remote Access Solutions APPLIANCES SonicWALL SSL-VPN Series SSL-VPN 200 Getting Started Guide SonicWALL SSL-VPN 200 Appliance Getting Started Guide Thank you for your purchase of the SonicWALL SSL-VPN
More informationFirewall Builder Architecture Overview
Firewall Builder Architecture Overview Vadim Zaliva Vadim Kurland Abstract This document gives brief, high level overview of existing Firewall Builder architecture.
More informationVLAN 802.1Q. 1. VLAN Overview. 1. VLAN Overview. 2. VLAN Trunk. 3. Why use VLANs? 4. LAN to LAN communication. 5. Management port
1. VLAN Overview 2. VLAN Trunk 3. Why use VLANs? 4. LAN to LAN communication 5. Management port 6. Applications 6.1. Application 1 6.2. Application 2 6.3. Application 3 6.4. Application 4 6.5. Application
More informationApplication Discovery Manager User s Guide vcenter Application Discovery Manager 6.2.1
Application Discovery Manager User s Guide vcenter Application Discovery Manager 6.2.1 This document supports the version of each product listed and supports all subsequent versions until the document
More informationInformation Security Training. Assignment 1 Networking
Information Security Training Assignment 1 Networking By Justin C. Klein Keane September 28, 2012 Assignment 1 For this assignment you will utilize several networking utilities
More informationPharos Control User Guide
Outdoor Wireless Solution Pharos Control User Guide REV1.0.0 1910011083 Contents Contents... I Chapter 1 Quick Start Guide... 1 1.1 Introduction... 1 1.2 Installation... 1 1.3 Before Login... 8 Chapter
More informationSchool of Information Technology and Engineering (SITE) CEG 4395: Computer Network Management. Lab 4: Remote Monitoring (RMON) Operations
School of Information Technology and Engineering (SITE) CEG 4395: Computer Network Management Lab 4: Remote Monitoring (RMON) Operations Objective To become familiar with basic RMON operations, alarms,
More informationGregSowell.com. Mikrotik Basics
Mikrotik Basics Terms Used Layer X When I refer to something being at layer X I m referring to the OSI model. VLAN 802.1Q Layer 2 marking on traffic used to segment sets of traffic. VLAN tags are applied
More informationOn Porting iperf to Windows Mobile and Adding BlueTooth Support
On Porting iperf to Windows Mobile and Adding BlueTooth Support Alex Kogan Department of Computer Science Technion, Israel sakogan@cs.technion.ac.il Abstract This paper presents high-level details of two
More informationTransport and Network Layer
Transport and Network Layer 1 Introduction Responsible for moving messages from end-to-end in a network Closely tied together TCP/IP: most commonly used protocol o Used in Internet o Compatible with a
More informationComputer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1
Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls CS426 Fall 2010/Lecture 36 1 Announcements There will be a quiz on Wed There will be a guest lecture on Friday, by Prof. Chris Clifton
More informationGuideline for setting up a functional VPN
Guideline for setting up a functional VPN Why do I want a VPN? VPN by definition creates a private, trusted network across an untrusted medium. It allows you to connect offices and people from around the
More informationUIP1868P User Interface Guide
UIP1868P User Interface Guide (Firmware version 0.13.4 and later) V1.1 Monday, July 8, 2005 Table of Contents Opening the UIP1868P's Configuration Utility... 3 Connecting to Your Broadband Modem... 4 Setting
More informationDomain 5.0: Network Tools
ExamForce.com CompTIA Network+ N10-004 Study Guide 1 Domain 5.0: Network Tools Chapter 5 5.1 Given a scenario, select the appropriate command line interface tool and interpret the output to verify functionality
More informationSecuring Wireless Networks from ARP Cache Poisoning
Securing Wireless Networks from ARP Cache Poisoning A Project Presented to The Faculty of the Department of Computer Science San Jose State University In partial Fulfillment of the Requirements for the
More informationMulti-Homing Dual WAN Firewall Router
Multi-Homing Dual WAN Firewall Router Quick Installation Guide M73-APO09-400 Multi-Homing Dual WAN Firewall Router Overview The Multi-Homing Dual WAN Firewall Router provides three 10/100Mbit Ethernet
More informationWEB CONFIGURATION. Configuring and monitoring your VIP-101T from web browser. PLANET VIP-101T Web Configuration Guide
WEB CONFIGURATION Configuring and monitoring your VIP-101T from web browser The VIP-101T integrates a web-based graphical user interface that can cover most configurations and machine status monitoring.
