Implementation of a Department Local Area Network Management System
|
|
- Hugh Randall
- 8 years ago
- Views:
Transcription
1 Implementation of a Department Local Area Network Management System I-Ping Hsieh Lai-Ming Shiue Shang-Juh Kao Department of Computer Science Department of Applied Mathematics Department of Computer Science National Chung-Hsing University, Taichung, Taiwan { iphsieh, lmshiue, sjkao}@amath.nchu.edu.tw ABSTRACT Management tasks of a Department Local Area Network (DLAN) may include invasion detecting, traffic monitoring, appropriate IP usage, proper device configuration etc. We physically divide a DLAN into a firewall component and four functional groups: open area group, public servers group, proprietary servers group, and management group. A practical implementation of DLAN management system from the perspective of a manager is reported in this paper. In this DLAN management system, a checkpoint mechanism based upon firewall technology is constructed to protect the DLAN from intrusions, while the MAC-IP mapping technique is adopted to prevent IP addresses from misusing. The traffic, both incoming and outgoing, of each internal user is also monitored. And, configuration of devices is managed through Simple Network Management Protocol (SNMP) operations. KEYWORDS: DLAN, firewall, SNMP 1 Introduction A department local area network (DLAN) [1] within a campus has the characteristics of making available of public resources to public while imposing restrictions on internal resources, such as printing service and IP allocation. As having played as system managers for years, our primary task is to provide the DLAN a safe, convenient, and fair access environment. In particular, we have spent a lot of time in detecting invasions, dealing with inappropriate IP uses, monitoring the exceeding traffic usage, and ensuring a proper system configuration. Since these problems often occur unexpectedly, in order to provide an efficient solution and to make a manager s life easy, we are motivated to implement a practical DLAN management system. We will first briefly describe the constitution of the SNMP management architecture, explore the usage of related MIBs, and introduce practical issues of network security. The design of a DLAN management system in, the architecture of the firewall system, and the management functions, are presented. Implementation details and a snapshot of management applications are given next. Finally,
2 we summarize the research works and raise several future enhancements. 2 Network Management Fundamentals In IP network, Simple Network Management Protocol (SNMP) is a de facto standard for managing network resources. SNMP architecture consists of four components [2]: NMS, agent, MIB, and SNMP. A Network Management Station (NMS) manages and controls the managed objects. A management agent exists inside each managed object. The agent collects and stores information in Management Information Base (MIB). SNMP is utilized to exchange management information between NMS s and agents. Network management is a general topic which comprises five main management functional areas (MFAs) [3]: configuration management, fault management, performance management, accounting management, and security management. In the following, we only include related MIBs and network security technology, which are incorporated into the proposed DLAN management system. 2.1 Related MIBs SNMPv2 MIB is first defined in RFC1213. Of management groups defined in RFC1213, two groups are intensively used in the DLAN management system: the interfaces group and the address translation group. The interfaces group contains generic information about the physical interface of a network entity, including configuration information and statistics on the events occurring at each interface. And, we can adjust the interface configuration values by performing the SNMP Set operation. The address translation group consists of a single table which is called attable. Each row in the table corresponds to one of the physical interfaces in the system. The row provides a mapping from a network address to physical address. This table is useful for obtaining the MAC-IP mapping information throughout the DLAN which is required in our DLAN management system. Bridge MIB is defined in RFC1493. The MIB defines objects for managing MAC bridges between LAN segments. Within the MIB, dot1dtpfdbtable is useful for our management system. This table contains information about unicast entries for which the traffic is destined for, and is forwarded or filtered by a bridge. Thus, we can get the port information of each MAC address. RMON is a great step toward internetwork management [4]. It defines RMON as a supplement to SNMPv2 MIB and provides network management with fruitful information of internetworking. RMON MIB is defined in RFC1757. With RMON MIB, we can obtain incoming and outgoing traffic information related to each MAC address. Hence, the network manager is able to detect uncommon usage of network. 2.2 Network Security A firewall is simply a component or a set of components located between the internet and external network for safeguarding the internal system. It provides a control point for restricting user incoming and outgoing the network, and builds defensive gateway to prevent from attacking [5]. There are three popular firewalls [6]: packet filter, proxy, and gateway firewall. Packet filtering is the simplest firewall.
