DATA COMMUNICATIONS MANAGEMENT. Gilbert Held INSIDE
|
|
- Lorena Price
- 8 years ago
- Views:
Transcription
1 DATA COMMUNICATIONS MANAGEMENT PROTECTING A NETWORK FROM SPOOFING AND DENIAL OF SERVICE ATTACKS Gilbert Held INSIDE Spoofing; Spoofing Methods; Blocking Spoofed Addresses; Anti-spoofing Statements; Ping Attacks; Directed Broadcasts INTRODUCTION Along with the evolution of technology, we have witnessed an unfortunate increase in random violence in society. While it is doubtful if the two are related, it is a matter of fact that some violence is directed at computers operated by federal, state, and local governments, universities, and commercial organizations. That violence typically occurs in the form of attempts to break into computers via a remote communications link or to deny other persons the use of computational facilities by transmitting a sequence of bogus requests to the network to which a computer is connected. Because either situation can adversely affect the operational capability of an organization s computational facilities, any steps one can initiate to enhance the security of a network and networked computers may alleviate such attacks. This article examines several common types of hacker attacks against networks and networked computers. In doing so, it first examines how the attack occurs. Once an appreciation for the method associated with an attack is obtained, attention can focus on techniques that can be used to prevent such attacks. Because the vast majority of routers used for Internet and intranet communications are manufactured by Cisco Systems, examples illustrating the use of the Cisco Systems Internetwork Opera- PAYOFF IDEA Protecting one s network from outside attack has become more critical than ever. This article examines several common types of hacker attacks against networks and illustrates methods to prevent those attacks.
2 DATA COMMUNICATIONS MANAGEMENT tion System (IOS) will be used when applicable to denote different methods to enhance network security. By examining the information presented in this article, one will note practical methods that can be implemented to add additional protection to an organization s network. Thus, this article serves both as a tutorial concerning spoofing and denial of service attacks, as well as a practical guide to prevent such activities. SPOOFING According to Mr. Webster, the term spoof means to deceive or hide. In communications, the term spoofing is typically associated with a person attempting to perform an illegal operation. That person, commonly referred to as a hacker, spoofs or hides the source address contained in the packets he or she transmits. The rationale for hiding the hacker s source address is to make it difficult, if not impossible, for the true source of the attack to be identified. Because spoofing is employed by most hackers that spend the time to develop different types of network attacks, one should first examine how spoofing occurs. This is followed by a discussion of methods one can employ to prevent certain types of spoofed packets from flowing into a network. SPOOFING METHODS There are several methods hackers can use to spoof their source addresses. The easiest method is to configure their protocol stack with a bogus address. In a TCP/IP environment, this can be easily accomplished by a person coding a bogus IP address in the network address configuration screen displayed by the operating system supported by their computer. Because only the destination address is normally checked by networking devices (such as routers and gateways), it is relatively easy to hide one s identity by configuring a bogus source IP address in one s protocol stack. When configuring a bogus IP address, hackers, for some unknown reason, commonly use either an address associated with the attacked network or with an RFC 1918 address. Concerning the latter, RFC 1918 defines three blocks of IP addresses for use on private IP networks. Because the use of RFC 1918 addresses on networks directly connected to the Internet would result in duplicated IP addresses, they are barred from direct use on the Internet. Instead, they are commonly used by organizations that have more computers than assigned IP addresses. For example, assume an organization originally requested one Class C IP address from their Internet Service Provider (ISP). A Class C IP address is capable of supporting up to 254 hosts, because host addresses 0 and 255 cannot be used. Now suppose the organization grew and required more than 254 workstations to be connected to the Internet. While the organization could request another Class C network address from its ISP, such addresses are becoming difficult to obtain and the organization might have
3 PROTECTING A NETWORK FROM SPOOFING AND DENIAL OF SERVICE ATTACKS EXHIBIT 1 Using RFC 1918 Addresses and Network Address Translation to Support Internet Connectivity for Many Workstations to wait weeks or months to obtain the requested address. As an alternative, the organization could use RFC 1918 addresses and use its router to perform network address translation as illustrated in Exhibit 1. In examining Exhibit 1, note that two Ethernet segments are shown behind the router. Each segment could represent an individual Class C network using RFC 1918 addresses. The router would translate those RFC 1918 addresses to either a group of pooled Class C addresses or one Class C address, with the method of translation based on the manner in which the router s translation facility was configured. If a pooled Class C address is used, the number of simultaneous sessions is limited to 254. If one Class C address is used, the router uses TCP and UDP port numbers to translate from RFC 1918 addresses to a common Class C address, with port numbers used to keep track of each address translation. Because there are thousands of unused port numbers, this method provides a greater translation capability as it limits or avoids potential contention between users behind the router requesting access to the Internet and available IP addresses. Perhaps because RFC 1918 addresses are popularly used by many organizations, yet hidden by network address translation, they are commonly used as a source address when a hacker configures his or her protocol stack. Exhibit 2 lists the three address blocks reserved for private IP networks under RFC EXHIBIT 2 RFC 1918 Address Blocks