More informationFirewall VPN Router. Quick Installation Guide M73-APO09-380
Firewall VPN Router Quick Installation Guide M73-APO09-380 Firewall VPN Router Overview The Firewall VPN Router provides three 10/100Mbit Ethernet network interface ports which are the Internal/LAN, External/WAN,
More informationNMS300 Network Management System
NMS300 Network Management System User Manual June 2013 202-11289-01 350 East Plumeria Drive San Jose, CA 95134 USA Support Thank you for purchasing this NETGEAR product. After installing your device, locate
More informationNetwork Defense Tools
Network Defense Tools Prepared by Vanjara Ravikant Thakkarbhai Engineering College, Godhra-Tuwa +91-94291-77234 www.cebirds.in, www.facebook.com/cebirds ravikantvanjara@gmail.com What is Firewall? A firewall
More informationConfiguring WAN Failover & Load-Balancing
SonicOS Configuring WAN Failover & Load-Balancing Introduction This new feature for SonicOS 2.0 Enhanced gives the user the ability to designate one of the user-assigned interfaces as a Secondary or backup
More informationDell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide
Dell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your computer.
More informationTraffic Analyzer Based on Data Flow Patterns
AUTOMATYKA 2011 Tom 15 Zeszyt 3 Artur Sierszeñ*, ukasz Sturgulewski* Traffic Analyzer Based on Data Flow Patterns 1. Introduction Nowadays, there are many systems of Network Intrusion Detection System
More informationUsing Cisco UC320W with Windows Small Business Server
Using Cisco UC320W with Windows Small Business Server This application note explains how to deploy the Cisco UC320W in a Windows Small Business Server environment. Contents This document includes the following
More informationΕΠΛ 475: Εργαστήριο 9 Firewalls Τοίχοι πυρασφάλειας. University of Cyprus Department of Computer Science
ΕΠΛ 475: Εργαστήριο 9 Firewalls Τοίχοι πυρασφάλειας Department of Computer Science Firewalls A firewall is hardware, software, or a combination of both that is used to prevent unauthorized Internet users
More informationModern snoop lab lite version
Modern snoop lab lite version Lab assignment in Computer Networking OpenIPLab Department of Information Technology, Uppsala University Overview This is a lab constructed as part of the OpenIPLab project.
More informationWhite Paper. The Ten Features Your Web Application Monitoring Software Must Have. Executive Summary
White Paper The Ten Features Your Web Application Monitoring Software Must Have Executive Summary It s hard to find an important business application that doesn t have a web-based version available and
More informationDeveloping Wireless GPIB Test Systems Using the GPIB-ENET/100
Application Note 184 Developing Wireless GPIB Test Systems Using the GPIB-ENET/100 Introduction The National Instruments GPIB-ENET/100 expands the options for size, distance, environmental conditions,
More informationIP Link Best Practices for Network Integration and Security. Introduction...2. Passwords...4 ACL...5 VLAN...6. Protocols...6. Conclusion...
IP Link Best Practices for Network Integration and Security Table of Contents Introduction...2 Passwords...4 ACL...5 VLAN...6 Protocols...6 Conclusion...9 Abstract Extron IP Link technology enables A/V
More informationMinimal network traffic is the result of SiteAudit s design. The information below explains why network traffic is minimized.