3 It forwards or drops packets according to the predefined rules. Proxy is a middleware that deals with the connection between client and server. For clients in the internal network, the proxy acts as a server; while for servers in the outside world, the proxy plays the role of a client. By playing the functions similar to a gateway, a gateway firewall [7] translates communication protocols and forwards messages to destined node. For example, Network Address Translation (NAT) is one kind of the gateway firewalls. Intrusion detection is a process of reporting whether the activity is legal or not. The system that helps in conducting this process is so called Intrusion Detection System (IDS). Usually, an IDS can not avoid on-going intrusions. It can only detect intrusions afterward. Currently, newly developed IDS s are designed to be able to perform certain response to an abnormal event, such as stopping the connection. There are two major types of IDSs, Host-based IDSs (HIDSs) and Network-based IDSs (NIDSs) [8]. Detecting information of HIDS is obtained from a single host, while NIDS obtains data by monitoring the traffic from the network. 3 Design of a DLAN Management System The DLAN management functions can be differentiated from either internal or external viewpoint. From the external perspective, a checkpoint scheme based upon firewall technology is constructed to protect the system from intruders. From the internal perspective, an MAC-IP mapping technique is adopted to prevent IP addresses from misusing, and the traffic, both incoming and outgoing, of each internal user is monitored. 3.1 Four Functional Clusters A typical DLAN may consist of a variety of computer devices with a few centralized servers and hundreds of PCs. In order to ease the management, we classify computing facilities within DLAN into four categories: open area, public server group, proprietary servers group, and management group as shown in Figure 3.1. All these machines residing locally are under the protection from the firewall. Figure 3.1 Overview of a DLAN Environment Figure 3.2 Architecture of the Firewall System 3.2 Firewall System Architecture Firewall system protects all four clusters of DLAN against threats from Internet. It is composed of the front-end firewall, back-end firewall, IDS, policy management unit (PMU), and firewall agent, as
4 shown in Figure 3.2. Both front-end and back-end firewalls serve as safeguards to provide the entrance examination. The front-end firewall, which could be either a packet filter or proxy, checks the incoming and outgoing packets, and examines connection requests according to the defense policies. The back-end firewall is a gateway firewall, which restricts the connection between the front-end firewall and management clusters. IDS can be any available one. It detects illegal or abnormal activities by monitoring network traffic in the preemptory mode. When any illegal or abnormal activity is detected, IDS records the action and issues an alert to PMU. After receiving the alerts, PMU appends relative rules to the front-end firewall. Firewall agent is the kernel of the firewall system. It plays the role of an agent of the firewall system and a coordinator among firewalls, IDS, PMU, and NMS. Firewall agent can communicate with NMS and make necessary configuration changes. In additions, firewall agent collects management information, stores in the database, and forwards messages to both front-end and back-end firewalls. 3.3 Network Management Station Network management station exists for management information processing inside the management group. Either an application user or a system manager can obtain public management information or operate NMS using the web interface. In addition to be quipped with a web server, a NMS contains a system management unit, information store, and security and communication facility, as shown in Figure 3.3. System management unit is the core unit and provides management functions required for device, traffic, IP, accounting, and firewall management. All management information is stored in the information store. Security facility will check the legitimacy of each connection. Figure 3.3 DLAN NMS Architecture Figure 4.1 System configuration 4 Implementation Details and a Snapshot of Applications 4.1 Environment and Tools The DLAN management system 1 contains a firewall, a network management station, and several 1 The DLAN management system was developed for the department of Applied Mathematics at National Chang-Hsing University, Taiwan.
5 SNMP-equipped network devices. The overall system is configured as shown in Figure 4.1, with related attributes listed in Table 4.1. Table 4.1 Device Attributes Device Role GoGo Firewall NMS NMS MaoMao HTTP server NAS FTP server LJ4050 Printer server NPI16 Switch NPI24 Switch 3COM Switch Table 4.2 Software Packages of Firewall System Components Defense System Component Software package Front-end firewall netfilter ( linux kernel 2.4.X ) iptables Back-end firewall netfilter ( linux kernel 2.4.X ) iptables IDS snort PMU pmu-0.1b Firewall agent Developed by ourselves SNMP agent net-nsmp Firewall System Implementation Firewall System Components The software packages that are applied for the firewall system implementation are listed in Table 4.2. Netfilter is a framework inside the Linux kernel 2.4.x, and it provides filtering either stateless or stateful, and supports NAT. Iptables is a generic table structure for the definition of rule sets. Both are adopted as our front-end and back-end firewalls. Snort is an open source network intrusion detection system, which is capable of performing real-time traffic analysis and packet logging on IP networks. Snort also supports SNMP and many DBMS s, and provides many useful detecting tools. In the firewall system, PMU takes the suggestions from IDS and generates rules. Pmu[9] is a security program which works together with Snort to update firewall rules automatically. The updated firewall rules block all incoming data from the IP address of the attacking machine. As of designing a firewall agent, we use iptables C library to inplement functions required for the firewall operations. MySQL C library is applied for database query implementation. And, we also make use of socket library to implement the commands of sending and receiving data from NMS. Hosts without SNMP supported are equipped with net-snmp. This software package provides SNMP C library and a bunch of useful tools An Example to Add a Firewall Rule We simulated an attack by using Nmap to scan communication ports. Figure 4.2 is a list of the commands and the results of scanning IP address from Snort then recorded all information as shown in Figure 4.3. After pmu having read alerts generated by Snort, it added a rule to block all packets coming from IP address Figure 4.4 shows the firewall rule.