4 DATA COMMUNICATIONS MANAGEMENT The use of an RFC 1918 address or the selection of an address from the target network results in a static source address. While this is by far the most common method of IP address spoofing, on occasion a sophisticated hacker will write a program that randomly generates source addresses. As will be noted shortly, only when those randomly generated source addresses represent an address on the target network or an RFC 1918 address are they relatively easy to block. BLOCKING SPOOFED ADDRESSES Because a router represents the point of entry into a network, it also represents one s first line of defense. Most routers support packet filtering, allowing the network administrator to configure the router to either permit or deny the flow of packets, based on the contents of one or more fields in a packet. Cisco routers use access lists as a mechanism to perform packet filtering. A Cisco router supports two basic types of access lists: standard and extended. A Cisco standard IP access list performs filtering based on the source address in each packet. The format of a standard IP access list statement is shown below: access-list list# [permit/deny][ip address][mask][log] The list# is a number between 1 and 99 and identifies the access list as a standard access list. Each access list statement contains either the keyword permit or deny, which results in the packet with the indicated IP address either being permitted to flow through a router or sent to the great bit bucket in the sky. The mask represents a wildcard mask that functions in a reverse manner to a subnet mask. That is, a binary 0 is used to represent a don t-care condition. Note this is the opposite of the use of binary 0s and 1s in a subnet mask. In fact, the wildcard mask used by a Cisco router is the inverse of a subnet mask, and each position in the wildcard mask can be obtained by subtracting the value of the subnet mask for that position from 255. The keyword log is optional and when included results in each match against a packet being displayed on the router s console. Logging can facilitate the development of access lists as well as serve as a mechanism to display activity that the access list was constructed to permit or deny. Thus, on occasion, it can be used to see if one s router is under attack or if suspicious activity is occurring. In a Cisco router environment, access lists are applied to an interface in the inbound or outbound direction. To do so, one would use an interface command and an ip access-group command. Because spoofed IP addresses represent packets with bogus source addresses, one can use either standard or extended access lists to block such packets from enter-
5 PROTECTING A NETWORK FROM SPOOFING AND DENIAL OF SERVICE ATTACKS EXHIBIT 3 Connecting an Ethernet Segment to the Ethernet ing a network. Since extended access lists will be discussed and described later in this article, we first illustrate the use of a standard access list to block packets with spoofed IP addresses. In doing so, assume an organization uses a Cisco router as illustrated in Exhibit 3 to connect a single Ethernet segment with a Web server and conventional workstations to the Internet. In examining Exhibit 3, note that it is assumed that the network address is and the server has the IP address of ANTI-SPOOFING STATEMENTS Because statements in a Cisco access list are operated upon in their sequence, top down, one should place anti-spoofing statements at the beginning of the access list. Since one wants to protect the network from persons attempting to remotely access the network via the Internet, one would apply the anti-spoofing statements in the access list to be created to the serial interface of the router. The access list will be applied in the inbound direction since one wants to examine packets flowing from the Internet toward the organization s Ethernet segment for bogus IP addresses. The example shown in Exhibit 4 illustrates the configuration and application of a Cisco standard IP access list to effect anti-spoofing operations. In this example, four deny statements at the beginning of the access list preclude packets with a source address of any possible host on the organization s network, as well as any RFC 1918 address from flowing through the router. The first deny statement checks each packet for a source address associated with the network. Note that the wildcard mask of results in the router matching the first three positions of each dotted decimal address but not caring about the fourth position. Thus, any
6 DATA COMMUNICATIONS MANAGEMENT EXHIBIT 4 An Access List that Performs Anti-Spoofing Operations interface serial 0 ip access-group1 in! ip access-list1 deny ip access-list1 deny ip access-list1 deny ip access-list1 deny ip access-list1 permit packet with a source address associated with the internal network will be tossed into the great bit bucket in the sky. The next three deny statements in effect bar packets that use any RFC 1918 address as their source address. Because an access list denies all packets unless explicitly permitted, the access list just created would support anti-spoofing but disallow all other packets. Thus, a permit statement was added at the end of the access list. That statement uses a wildcard mask of , which in effect is a complete don t-care and represents the keyword any that one can use synonymously in a Cisco access list to represent an address and mask value of Since statements are evaluated in their order in the list, if a packet does not have a source address on the network or an RFC 1918 address, it is permitted to flow through the router. Also note that the command interface serial 0 defines serial port 0 as the interface the access list will be applied to, while the command ip access-group 1 in defines that access-list1 will be applied to the serial 0 port in the inbound direction. Now that there is an appreciation for how one can prevent packets with spoofed IP addresses from flowing into a network, attention can be turned to the manner by which one can prevent several types of denial of service attacks. PING ATTACKS One of the more common methods of creating a denial of service attack occurs when a person in a computer laboratory goes from workstation to workstation and configures each computer to ping a target using the -t option supported by most versions of Windows. The -t option results in the computer continuously pinging the target IP address. While one or a few workstations continuously pinging a Web server will only slightly impact the performance of the server, setting 50 or 100 or more workstations to continuously ping a server can result in the server spending most of its time responding to pings instead of user queries. One method that can be used to prevent a ping attack is to block pings from entering the network. If the organization uses a Cisco router, one can block pings through the use of an extended IP access list. The format of a Cisco extended IP access list is shown below.