SiteAudit Knowledge Base Network Traffic March 2012 In This Article: SiteAudit s Traffic Impact How SiteAudit Discovery Works Why Traffic is Minimal How to Measure Traffic Minimal network traffic is the
More informationOwn your LAN with Arp Poison Routing
Own your LAN with Arp Poison Routing By: Rorik Koster April 17, 2006 Security is a popular buzzword heard every day throughout our American culture and possibly even more so in our global economy. From
More informationFirewall Security: Policies, Testing and Performance Evaluation
Firewall Security: Policies, Testing and Performance Evaluation Michael R. Lyu and Lorrien K. Y. Lau Department of Computer Science and Engineering The Chinese University of Hong Kong, Shatin, HK lyu@cse.cuhk.edu.hk,
More informationChapter 6 Using Network Monitoring Tools
Chapter 6 Using Network Monitoring Tools This chapter describes how to use the maintenance features of your Wireless-G Router Model WGR614v9. You can access these features by selecting the items under
More informationOpenCPN Garmin Radar Plugin
OpenCPN Garmin Radar Plugin Hardware Interface The Garmin Radar PlugIn for OpenCPN requires a specific hardware interface in order to allow the OpenCPN application to access the Ethernet data captured
More informationH0/H2/H4 -ECOM100 DHCP & HTML Configuration. H0/H2/H4--ECOM100 DHCP Disabling DHCP and Assigning a Static IP Address Using HTML Configuration
H0/H2/H4 -ECOM100 DHCP & HTML 6 H0/H2/H4--ECOM100 DHCP Disabling DHCP and Assigning a Static IP Address Using HTML 6-2 H0/H2/H4 -ECOM100 DHCP DHCP Issues The H0/H2/H4--ECOM100 is configured at the factory
More informationebus Player Quick Start Guide
ebus Player Quick Start Guide This guide provides you with the information you need to efficiently set up and start using the ebus Player software application to control your GigE Vision or USB3 Vision
More informationUBIQUITI BRIDGE CONFIGURATION PROCEDURE (PowerStation & NanoStation Units ONLY)
UBIQUITI BRIDGE CONFIGURATION PROCEDURE (PowerStation & NanoStation Units ONLY) Hardware Installation 1. Initial placement for programming and configuration purposes should be performed in an indoor environment.
More informationNetworking and High Availability
TECHNICAL BRIEF Networking and High Availability Deployment Note Imperva appliances support a broad array of deployment options, enabling seamless integration into any data center environment. can be configured
More informationXerox Multifunction Devices. Verify Device Settings via the Configuration Report
Xerox Multifunction Devices Customer Tips March 15, 2007 This document applies to these Xerox products: X WC 4150 X WCP 32/40 X WCP 35/45/55 X WCP 65/75/90 X WCP 165/175 X WCP 232/238 X WCP 245/255 X WCP
More informationNetworking Devices. Lesson 6
Networking Devices Lesson 6 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Network Interface Cards Modems Media Converters Repeaters and Hubs Bridges and
More informationHow To Use The Dcml Framework
DCML Framework Use Cases Introduction Use Case 1: Monitoring Newly Provisioned Servers Use Case 2: Ensuring Accurate Asset Inventory Across Multiple Management Systems Use Case 3: Providing Standard Application
More informationNote: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.
Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials. CHAPTER 5 OBJECTIVES Configure a router with an initial configuration. Use the
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationCTS2134 Introduction to Networking. Module 8.4 8.7 Network Security
CTS2134 Introduction to Networking Module 8.4 8.7 Network Security Switch Security: VLANs A virtual LAN (VLAN) is a logical grouping of computers based on a switch port. VLAN membership is configured by
More informationA Heterogeneous Internetworking Model with Enhanced Management and Security Functions
Session 1626 A Heterogeneous Internetworking Model with Enhanced Management and Security Functions Youlu Zheng Computer Science Department University of Montana Yan Zhu Sybase, Inc. To demonstrate how
More informationTechnology Spotlight on Cellular Data Networking for SCADA system networks. Presented by Teamwork Solutions, Inc.
on Cellular Data Networking for SCADA system networks Presented by Teamwork Solutions, Inc. Wireless (Cellular) Data Networking Internet SCADA Server How Wireless (Cellular) Data Networking Works Dynamic
More informationMeasuring Wireless Network Performance: Data Rates vs. Signal Strength
EDUCATIONAL BRIEF Measuring Wireless Network Performance: Data Rates vs. Signal Strength In January we discussed the use of Wi-Fi Signal Mapping technology as a sales tool to demonstrate signal strength
More informationNetwork Access Security. Lesson 10
Network Access Security Lesson 10 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Firewalls Given a scenario, install and configure routers and switches.
More informationRTX41xx. Wi-Fi Module
RTX41xx Wi-Fi Module Module variants covered by this document: RTX4100 RTX4140 Application note AN8 Software Access Point Mode (Soft AP) Application note SoftAP RTX41xx Wi-Fi Module 1 CONTENT 1 Introduction...