6 Figure 4.2 Scan Figure 4.3 Alerts Generated by Snort Figure 4.4 Firewall Rule Added by Pmu 4.3 Snapshots of Management Applications The DLAN management system has two major applications. One 2 is to check the MAC-IP legitimacy and to examine the traffic of the corresponding MAC address. We have composed two programs, CHECKIP and CHECKTRAFFIC, to accomplish these tasks IP Legality Figure 4.5 shows the operational flow of CHECKIP. When CHECKIP is active, it will get both the currently used MAC-IP mapping from attable (step 1) and the pre-defined MAC-IP list from the database (step 2). CHECKIP will then make a comparison and determine the legitimacy of the current IP. Two situations will occur when the program identifies an IP misuse. One is that a user is using an illegal IP address, that is, a registered MAC but incorrect corresponding IP. In this case, CHECKIP will close the port by setting iftable (step 4). The other situation is that CHECKIP discovers an unregistered MAC address. In such case, the program will get the port number from dot1dtpfdbtable in 3COM (step 3) and disconnect the link (step 4). Consequently, IP misuse can be prevented. Figure 4.5 Operational Flow of CHECKIP Figure 4.6 Operational Flow of CHECKTRAFFIC Traffic Legality Figure 4.6 shows the operational flow of CHECKTRAFFIC. When CHECKTRAFFIC is executed, it will get the amount of traffic of the related MACs from hosttable in 3COM (step 1) and update the NMS database (step 2). It then checks the traffic usage of each current MAC addresses (step 3). If the 2 The other one is to get data from and send manager s commands to the firewall system.
7 traffic outstrips the upper bound, the program will terminate the connection (step 4). Thus, whenever a user s network traffic usage exceeds, the connection will be terminated. Both CHECKIP and CHECKTRAFFIC are executed every 5 minutes. More frequency is possible, but if so, more SNMP request and response packets may degrade the network performance System Interface Since NMS is the kernel of the network management, we develop a friendly web interface 3 for operating the functions provided by the NMS. The main page includes management functions of IP Registration, User Login, and Manager Login. After clicking IP Registration, a user is asked to enter related data to obtain a legal IP address. User Login is a login interface for all users. After entering the system, the user can get his personal data and make a modification, such as address and password. Figure 4.7 shows each legal user s information. Figure 4.7 Information of Figure 4.8 Rules in Figure 4.9 Information of Figure 4.10 IP a legal User FORWARD Chain 3COM management A Manager can operate NMS through the web interface. There are three management tools available for the manager: firewall tools, device tools, and IP management tools. Firewall tools enable the manager to select one of input, output, and forward chains, and to add or delete filtering rules. Figure 4.8 shows rules in FORWARD Chain. Device tools can be used to examine device s status and to perform necessary operations, such as lock and unlock the device port. Figure 4.9 shows the information of a 3COM switch and lists the port status. IP management can be accomplished from the perspective of allocation or identity. From either a location or an IP, through the window of IP management tools, the manager can get the traffic usage and modify the IP allocation, such as taking off the IP address. An example of IP management in a dedicated room is shown in Figure Chapter 5 Concluding Remarks 5.1 Summary Throughout this paper, we built a firewall system and made use of MIBs to develop a DLAN management system. Firewall system protects DLAN against attacks from Internet. Bridge MIB gives 3 The URL of our DLAN NMS web interface is
8 us the mapping of MAC addresses and ports on a switch, and we can monitor traffic usage of each user by invoking RMON MIB. In this system, we aim at protecting internal resources. Specifically, we screen packets to prevent intrusions from Internet and ensure the proper resource usage of each internal user, represented by a legal IP. With the help of existing software packages, such as netfilter, iptables, snort, pmu, etc, we are able to build a practical DLAN management system. 5.2 Future Work Using MIBs to manage a network system is simple, but the required MIB may not be available in every device, such as the firewall MIB. Our approach is to write a firewall agent to supplement the existing SNMP agent. By doing this way, we may face a problem that this firewall agent can only control netfilter and iptables, which are used in our firewall system. We must rewrite the firewall agent whenever a change is made to the firewall software. We are waiting for a standard firewall MIB to be defined, so we may perform firewall operations by using uniform SNMP commands. The other shortcoming of our system is that messages flowing between the firewall system and NMS are not encrypted. Encryption could be critical and necessary for high security-required systems. One other future direction comes along with the rapid growth of wireless and mobile computing technology. Management requirement may be changed accordingly and new management functions deserve for further development. References [1] Lai-Ming Shiue, I-Ping Hsieh, and Shang-Juh Kao, Security and Traffic Management for a Department Local Area Network, ICC&IE [2] Marshall T. Rose, The Simple Book, Revised 2 nd Edition, Prentice-Hall, 1996, ISBN [3] James D. Murray, Windows NT SNMP, O Reilly, 1998, ISBN [4] William Stallings, SNMP, SNMPv2, SNMPv3, and RMON1 and 2, 3 rd Edition, Addison Wesley, 1999, ISBN [5] Wolfgang Weber, Firewall Basics, Telecommunications in Modern Satellite, Cable and broadcasting Services, th International Conference on, Volume:1, 1999, Page(s):300~305, 13~15 October [6] Robert Zalenski, Firewall Technologies, IEEE Potentials, Volume:21 Issue:1, Page(s):24~29, Feb/Mar [7] Robert N. Smith and Sourav Bhattacharya, Operating firewalls outside the LAN perimeter, Performance, Computing and Communications Conference, IPCCC '99. IEEE International, Page(s): 493~498, Feb [8] Anonymous, Maximum Security, 4th Edition, SAMS, 2002, ISBN [9] pmu, Lai-Ming Shiue, Department of Applied Math, National Chung-Hsing University, Taiwan.