7 PROTECTING A NETWORK FROM SPOOFING AND DENIAL OF SERVICE ATTACKS access-list list# [permit/deny] protocol [source address] [source-wildcard][source port][destination address] [destination-wildcard][destination port][options] Unlike a standard IP access list that is limited to filtering based on the source address in a packet, an extended access list permits filtering based on several fields. Those fields include the type of protocol transported in the packet, its source address and destination address, and upper layer protocol information. Concerning the latter, one can use extended IP access lists to filter packets based on the value in their source and destination port fields. In addition to the preceding, an extended access list supports a range of options (such as log ), as well as other keywords to enable specific types of access-list functions. Returning to the problem at hand, how can one bar pings into an organization s network? The answer to this question is to use an extended IP access list. To do so, one would configure an access list statement that uses the ICMP protocol, since pings are transported by ICMP echo-request packets. The following Cisco extended IP access list statement could be used to block pings: access-list 101 deny icmp any any echo-request In the above extended IP access list statement, one will block echo-requests (pings) from any source address flowing to any destination address. Because one would apply the access list to the serial interface in the inbound direction, it would block pings from any address on the Internet destined to any address on the organization s Ethernet network. Knowing how to block pings, one can focus attention on another type of hacker denial of service attack as directed broadcasts. DIRECTED BROADCASTS Refocusing on Exhibit 3, one notes that the network address of represents a Class C network. A Class C network uses 3 bytes of its 4-byte address for the network address and 1 byte for the host address. Although an 8-bit byte can support 256 distinct numbers (0 to 255), an address of 0 is used to represent this network, while an address of 255 is used to represent a broadcast address. Thus, a maximum of 254 hosts can be connected to a Class C network. A directed broadcast occurs when a user on one network addresses a packet to the broadcast address of another network. In this example, that would be accomplished by sending a packet to the destination address of The arrival of this packet results in the router converting the layer 3 packet into a layer 2 Ethernet frame addressed to everyone on the network as a layer 2 broadcast. This means that each host on
8 DATA COMMUNICATIONS MANAGEMENT the Ethernet network will respond to the frame and results in a heavy load of traffic flowing on the LAN. One of the first types of directed broadcast attacks is referred to as a Smurf attack. Under this denial of service attack method, a hacker created a program that transmitted thousands of echo-request packets to the broadcast address of a target network. To provide an even more insidious attack, the hacker spoofed his or her IP address to that of a host on another network that he or she also desired to attack. The result of this directed broadcast attack was to deny service to two networks through a single attack. Each host on the target network that is attacked with a directed broadcast responds to each echo-request with an echo-response. Thus, each ping flowing onto the target network can result in up to 254 responses. When multiplied by a continuous sequence of echo-requests flowing to the target network, this will literally flood the target network, denying bandwidth to other applications. Because the source IP address is spoofed, responses are directed to the spoofed address. If the hacker used an IP address of a host on another network that the hacker wishes to harm, the effect of the attack is a secondary attack. The secondary attack results in tens of thousands to millions of echo-responses flowing to the spoofed IP address, clogging the Internet access connection to the secondary network. Although the original Smurf attack used ICMP echo-requests that could be blocked by an access list constructed to block inbound pings, hackers soon turned to the directed broadcast of other types of packets in an attempt to deny service by using a large amount of network bandwidth. Recognizing the problem of directed broadcasts, Cisco Systems and other router manufacturers soon added the capability to block directed broadcasts on each router interface. On a Cisco router, one would use the following IOS command to turn off the ability for packets containing a directed broadcast address to flow through the router: no ip directed-broadcast SUMMARY This article focused on methods that can be used to prevent packets containing commonly used spoofed IP addresses from flowing into an organization s network. In addition, it also examined how several popular denial of service attacks operate and methods one can employ to block such attacks. When considering measures that one can employ to secure a network, it is important to note that there is no such thing as a totally secure network. Unfortunately for society, many hackers are very smart and view the disruption of the operational status of a network as a challenge, pe-
9 PROTECTING A NETWORK FROM SPOOFING AND DENIAL OF SERVICE ATTACKS riodically developing new methods to disrupt network activity. To keep up with the latest threats in network security, one should subscribe to security bulletins issued by the Computer Emergency Response Team (CERT) as well as periodically review release notes issued by the manufacturer of your organization s routers and firewalls. Doing so will alert one to new threats, as well as potential methods one can use to alleviate or minimize the effect of such threats. Gilbert Held is an award-winning author and lecturer. Gil is the author of over 40 books and 400 technical articles focused on computers and data communications. Some of Gil s recent titles include Voice over Data Networks Covering IP and Frame Relay, 2nd ed., and Cisco Security Architecture, both published by McGraw-Hill. Gil can be reached via at @mcimail.com.