More informationIT 3202 Internet Working (New)
[All Rights Reserved] SLIATE SRI LANKA INSTITUTE OF ADVANCED TECHNOLOGICAL EDUCATION (Established in the Ministry of Higher Education, vide in Act No. 29 of 1995) Instructions for Candidates: Answer any
More informationIntroduction to Network Security Lab 1 - Wireshark
Introduction to Network Security Lab 1 - Wireshark Bridges To Computing 1 Introduction: In our last lecture we discussed the Internet the World Wide Web and the Protocols that are used to facilitate communication
More informationData Communication Networks and Converged Networks
Data Communication Networks and Converged Networks The OSI Model and Encapsulation Layer traversal through networks Protocol Stacks Converged Data/Telecommunication Networks From Telecom to Datacom, Asynchronous
More informationRouter Lab Reference Guide
Router Lab Reference Guide 1 PURPOSE AND GOALS The routing lab allows testing different IP-related protocols and solutions in a close to live environment. You can learn how to configure Cisco routers and
More informationFirewall implementation and testing
Firewall implementation and testing Patrik Ragnarsson, Niclas Gustafsson E-mail: ragpa737@student.liu.se, nicgu594@student.liu.se Supervisor: David Byers, davby@ida.liu.se Project Report for Information
More informationEfficient and easy-to-use network access control and dynamic vlan management. Date: 4.12.2007 http:// F r e e N A C. n e t Copyright @2007, Swisscom
Efficient and easy-to-use network access control and dynamic vlan management Date: 4.12.2007 http:// F r e e N A C. n e t Copyright @2007, Swisscom 1 Connection to the enterprise LAN is often (too) easy
More informationNetwork Instruments white paper
Network Instruments white paper USING A NETWORK ANALYZER AS A SECURITY TOOL Network Analyzers are designed to watch the network, identify issues and alert administrators of problem scenarios. These features
More informationThe next generation of knowledge and expertise Wireless Security Basics
The next generation of knowledge and expertise Wireless Security Basics HTA Technology Security Consulting., 30 S. Wacker Dr, 22 nd Floor, Chicago, IL 60606, 708-862-6348 (voice), 708-868-2404 (fax), www.hta-inc.com
More informationDominion KX II-101-V2
Dominion KX II-101-V2 Quick Setup Guide Thank you for your purchase of the Dominion KX II-101-V2, the economical, full-featured, single-port digital KVM-over-IP device. For details on using the KX II-101-V2,
More informationThis document gives an outline of Tim Ward s work on mobile phone systems 2002 2012.
MOBILE PHONE SYSTEMS Tim Ward, Brett Ward Limited, 11/4/2012 This document gives an outline of Tim Ward s work on mobile phone systems 2002 2012. Details of some work for the security industry are omitted.
More informationR&S AFQ100A, R&S AFQ100B I/Q Modulation Generator Supplement
I/Q Modulation Generator Supplement The following description relates to the Operating Manuals, version 03 of R&S AFQ100A, and version 01 of R&S AFQ100B. It encloses the following topics: LXI features,
More informationIntroduction. What is a Remote Console? What is the Server Service? A Remote Control Enabled (RCE) Console
Contents Introduction... 3 What is a Remote Console?... 3 What is the Server Service?... 3 A Remote Control Enabled (RCE) Console... 3 Differences Between the Server Service and an RCE Console... 4 Configuring
More informationUsing Nessus to Detect Wireless Access Points. March 6, 2015 (Revision 4)
Using Nessus to Detect Wireless Access Points March 6, 2015 (Revision 4) Table of Contents Introduction... 3 Why Detect Wireless Access Points?... 3 Wireless Scanning for WAPs... 4 Detecting WAPs using
More informationVisuSniff: A Tool For The Visualization Of Network Traffic
VisuSniff: A Tool For The Visualization Of Network Traffic Rainer Oechsle University of Applied Sciences, Trier Postbox 1826 D-54208 Trier +49/651/8103-508 oechsle@informatik.fh-trier.de Oliver Gronz University
More informationCREW - FP7 - GA No. 258301. Cognitive Radio Experimentation World. Project Deliverable D7.5.4 Showcase of experiment ready (Demonstrator)
Cognitive Radio Experimentation World!"#$% Project Deliverable Showcase of experiment ready (Demonstrator) Contractual date of delivery: 31-03-14 Actual date of delivery: 18-04-14 Beneficiaries: Lead beneficiary:
More informationSupporting Multiple Firewalled Subnets on SonicOS Enhanced
SONICOS ENHANCED Supporting Multiple Firewalled Subnets on SonicOS Enhanced Introduction This tech note describes how to configure secondary subnets with static ARP which allows multiple subnets to be
More informationWHITE PAPER. WEP Cloaking for Legacy Encryption Protection
WHITE PAPER WEP Cloaking for Legacy TM Encryption Protection Introduction Wired Equivalent Privacy (WEP) is the encryption protocol defined in the original IEEE 802.11 standard for Wireless Local Area
More information