Cooperating Security Management for Mutually Trusted Secure Networks
Cooperating Security Management for Mutually Trusted Secure Networks Lai-Ming Shiue Department of Applied Mathematics National Chung-Hsing University Taichung 402, Taiwan Shang-Juh Kao Department of Computer
More informationA NOVEL APPROACH FOR PROTECTING EXPOSED INTRANET FROM INTRUSIONS
A NOVEL APPROACH FOR PROTECTING EXPOSED INTRANET FROM INTRUSIONS K.B.Chandradeep Department of Centre for Educational Technology, IIT Kharagpur, Kharagpur, India kbchandradeep@gmail.com ABSTRACT This paper
More informationNETWORK SECURITY (W/LAB) Course Syllabus
6111 E. Skelly Drive P. O. Box 477200 Tulsa, OK 74147-7200 NETWORK SECURITY (W/LAB) Course Syllabus Course Number: NTWK-0008 OHLAP Credit: Yes OCAS Code: 8131 Course Length: 130 Hours Career Cluster: Information
More informationAn Open Source IPS. IIT Network Security Project Project Team: Mike Smith, Sean Durkin, Kaebin Tan
An Open Source IPS IIT Network Security Project Project Team: Mike Smith, Sean Durkin, Kaebin Tan Introduction IPS or Intrusion Prevention System Uses a NIDS or Network Intrusion Detection System Includes
More informationInternet infrastructure. Prof. dr. ir. André Mariën
Internet infrastructure Prof. dr. ir. André Mariën (c) A. Mariën 31/01/2006 Topic Firewalls (c) A. Mariën 31/01/2006 Firewalls Only a short introduction See for instance: Building Internet Firewalls, second
More informationManaging the Co-existing Network of IPv6 and IPv4 under Various Transition Mechanisms
Managing the Co-existing Network of IPv6 and IPv4 under Various Transition Mechanisms I-Ping Hsieh Shang-Juh Kao Department of Computer Science National Chung-Hsing University 250 Kuo-Kuang Rd., Taichung,
More informationCountermeasure for Detection of Honeypot Deployment
Proceedings of the International Conference on Computer and Communication Engineering 2008 May 13-15, 2008 Kuala Lumpur, Malaysia Countermeasure for Detection of Honeypot Deployment Lai-Ming Shiue 1, Shang-Juh
More informationProtecting and controlling Virtual LANs by Linux router-firewall
Protecting and controlling Virtual LANs by Linux router-firewall Tihomir Katić Mile Šikić Krešimir Šikić Faculty of Electrical Engineering and Computing University of Zagreb Unska 3, HR 10000 Zagreb, Croatia
More informationCS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013
CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access
More informationCS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013
CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationChapter 4: Security of the architecture, and lower layer security (network security) 1
Chapter 4: Security of the architecture, and lower layer security (network security) 1 Outline Security of the architecture Access control Lower layer security Data link layer VPN access Wireless access
More informationSecurity+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security Objectives List the different types of network security devices and explain how they can be used Define network
More informationAdvancement in Virtualization Based Intrusion Detection System in Cloud Environment
Advancement in Virtualization Based Intrusion Detection System in Cloud Environment Jaimin K. Khatri IT Systems and Network Security GTU PG School, Ahmedabad, Gujarat, India Mr. Girish Khilari Senior Consultant,
More informationCIT 480: Securing Computer Systems. Firewalls
CIT 480: Securing Computer Systems Firewalls Topics 1. What is a firewall? 2. Types of Firewalls 1. Packet filters (stateless) 2. Stateful firewalls 3. Proxy servers 4. Application layer firewalls 3. Configuring
More informationChapter 7. Firewalls http://www.redhat.com/docs/manuals/enterprise/rhel-4-manual/security-guide/ch-fw.html
Red Hat Docs > Manuals > Red Hat Enterprise Linux Manuals > Red Hat Enterprise Linux 4: Security Guide Chapter 7. Firewalls http://www.redhat.com/docs/manuals/enterprise/rhel-4-manual/security-guide/ch-fw.html
More informationLinux Network Security
Linux Network Security Course ID SEC220 Course Description This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Host Security course. Protocols
More informationNetwork Defense Tools
Network Defense Tools Prepared by Vanjara Ravikant Thakkarbhai Engineering College, Godhra-Tuwa +91-94291-77234 www.cebirds.in, www.facebook.com/cebirds ravikantvanjara@gmail.com What is Firewall? A firewall
More informationTop-Down Network Design
Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer 29 Network Management Design A good design can help an organization achieve
More informationNetwork Security Management
Network Security Management TWNIC 2003 Objective Have an overview concept on network security management. Learn how to use NIDS and firewall technologies to secure our networks. 1 Outline Network Security
More informationComputer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1
Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls CS426 Fall 2010/Lecture 36 1 Announcements There will be a quiz on Wed There will be a guest lecture on Friday, by Prof. Chris Clifton
More informationChapter 4 Customizing Your Network Settings