UPPER LAYER SWITCHING
52-20-40 DATA COMMUNICATIONS MANAGEMENT UPPER LAYER SWITCHING Gilbert Held INSIDE Upper Layer Operations; Address Translation; Layer 3 Switching; Layer 4 Switching OVERVIEW The first series of LAN switches
More informationco Characterizing and Tracing Packet Floods Using Cisco R
co Characterizing and Tracing Packet Floods Using Cisco R Table of Contents Characterizing and Tracing Packet Floods Using Cisco Routers...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1
More informationPROTECTING NETWORKS WITH FIREWALLS
83-10-44 DATA SECURITY MANAGEMENT PROTECTING NETWORKS WITH FIREWALLS Gilbert Held INSIDE Connecting to the Internet; Router Packet Filtering; Firewalls; Address Hiding; Proxy Services; Authentication;
More informationThe Cisco IOS Firewall feature set is supported on the following platforms: Cisco 2600 series Cisco 3600 series
Cisco IOS Firewall Feature Set Feature Summary The Cisco IOS Firewall feature set is available in Cisco IOS Release 12.0. This document includes information that is new in Cisco IOS Release 12.0(1)T, including
More informationINTRODUCTION TO VOICE OVER IP
52-30-20 DATA COMMUNICATIONS MANAGEMENT INTRODUCTION TO VOICE OVER IP Gilbert Held INSIDE Equipment Utilization; VoIP Gateway; Router with Voice Modules; IP Gateway; Latency; Delay Components; Encoding;
More information2. IP Networks, IP Hosts and IP Ports
1. Introduction to IP... 1 2. IP Networks, IP Hosts and IP Ports... 1 3. IP Packet Structure... 2 4. IP Address Structure... 2 Network Portion... 2 Host Portion... 3 Global vs. Private IP Addresses...3
More informationIP Addressing A Simplified Tutorial
Application Note IP Addressing A Simplified Tutorial July 2002 COMPAS ID 92962 Avaya Labs 1 All information in this document is subject to change without notice. Although the information is believed to
More information20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7
20-CS-6053-00X Network Security Spring, 2014 An Introduction To Network Security Week 1 January 7 Attacks Criminal: fraud, scams, destruction; IP, ID, brand theft Privacy: surveillance, databases, traffic
More informationFirewall Introduction Several Types of Firewall. Cisco PIX Firewall
Firewall Introduction Several Types of Firewall. Cisco PIX Firewall What is a Firewall? Non-computer industries: a wall that controls the spreading of a fire. Networks: a designed device that controls
More informationSecurity Technology White Paper
Security Technology White Paper Issue 01 Date 2012-10-30 HUAWEI TECHNOLOGIES CO., LTD. 2012. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without
More information51-30-10 Selecting a Firewall Gilbert Held
51-30-10 Selecting a Firewall Gilbert Held Payoff Although a company may reap significant benefits from connecting to a public network such as the Internet, doing so can sometimes compromise the security
More informationChapter 2 TCP/IP Networking Basics
Chapter 2 TCP/IP Networking Basics A network in your home or small business uses the same type of TCP/IP networking that is used for the Internet. This manual provides an overview of IP (Internet Protocol)
More informationSecurity and Access Control Lists (ACLs)
Security and Access Control Lists (ACLs) Malin Bornhager Halmstad University Session Number 2002, Svenska-CNAP Halmstad University 1 Objectives Security Threats Access Control List Fundamentals Access
More informationAbstract. Introduction. Section I. What is Denial of Service Attack?
Abstract In this report, I am describing the main types of DoS attacks and their effect on computer and network environment. This report will form the basis of my forthcoming report which will discuss
More informationUNDERSTANDING IP ADDRESSING
52-20-31 DATA COMMUNICATIONS MANAGEMENT UNDERSTANDING IP ADDRESSING Gilbert Held INSIDE The IP Addressing Scheme; Dotted Decimal Notation; Basic Workstation Configuration; Reserved Addresses; Subnetting;
More informationCMPT 471 Networking II
CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access
More informationSUBNETTING SCENARIO S
SUBNETTING SCENARIO S This white paper provides several in-depth scenario s dealing with a very confusing topic, subnetting. Many networking engineers need extra practice to completely understand the intricacies
More informationTable of Contents. Configuring IP Access Lists
Table of Contents...1 Introduction...1 Prerequisites...2 Hardware and Software Versions...2 Understanding ACL Concepts...2 Using Masks...2 Summarizing ACLs...3 Processing ACLs...4 Defining Ports and Message
More informationFIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others
FIREWALLS FIREWALLS Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others FIREWALLS: WHY Prevent denial of service attacks: SYN flooding: attacker
More information1. Firewall Configuration
1. Firewall Configuration A firewall is a method of implementing common as well as user defined security policies in an effort to keep intruders out. Firewalls work by analyzing and filtering out IP packets
More informationProtecting and controlling Virtual LANs by Linux router-firewall
Protecting and controlling Virtual LANs by Linux router-firewall Tihomir Katić Mile Šikić Krešimir Šikić Faculty of Electrical Engineering and Computing University of Zagreb Unska 3, HR 10000 Zagreb, Croatia
More informationImplementing Secure Converged Wide Area Networks (ISCW)
Implementing Secure Converged Wide Area Networks (ISCW) 1 Mitigating Threats and Attacks with Access Lists Lesson 7 Module 5 Cisco Device Hardening 2 Module Introduction The open nature of the Internet
More informationChapter 12 Supporting Network Address Translation (NAT)
[Previous] [Next] Chapter 12 Supporting Network Address Translation (NAT) About This Chapter Network address translation (NAT) is a protocol that allows a network with private addresses to access information
More informationNetworking Test 4 Study Guide
Networking Test 4 Study Guide True/False Indicate whether the statement is true or false. 1. IPX/SPX is considered the protocol suite of the Internet, and it is the most widely used protocol suite in LANs.
More informationHow To Block On A Network With A Group Control On A Router On A Linux Box On A Pc Or Ip Access Group On A Pnet 2 On A 2G Router On An Ip Access-Group On A Ip Ip-Control On A Net
Using Access-groups to Block/Allow Traffic in AOS When setting up an AOS unit, it is important to control which traffic is allowed in and out. In many cases, the built-in AOS firewall is the most efficient
More informationChapter 4 Customizing Your Network Settings
Chapter 4 Customizing Your Network Settings This chapter describes how to configure advanced networking features of the RangeMax Dual Band Wireless-N Router WNDR3300, including LAN, WAN, and routing settings.
More informationConfiguring Network Address Translation (NAT)
8 Configuring Network Address Translation (NAT) Contents Overview...................................................... 8-3 Translating Between an Inside and an Outside Network........... 8-3 Local and
More informationClassic IOS Firewall using CBACs. 2012 Cisco and/or its affiliates. All rights reserved. 1
Classic IOS Firewall using CBACs 2012 Cisco and/or its affiliates. All rights reserved. 1 Although CBAC serves as a good foundation for understanding the revolutionary path toward modern zone based firewalls,
More informationFirewall Defaults and Some Basic Rules
Firewall Defaults and Some Basic Rules ProSecure UTM Quick Start Guide This quick start guide provides the firewall defaults and explains how to configure some basic firewall rules for the ProSecure Unified
More informationCisco Secure PIX Firewall with Two Routers Configuration Example
Cisco Secure PIX Firewall with Two Routers Configuration Example Document ID: 15244 Interactive: This document offers customized analysis of your Cisco device. Contents Introduction Prerequisites Requirements
More informationA host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.
A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based
More informationWhat is a Firewall? Computer Security. Firewalls. What is a Firewall? What is a Firewall?
What is a Firewall? Computer Security Firewalls fire wall 1 : a wall constructed to prevent the spread of fire 2 usually firewall : a computer or computer software that prevents unauthorized access to
More informationAbout Firewall Protection
1. This guide describes how to configure basic firewall rules in the UTM to protect your network. The firewall then can provide secure, encrypted communications between your local network and a remote
More informationCisco Configuring Commonly Used IP ACLs
Table of Contents Configuring Commonly Used IP ACLs...1 Introduction...1 Prerequisites...2 Hardware and Software Versions...3 Configuration Examples...3 Allow a Select Host to Access the Network...3 Allow
More informationChapter 8 Network Security
[Computer networking, 5 th ed., Kurose] Chapter 8 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity 84Securing 8.4 e-mail 8.5 Securing TCP connections: SSL 8.6 Network
More informationFirewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015)
s (March 4, 2015) Abdou Illia Spring 2015 Test your knowledge Which of the following is true about firewalls? a) A firewall is a hardware device b) A firewall is a software program c) s could be hardware
More informationallow all such packets? While outgoing communications request information from a
FIREWALL RULES Firewalls operate by examining a data packet and performing a comparison with some predetermined logical rules. The logic is based on a set of guidelines programmed in by a firewall administrator,
More informationSE 4C03 Winter 2005 Firewall Design Principles. By: Kirk Crane
SE 4C03 Winter 2005 Firewall Design Principles By: Kirk Crane Firewall Design Principles By: Kirk Crane 9810533 Introduction Every network has a security policy that will specify what traffic is allowed
More informationASIST Administração de Sistemas
ASIST Administração de Sistemas Aula 1 9 de Outubro de 2006 Alexandre Bragança Bibliografia: IBM Redbook: TCP/IP Tutorial and Technical Overview, Adolfo Rodriguez, John Gatrell, John Karas, Roland Peschke
More information1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet
Review questions 1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet C Media access method D Packages 2 To which TCP/IP architecture layer
More informationChapter 8 Security Pt 2
Chapter 8 Security Pt 2 IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross,
More informationCourse Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.