. Chapter 4 Customizing Your Network Settings This chapter describes how to configure advanced networking features of the Wireless-G Router Model WGR614v9, including LAN, WAN, and routing settings. It
More informationLinux firewall. Need of firewall Single connection between network Allows restricted traffic between networks Denies un authorized users
Linux firewall Need of firewall Single connection between network Allows restricted traffic between networks Denies un authorized users Linux firewall Linux is a open source operating system and any firewall
More informationHow To Protect Your Firewall From Attack From A Malicious Computer Or Network Device
Ch.9 Firewalls and Intrusion Prevention Systems Firewalls: effective means of protecting LANs Internet connectivity is essential for every organization and individuals introduces threats from the Internet
More informationIntrusion Detection System in Campus Network: SNORT the most powerful Open Source Network Security Tool
Intrusion Detection System in Campus Network: SNORT the most powerful Open Source Network Security Tool Mukta Garg Assistant Professor, Advanced Educational Institutions, Palwal Abstract Today s society
More informationSyncThru TM Web Admin Service Administrator Manual
SyncThru TM Web Admin Service Administrator Manual 2007 Samsung Electronics Co., Ltd. All rights reserved. This administrator's guide is provided for information purposes only. All information included
More informationChapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
More informationFirewalls and VPNs. Principles of Information Security, 5th Edition 1
Firewalls and VPNs Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to: Understand firewall technology and the various approaches
More informationQuestion Name C 1.1 Do all users and administrators have a unique ID and password? Yes
Category Question Name Question Text C 1.1 Do all users and administrators have a unique ID and password? C 1.1.1 Passwords are required to have ( # of ) characters: 5 or less 6-7 8-9 Answer 10 or more
More informationFirewalls. Chien-Chung Shen cshen@cis.udel.edu
Firewalls Chien-Chung Shen cshen@cis.udel.edu The Need for Firewalls Internet connectivity is essential however it creates a threat vs. host-based security services (e.g., intrusion detection), not cost-effective
More informationChapter 4 Security and Firewall Protection
Chapter 4 Security and Firewall Protection This chapter describes how to use the Security features of the ProSafe Wireless ADSL Modem VPN Firewall Router to protect your network. These features can be
More informationStep-by-Step Configuration
Step-by-Step Configuration Kerio Technologies C 2001-2003 Kerio Technologies. All Rights Reserved. Printing Date: December 17, 2003 This guide provides detailed description on configuration of the local
More informationCSE 4482 Computer Security Management: Assessment and Forensics. Protection Mechanisms: Firewalls
CSE 4482 Computer Security Management: Assessment and Forensics Protection Mechanisms: Firewalls Instructor: N. Vlajic, Fall 2013 Required reading: Management of Information Security (MIS), by Whitman
More informationIntrusion Detection System Based Network Using SNORT Signatures And WINPCAP
Intrusion Detection System Based Network Using SNORT Signatures And WINPCAP Aakanksha Vijay M.tech, Department of Computer Science Suresh Gyan Vihar University Jaipur, India Mrs Savita Shiwani Head Of
More informationFirewalls (IPTABLES)
Firewalls (IPTABLES) Objectives Understand the technical essentials of firewalls. Realize the limitations and capabilities of firewalls. To be familiar with iptables firewall. Introduction: In the context
More informationINTRUSION DETECTION SYSTEMS and Network Security
INTRUSION DETECTION SYSTEMS and Network Security Intrusion Detection System IDS A layered network security approach starts with : A well secured system which starts with: Up-to-date application and OS
More informationFirewall Firewall August, 2003
Firewall August, 2003 1 Firewall and Access Control This product also serves as an Internet firewall, not only does it provide a natural firewall function (Network Address Translation, NAT), but it also
More informationNetwork Access Security. Lesson 10
Network Access Security Lesson 10 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Firewalls Given a scenario, install and configure routers and switches.
More informationCMPT 471 Networking II
CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access
More informationIntroduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined.
Contents Introduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined. Technical OverView... Error! Bookmark not defined. Network Intrusion Detection
More informationJK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA
JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA To purchase Full version of Practice exam click below; http://www.certshome.com/jk0-022-practice-test.html FOR CompTIA JK0-022 Exam Candidates
More informationIntegrated Multilevel Intrusion Detection and Report System
Integrated Multilevel Intrusion Detection and Report System Tung-Shou Chen a Puo-Iang Chen b Tian-Shing Wang Yung-Hsing Chiu Sheng-Li Lai Graduate School of Computer Science and Information Technology
More informationIDS / IPS. James E. Thiel S.W.A.T.