Course Name: TCP/IP Networking Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network. TCP/IP is the globally accepted group of protocols
More informationUNCLASSIFIED. BlackBerry Enterprise Server Isolation in a Microsoft Exchange Environment (ITSG-23)
BlackBerry Enterprise Server Isolation in a Microsoft Exchange Environment (ITSG-23) March 2007 This page intentionally left blank. March 2007 Foreword The BlackBerry Enterprise Server Isolation in a Microsoft
More informationIMPLEMENTING VOICE OVER IP
51-20-78 DATA COMMUNICATIONS MANAGEMENT IMPLEMENTING VOICE OVER IP Gilbert Held INSIDE Latency is the Key; Compression; Interprocessing Delay; Network Access at Origin; Network Transmission Delay; Network
More informationNetworking Basics for Automation Engineers
Networking Basics for Automation Engineers Page 1 of 10 mac-solutions.co.uk v1.0 Oct 2014 1. What is Transmission Control Protocol/Internet Protocol (TCP/IP)------------------------------------------------------------
More informationInternetworking and IP Address
Lecture 8 Internetworking and IP Address Motivation of Internetworking Internet Architecture and Router Internet TCP/IP Reference Model and Protocols IP Addresses - Binary and Dotted Decimal IP Address
More informationIMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT
IMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT Roopa K. Panduranga Rao MV Dept of CS and Engg., Dept of IS and Engg., J.N.N College of Engineering, J.N.N College of Engineering,
More information1:1 NAT in ZeroShell. Requirements. Overview. Network Setup
1:1 NAT in ZeroShell Requirements The version of ZeroShell used for writing this document is Release 1.0.beta11. This document does not describe installing ZeroShell, it is assumed that the user already
More informationStrategies to Protect Against Distributed Denial of Service (DD
Strategies to Protect Against Distributed Denial of Service (DD Table of Contents Strategies to Protect Against Distributed Denial of Service (DDoS) Attacks...1 Introduction...1 Understanding the Basics
More informationLab 2 - Basic Router Configuration
CS326 Fall 2001 Room: PAI 5.48 Name: Lab 2 - Basic Router Configuration In this lab you will learn: the various configuration modes of Cisco 2621 routers how to set up IP addresses for such routers how
More informationFirewall Design Principles
Firewall Design Principles Software Engineering 4C03 Dr. Krishnan Stephen Woodall, April 6 th, 2004 Firewall Design Principles Stephen Woodall Introduction A network security domain is a contiguous region
More informationNetwork Protocol Configuration
Table of Contents Table of Contents Chapter 1 Configuring IP Addressing... 1 1.1 IP Introduction... 1 1.1.1 IP... 1 1.1.2 IP Routing Protocol... 1 1.2 Configuring IP Address Task List... 2 1.3 Configuring
More informationDDoS Protection Technology White Paper
DDoS Protection Technology White Paper Keywords: DDoS attack, DDoS protection, traffic learning, threshold adjustment, detection and protection Abstract: This white paper describes the classification of
More informationNETWORK SECURITY 10.1 ROUTERS
Internetworking LANs and WANs: Concepts, Techniques and Methods. Second Edition. Gilbert Held Copyright & 1993, 1998 John Wiley & Sons Ltd Print ISBN 0-471-97514-1 Online ISBN 0-470-84155-9 10 NETWORK
More informationNAT & IP Masquerade. Internet NETWORK ADDRESS TRANSLATION INTRODUCTION. NAT & IP Masquerade Page 1 of 5. Internal PC 192.168.0.25
NAT & IP Masquerade Page 1 of 5 INTRODUCTION Pre-requisites TCP/IP IP Address Space NAT & IP Masquerade Protocol version 4 uses a 32 bit IP address. In theory, a 32 bit address space should provide addresses
More informationTechnical Support Information Belkin internal use only
The fundamentals of TCP/IP networking TCP/IP (Transmission Control Protocol / Internet Protocols) is a set of networking protocols that is used for communication on the Internet and on many other networks.