IDS / IPS An introduction to intrusion detection and intrusion prevention systems James E. Thiel January 14, 2005 S.W.A.T. Drexel University Overview Intrusion Detection Purpose Types Detection Methods
More informationA VULNERABILITY AUDIT OF THE U.S. STATE E-GOVERNMENT NETWORK SYSTEMS
A VULNERABILITY AUDIT OF THE U.S. STATE E-GOVERNMENT NETWORK SYSTEMS Dr. Jensen J. Zhao, Ball State University, jzhao@bsu.edu Dr. Allen D. Truell, Ball State University, atruell@bsu.edu Dr. Melody W. Alexander,
More informationChapter 9 Monitoring System Performance
Chapter 9 Monitoring System Performance This chapter describes the full set of system monitoring features of your ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. You can be alerted to important
More informationAvaya TM G700 Media Gateway Security. White Paper
Avaya TM G700 Media Gateway Security White Paper March 2002 G700 Media Gateway Security Summary With the Avaya G700 Media Gateway controlled by the Avaya S8300 or S8700 Media Servers, many of the traditional
More informationAvaya G700 Media Gateway Security - Issue 1.0
Avaya G700 Media Gateway Security - Issue 1.0 Avaya G700 Media Gateway Security With the Avaya G700 Media Gateway controlled by the Avaya S8300 or S8700 Media Servers, many of the traditional Enterprise
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 9 Firewalls and Intrusion Prevention Systems First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Firewalls and Intrusion
More informationPANDORA FMS NETWORK DEVICE MONITORING
NETWORK DEVICE MONITORING pag. 2 INTRODUCTION This document aims to explain how Pandora FMS is able to monitor all network devices available on the marke such as Routers, Switches, Modems, Access points,
More informationPANDORA FMS NETWORK DEVICES MONITORING
NETWORK DEVICES MONITORING pag. 2 INTRODUCTION This document aims to explain how Pandora FMS can monitor all the network devices available in the market, like Routers, Switches, Modems, Access points,
More informationChapter 8 Router and Network Management
Chapter 8 Router and Network Management This chapter describes how to use the network management features of your ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. These features can be found by
More informationFIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design Learning Objectives Identify common misconceptions about firewalls Explain why a firewall
More informationCisco PIX vs. Checkpoint Firewall
Cisco PIX vs. Checkpoint Firewall Introduction Firewall technology ranges from packet filtering to application-layer proxies, to Stateful inspection; each technique gleaning the benefits from its predecessor.
More informationChapter 4 Firewall Protection and Content Filtering
Chapter 4 Firewall Protection and Content Filtering This chapter describes how to use the content filtering features of the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN to protect your network.
More information74% 96 Action Items. Compliance
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on July 02, 2013 11:12 AM 1 74% Compliance 96 Action Items Upcoming 0 items About PCI DSS 2.0 PCI-DSS is a legal obligation mandated
More informationSecurity Technology: Firewalls and VPNs
Security Technology: Firewalls and VPNs 1 Learning Objectives Understand firewall technology and the various approaches to firewall implementation Identify the various approaches to remote and dial-up
More informationA Review on Network Intrusion Detection System Using Open Source Snort
, pp.61-70 http://dx.doi.org/10.14257/ijdta.2016.9.4.05 A Review on Network Intrusion Detection System Using Open Source Snort Sakshi Sharma and Manish Dixit Department of CSE& IT MITS Gwalior, India Sharmasakshi1009@gmail.com,
More informationNetwork Instruments white paper
Network Instruments white paper USING A NETWORK ANALYZER AS A SECURITY TOOL Network Analyzers are designed to watch the network, identify issues and alert administrators of problem scenarios. These features
More informationSonicWALL PCI 1.1 Implementation Guide
Compliance SonicWALL PCI 1.1 Implementation Guide A PCI Implementation Guide for SonicWALL SonicOS Standard In conjunction with ControlCase, LLC (PCI Council Approved Auditor) SonicWall SonicOS Standard
More informationFirewall VPN Router. Quick Installation Guide M73-APO09-380
Firewall VPN Router Quick Installation Guide M73-APO09-380 Firewall VPN Router Overview The Firewall VPN Router provides three 10/100Mbit Ethernet network interface ports which are the Internal/LAN, External/WAN,
More informationFrom Network Security To Content Filtering
Computer Fraud & Security, May 2007 page 1/10 From Network Security To Content Filtering Network security has evolved dramatically in the last few years not only for what concerns the tools at our disposals
More informationSecond-generation (GenII) honeypots
Second-generation (GenII) honeypots Bojan Zdrnja CompSci 725, University of Auckland, Oct 2004. b.zdrnja@auckland.ac.nz Abstract Honeypots are security resources which trap malicious activities, so they
More informationForeScout CounterACT. Device Host and Detection Methods. Technology Brief
ForeScout CounterACT Device Host and Detection Methods Technology Brief Contents Introduction... 3 The ForeScout Approach... 3 Discovery Methodologies... 4 Passive Monitoring... 4 Passive Authentication...
More informationFirewalls. Ahmad Almulhem March 10, 2012
Firewalls Ahmad Almulhem March 10, 2012 1 Outline Firewalls The Need for Firewalls Firewall Characteristics Types of Firewalls Firewall Basing Firewall Configurations Firewall Policies and Anomalies 2
More informationRule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed)
Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013 Rule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed) 01.1 Purpose
More informationPROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES
PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute
More informationSURVEY OF INTRUSION DETECTION SYSTEM
SURVEY OF INTRUSION DETECTION SYSTEM PRAJAPATI VAIBHAVI S. SHARMA DIPIKA V. ASST. PROF. ASST. PROF. MANISH INSTITUTE OF COMPUTER STUDIES MANISH INSTITUTE OF COMPUTER STUDIES VISNAGAR VISNAGAR GUJARAT GUJARAT
More informationFirewalls. Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49. Firewall Design Principles
Firewalls Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49 1 Firewall Design Principles Firewall Characteristics Types of Firewalls Firewall Configurations
More informationCS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module
CS 665: Computer System Security Network Security Bojan Cukic Lane Department of Computer Science and Electrical Engineering West Virginia University 1 Usage environment Anonymity Automation, minimal human
More informationFirewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015)
s (March 4, 2015) Abdou Illia Spring 2015 Test your knowledge Which of the following is true about firewalls? a) A firewall is a hardware device b) A firewall is a software program c) s could be hardware
More informationPrint Audit Facilities Manager Technical Overview
Print Audit Facilities Manager Technical Overview Print Audit Facilities Manager is a powerful, easy to use tool designed to remotely collect meter reads, automate supplies fulfilment and report service
More informationCTS2134 Introduction to Networking. Module 8.4 8.7 Network Security
CTS2134 Introduction to Networking Module 8.4 8.7 Network Security Switch Security: VLANs A virtual LAN (VLAN) is a logical grouping of computers based on a switch port. VLAN membership is configured by
More informationName. Description. Rationale
Complliiance Componentt Description DEEFFI INITION Network-Based Intrusion Detection Systems (NIDS) Network-Based Intrusion Detection Systems (NIDS) detect attacks by capturing and analyzing network traffic.
More informationNetwork Security Topologies. Chapter 11
Network Security Topologies Chapter 11 Learning Objectives Explain network perimeter s importance to an organization s security policies Identify place and role of the demilitarized zone in the network
More informationIntrusion Detections Systems
Intrusion Detections Systems 2009-03-04 Secure Computer Systems Poia Samoudi Asli Davor Sutic Contents Intrusion Detections Systems... 1 Contents... 2 Abstract... 2 Introduction... 3 IDS importance...
More informationChapter 4 Firewall Protection and Content Filtering
Chapter 4 Firewall Protection and Content Filtering The ProSafe VPN Firewall 50 provides you with Web content filtering options such as Block Sites and Keyword Blocking. Parents and network administrators
More informationCIT 480: Securing Computer Systems. Firewalls
CIT 480: Securing Computer Systems Firewalls Topics 1. What is a firewall? 2. Types of Firewalls 1. Packet filters (stateless) 2. Stateful firewalls 3. Proxy servers 4. Application layer firewalls 3. Configuring
More informationCustomized Data Exchange Gateway (DEG) for Automated File Exchange across Networks
Customized Data Exchange Gateway (DEG) for Automated File Exchange across Networks *Abhishek Vora B. Lakshmi C.V. Srinivas National Remote Sensing Center (NRSC), Indian Space Research Organization (ISRO),
More informationIntrusion Detection Systems
Intrusion Detection Systems Assessment of the operation and usefulness of informatics tools for the detection of on-going computer attacks André Matos Luís Machado Work Topics 1. Definition 2. Characteristics
More informationMANAGING NETWORK COMPONENTS USING SNMP
MANAGING NETWORK COMPONENTS USING SNMP Abubucker Samsudeen Shaffi 1 Mohanned Al-Obaidy 2 Gulf College 1, 2 Sultanate of Oman. Email: abobacker.shaffi@gulfcollegeoman.com mohaned@gulfcollegeoman.com Abstract:
More informationOntological IDS Monitoring on Defined Attack
ISSN (Online): 2319 7064 Ontological IDS Monitoring on Defined Attack Vinod Kumar Shukla 1, D. B. Ojha 2 1 Research Scholar, Mewar University, Chittorgarh, Rajasthan, India 2 Professor, Mewar University,
More informationSNMP Monitoring and SWG MIB
SNMP Monitoring and SWG MIB Secure Web Gateway Release 10.0 Manual Version 1.01 M86 SECURITY SNMP MONITORING AND SWG MIB 2010 M86 Security All rights reserved. 828 W. Taft Ave., Orange, CA 92865, USA Version
More informationArchitecture Overview
Architecture Overview Design Fundamentals The networks discussed in this paper have some common design fundamentals, including segmentation into modules, which enables network traffic to be isolated and