More informationCYBER ATTACKS EXPLAINED: PACKET CRAFTING
CYBER ATTACKS EXPLAINED: PACKET CRAFTING Protect your FOSS-based IT infrastructure from packet crafting by learning more about it. In the previous articles in this series, we explored common infrastructure
More informationFIREWALLS & CBAC. philip.heimer@hh.se
FIREWALLS & CBAC philip.heimer@hh.se Implementing a Firewall Personal software firewall a software that is installed on a single PC to protect only that PC All-in-one firewall can be a single device that
More informationFederal Computer Incident Response Center (FedCIRC) Defense Tactics for Distributed Denial of Service Attacks
Threat Paper Federal Computer Incident Response Center (FedCIRC) Defense Tactics for Distributed Denial of Service Attacks Federal Computer Incident Response Center 7 th and D Streets S.W. Room 5060 Washington,
More informationMulti-Homing Dual WAN Firewall Router
Multi-Homing Dual WAN Firewall Router Quick Installation Guide M73-APO09-400 Multi-Homing Dual WAN Firewall Router Overview The Multi-Homing Dual WAN Firewall Router provides three 10/100Mbit Ethernet
More informationIPv4 Supplement Tutorial - Job Aids and Subnetting
Appendix B IPv4 Supplement This appendix contains job aids and supplementary information that cover the following topics: IPv4 Addresses and Subnetting Job Aid Decimal-to-Binary Conversion Chart IPv4 Addressing
More informationFirewall VPN Router. Quick Installation Guide M73-APO09-380
Firewall VPN Router Quick Installation Guide M73-APO09-380 Firewall VPN Router Overview The Firewall VPN Router provides three 10/100Mbit Ethernet network interface ports which are the Internal/LAN, External/WAN,
More informationInternet Firewall CSIS 3230. Internet Firewall. Spring 2012 CSIS 4222. net13 1. Firewalls. Stateless Packet Filtering
Internet Firewall CSIS 3230 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 8.8: Packet filtering, firewalls, intrusion detection Ch
More informationExpert Reference Series of White Papers. The Basics of Configuring and Using Cisco Network Address Translation
Expert Reference Series of White Papers The Basics of Configuring and Using Cisco Network Address Translation 1-800-COURSES www.globalknowledge.com The Basics of Configuring and Using Cisco Network Address
More informationSource net: 200.1.1.0 Destination net: 200.1.2.0 Subnet mask: 255.255.255.0 Subnet mask: 255.255.255.0. Router Hub
then to a router. Remember that with a Class C network address, the first 3 octets, or 24 bits, are assigned as the network address. So, these are two different Class C networks. This leaves one octet,
More informationCSCE 465 Computer & Network Security
CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Firewall 1 Basic firewall concept Roadmap Filtering firewall Proxy firewall Network Address Translation
More informationSuccessful IP Video Conferencing White Paper
Successful IP Video Conferencing White Paper The success of an IP video conference is dependent on two things: connection to the remote system and consistent bandwidth during a call. Connection to a system
More informationProxy Server, Network Address Translator, Firewall. Proxy Server
Proxy Server, Network Address Translator, Firewall 1 Proxy Server 2 1 Introduction What is a proxy server? Acts on behalf of other clients, and presents requests from other clients to a server. Acts as
More informationFirewalls and VPNs. Principles of Information Security, 5th Edition 1
Firewalls and VPNs Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to: Understand firewall technology and the various approaches
More information8 steps to protect your Cisco router
8 steps to protect your Cisco router Daniel B. Cid daniel@underlinux.com.br Network security is a completely changing area; new devices like IDS (Intrusion Detection systems), IPS (Intrusion Prevention
More informationLab 10.3.5a Basic Subnetting
Lab 10.3.5a Basic Subnetting Objective How to identify reasons to use a subnet mask How to distinguish between a default subnet mask and a custom subnet mask What given requirements determine the subnet
More informationContent Distribution Networks (CDN)
229 Content Distribution Networks (CDNs) A content distribution network can be viewed as a global web replication. main idea: each replica is located in a different geographic area, rather then in the
More informationAS/400e. TCP/IP routing and workload balancing
AS/400e TCP/IP routing and workload balancing AS/400e TCP/IP routing and workload balancing Copyright International Business Machines Corporation 2000. All rights reserved. US Government Users Restricted
More informationOne of the most important topics in any discussion of TCP/IP is IP. IP Addressing
IP Addressing 125 machine, called a RARP server, responds with the answer, and the identity crisis is over. RARP uses the information it does know about the machine s MAC address to learn its IP address
More informationTransport and Network Layer
Transport and Network Layer 1 Introduction Responsible for moving messages from end-to-end in a network Closely tied together TCP/IP: most commonly used protocol o Used in Internet o Compatible with a
More informationZarząd (7 osób) F inanse (13 osób) M arketing (7 osób) S przedaż (16 osób) K adry (15 osób)
QUESTION NO: 8 David, your TestKing trainee, asks you about basic characteristics of switches and hubs for network connectivity. What should you tell him? A. Switches take less time to process frames than
More informationDeploying ACLs to Manage Network Security
PowerConnect Application Note #3 November 2003 Deploying ACLs to Manage Network Security This Application Note relates to the following Dell PowerConnect products: PowerConnect 33xx Abstract With new system
More informationCS 356 Lecture 16 Denial of Service. Spring 2013
CS 356 Lecture 16 Denial of Service Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter
More informationMobile IP Network Layer Lesson 02 TCP/IP Suite and IP Protocol
Mobile IP Network Layer Lesson 02 TCP/IP Suite and IP Protocol 1 TCP/IP protocol suite A suite of protocols for networking for the Internet Transmission control protocol (TCP) or User Datagram protocol
More informationTerminal Server Configuration and Reference Errata
Doc. No. 78-0944-06A0 June 14, 1993 Terminal Server Configuration and Reference Errata This document supplies corrections and additional informaiton for the 9.0 version of the Cisco publication Terminal
More informationIP Link Best Practices for Network Integration and Security. Introduction...2. Passwords...4 ACL...5 VLAN...6. Protocols...6. Conclusion...