More informationEd. 00 GWIM. Firewall Handbook
Ed. 00 GWIM Firewall Handbook COPYRIGHT This manual is proprietary to SAMSUNG Electronics Co., Ltd. and is protected by copyright. No information contained herein may be copied, translated, transcribed
More informationPrint4 Solutions fully comply with all HIPAA regulations
HIPAA Compliance Print4 Solutions fully comply with all HIPAA regulations Print4 solutions do not access, store, process, monitor, or manage any patient information. Print4 manages and optimize printer
More informationNETWORK SECURITY. Scott Hand. Melanie Rich-Wittrig. Enrique Jimenez
NETWORK SECURITY Scott Hand Melanie Rich-Wittrig Enrique Jimenez Chapter 2 In Which Firewalls Are Erected, Packets Are Snorted, And Pwnage Denied TOPICS COVERED Host Software Firewalls iptables Network
More informationSchool of Information Technology and Engineering (SITE) CEG 4395: Computer Network Management. Lab 4: Remote Monitoring (RMON) Operations
School of Information Technology and Engineering (SITE) CEG 4395: Computer Network Management Lab 4: Remote Monitoring (RMON) Operations Objective To become familiar with basic RMON operations, alarms,
More informationCity University of Hong Kong. Information on a Course offered by Department of Electronic Engineering with effect from Semester A in 2012/2013
City University of Hong Kong Information on a Course offered by Department of Electronic Engineering with effect from Semester A in 01/013 Part I Course Title: Course Code: Course Duration: Cryptography
More informationFirewalls & Intrusion Detection
Firewalls & Intrusion Detection CS 594 Special Topics/Kent Law School: Computer and Network Privacy and Security: Ethical, Legal, and Technical Consideration 2007, 2008 Robert H. Sloan Security Intrusion
More informationStep-by-Step Configuration
Step-by-Step Configuration Kerio Technologies Kerio Technologies. All Rights Reserved. Printing Date: August 15, 2007 This guide provides detailed description on configuration of the local network which
More informationVoice Over IP (VoIP) Denial of Service (DoS)
Introduction Voice Over IP (VoIP) Denial of Service (DoS) By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com Denial of Service (DoS) is an issue for any IP network-based
More informationProxy Server, Network Address Translator, Firewall. Proxy Server
Proxy Server, Network Address Translator, Firewall 1 Proxy Server 2 1 Introduction What is a proxy server? Acts on behalf of other clients, and presents requests from other clients to a server. Acts as
More informationLab 8.4.2 Configuring Access Policies and DMZ Settings
Lab 8.4.2 Configuring Access Policies and DMZ Settings Objectives Log in to a multi-function device and view security settings. Set up Internet access policies based on IP address and application. Set
More informationWLAN TRAFFIC GRAPHING APPLICATION USING SIMPLE NETWORK MANAGEMENT PROTOCOL *
WLAN TRAFFIC GRAPHING APPLICATION USING SIMPLE NETWORK MANAGEMENT PROTOCOL * Bhargavi Hiremagalur and Dulal C. Kar Department of Computing and Mathematical Sciences, Texas A&M University-Corpus Christi,
More informationIndustrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1
Industrial Network Security for SCADA, Automation, Process Control and PLC Systems Contents 1 An Introduction to Industrial Network Security 1 1.1 Course overview 1 1.2 The evolution of networking 1 1.3
More informationSetting Up Scan to SMB on TaskALFA series MFP s.
Setting Up Scan to SMB on TaskALFA series MFP s. There are three steps necessary to set up a new Scan to SMB function button on the TaskALFA series color MFP. 1. A folder must be created on the PC and
More informationComputer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasakh10/
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasakh10/ Fall 2010 Sonja Buchegger buc@kth.se Lecture 6, Nov. 10, 2010 Firewalls, Intrusion Prevention, Intrusion Detection
More informationCSE543 - Computer and Network Security Module: Firewalls
CSE543 - Computer and Network Security Module: Firewalls Professor Trent Jaeger Fall 2010 1 Firewalls A firewall... is a physical barrier inside a building or vehicle, designed to limit the spread of fire,
More informationRouter configuration manual for I3 Micro Vood 322
Router configuration manual for I3 Micro Vood 322 v1.0 1 (25) Table of contents 1 LED BEHAVIOUR... 4 1.1 POWER... 4 1.2 STATUS... 4 1.3 WAN... 4 1.4 LAN... 4 1.5 PHONE 1 VOIP... 4 1.6 PHONE 1 HOOK... 4
More informationIntroduction of Intrusion Detection Systems
Introduction of Intrusion Detection Systems Why IDS? Inspects all inbound and outbound network activity and identifies a network or system attack from someone attempting to compromise a system. Detection:
More informationApplications of Passive Message Logging and TCP Stream Reconstruction to Provide Application-Level Fault Tolerance. Sunny Gleason COM S 717
Applications of Passive Message Logging and TCP Stream Reconstruction to Provide Application-Level Fault Tolerance Sunny Gleason COM S 717 December 17, 2001 0.1 Introduction The proliferation of large-scale
More information