IP Link Best Practices for Network Integration and Security Table of Contents Introduction...2 Passwords...4 ACL...5 VLAN...6 Protocols...6 Conclusion...9 Abstract Extron IP Link technology enables A/V
More informationVMware vcloud Air Networking Guide
vcloud Air This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document,
More informationWe will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall
Chapter 10 Firewall Firewalls are devices used to protect a local network from network based security threats while at the same time affording access to the wide area network and the internet. Basically,
More informationLab 10.4.1 IP Addressing Overview
Lab 10.4.1 IP ing Overview Estimated time: 30 min. Objectives: Background: This lab will focus on your ability to accomplish the following tasks: Name the five different classes of IP addresses Describe
More informationGuide to Network Defense and Countermeasures Third Edition. Chapter 2 TCP/IP
Guide to Network Defense and Countermeasures Third Edition Chapter 2 TCP/IP Objectives Explain the fundamentals of TCP/IP networking Describe IPv4 packet structure and explain packet fragmentation Describe
More informationFirewall Stateful Inspection of ICMP
The feature addresses the limitation of qualifying Internet Control Management Protocol (ICMP) messages into either a malicious or benign category by allowing the Cisco IOS firewall to use stateful inspection
More informationBasic Network Configuration
Basic Network Configuration 2 Table of Contents Basic Network Configuration... 25 LAN (local area network) vs WAN (wide area network)... 25 Local Area Network... 25 Wide Area Network... 26 Accessing the
More informationCS 326e F2002 Lab 1. Basic Network Setup & Ethereal Time: 2 hrs
CS 326e F2002 Lab 1. Basic Network Setup & Ethereal Time: 2 hrs Tasks: 1 (10 min) Verify that TCP/IP is installed on each of the computers 2 (10 min) Connect the computers together via a switch 3 (10 min)
More informationApplication Note - Using Tenor behind a Firewall/NAT
Application Note - Using Tenor behind a Firewall/NAT Introduction This document has been created to assist Quintum Technology customers who wish to install equipment behind a firewall and NAT (Network
More informationChapter 4 Customizing Your Network Settings
. Chapter 4 Customizing Your Network Settings This chapter describes how to configure advanced networking features of the Wireless-G Router Model WGR614v9, including LAN, WAN, and routing settings. It
More informationFirewalls (IPTABLES)
Firewalls (IPTABLES) Objectives Understand the technical essentials of firewalls. Realize the limitations and capabilities of firewalls. To be familiar with iptables firewall. Introduction: In the context
More informationCONFIGURING TCP/IP ADDRESSING AND SECURITY
1 Chapter 11 CONFIGURING TCP/IP ADDRESSING AND SECURITY Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 2 OVERVIEW Understand IP addressing Manage IP subnetting and subnet masks Understand IP security
More informationDRDoS Attacks: Latest Threats and Countermeasures. Larry J. Blunk Spring 2014 MJTS 4/1/2014
DRDoS Attacks: Latest Threats and Countermeasures Larry J. Blunk Spring 2014 MJTS 4/1/2014 Outline Evolution and history of DDoS attacks Overview of DRDoS attacks Ongoing DNS based attacks Recent NTP monlist
More informationImplementing Network Address Translation and Port Redirection in epipe
Implementing Network Address Translation and Port Redirection in epipe Contents 1 Introduction... 2 2 Network Address Translation... 2 2.1 What is NAT?... 2 2.2 NAT Redirection... 3 2.3 Bimap... 4 2.4
More informationFirewall Firewall August, 2003
Firewall August, 2003 1 Firewall and Access Control This product also serves as an Internet firewall, not only does it provide a natural firewall function (Network Address Translation, NAT), but it also
More informationChapter 4 Firewall Protection and Content Filtering
Chapter 4 Firewall Protection and Content Filtering This chapter describes how to use the content filtering features of the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN to protect your network.
More informationFIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design Learning Objectives Identify common misconceptions about firewalls Explain why a firewall
More informationChapter 7 Protecting Against Denial of Service Attacks
Chapter 7 Protecting Against Denial of Service Attacks In a Denial of Service (DoS) attack, a Routing Switch is flooded with useless packets, hindering normal operation. HP devices include measures for
More information12. Firewalls Content
Content 1 / 17 12.1 Definition 12.2 Packet Filtering & Proxy Servers 12.3 Architectures - Dual-Homed Host Firewall 12.4 Architectures - Screened Host Firewall 12.5 Architectures - Screened Subnet Firewall
More information