Introduction of An Engineering Project for KOREN/APII 2003. 8. 27 Seung-Joon Seok Korea University.

Slides:

Advertisements

Similar presentations

Network Monitoring System In CSTNET Long Chun China Science & Technology Network.

Advertisements

Engineering Meeting Report Aug. 29, 2003 Kazunori Konishi.

1 ISP-Aided Neighbor Selection for P2P Systems Vinay Aggarwal Anja Feldmann, Obi Akonjang,

Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Page 1 / 14 The Mesh Comparison PLANET’s Layer 3 MAP products v.s. 3 rd ’s Layer 2 Mesh.

Module 5 - Switches CCNA 3 version 3.0 Cabrillo College.

Overview of Distributed Denial of Service (DDoS) Wei Zhou.

Traffic Engineering With Traditional IP Routing Protocols

An Effective Placement of Detection Systems for Distributed Attack Detection in Large Scale Networks Telecommunication and Security LAB. Dept. of Industrial.

1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.

Ch.6 - Switches CCNA 3 version 3.0.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Flash Crowds And Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites Aaron Beach Cs395 network security.

Measurement and Monitoring Nick Feamster Georgia Tech.

Network Monitoring for Internet Traffic Engineering Jennifer Rexford AT&T Labs – Research Florham Park, NJ 07932

3 rd SG13 Regional Workshop for Africa on “ITU-T Standardization Challenges for Developing Countries Working for a Connected Africa” (Livingstone, Zambia,

Design and Implementation of SIP-aware DDoS Attack Detection System.

1 Semester 2 Module 6 Routing and Routing Protocols YuDa college of business James Chen

Inter-domain Routing Outline Border Gateway Protocol.

IEEE Global Internet, April Contract-Switching Paradigm for Internet Value Flows and Risk Management Murat Yuksel University.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 18 Slide 1 Software Reuse.

– Chapter 4 – Secure Routing

KOREN/APII/TEIN NOC(s) KOREN & E2E Performance Initiative Lee Jaehwa The Second International Workshop on HEP Data Grid CHEP, KNU,

Broadband Communication Lab. Asymmetric Path Detection in BGP Routing 29 January, 2004 Eun Mi, Park Korea Univ. Dept. of Electronics and Computer Engineering.

Top-Down Network Design Chapter Nine Developing Network Management Strategies Oppenheimer.

Session 2 Security Monitoring Identify Device Status Traffic Analysis Routing Protocol Status Configuration & Log Classification.

Rutger Coolen, TNC 2005 Collaborative network monitoring for NREN’s Use cases for LOBSTER.

Denial-of-Service Attacks Justin Steele Definition “A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate.

Security Issues in Control, Management and Routing Protocols M.Baltatu, A.Lioy, F.Maino, D.Mazzocchi Computer and Network Security Group Politecnico di.

1 Countering DoS Through Filtering Omar Bashir Communications Enabling Technologies

A Firewall for Routers: Protecting Against Routing Misbehavior1 June 26, A Firewall for Routers: Protecting Against Routing Misbehavior Jia Wang.

Adaptive Web Caching CS411 Dynamic Web-Based Systems Flying Pig Fei Teng/Long Zhao/Pallavi Shinde Computer Science Department.

Cryptography and Network Security (CS435) Part One (Introduction)

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Exploring the Enterprise Network Infrastructure Introducing Routing and Switching.

Distributed Denial of Service Attacks

Cisco 3 - Switch Perrine. J Page 111/6/2015 Chapter 5 At which layer of the 3-layer design component would users with common interests be grouped? 1.Access.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Exploring the Enterprise Network Infrastructure Introducing Routing and Switching.

© 2015 Mohamed Samir YouTube channel All rights reserved. Samir Agenda Instructor introduction 1. Introduction toEldarin 2.

Network Security1 Secure Routing Source: Ch. 4 of Malik. Network Security Principles and Practices (CCIE Professional Development). Pearson Education.

THE VISION OF AUTONOMIC COMPUTING. WHAT IS AUTONOMIC COMPUTING ? “ Autonomic Computing refers to computing infrastructure that adapts (automatically)

Resilient Overlay Networks Robert Morris Frans Kaashoek and Hari Balakrishnan MIT LCS

Denial of Service Datakom Ht08 Jesper Christensen, Patrick Johansson, Robert Kajic A short introduction to DoS.

Chapter 7 Denial-of-Service Attacks Denial-of-Service (DoS) Attack The NIST Computer Security Incident Handling Guide defines a DoS attack as: “An action.

1 OFF SYMB - 12/7/2015 Firewalls Basics. 2 OFF SYMB - 12/7/2015 Overview Why we have firewalls What a firewall does Why is the firewall configured the.

1 Distributed Denial of Service Attacks. Potential Damage of DDoS Attacks l The Problem: Massive distributed DoS attacks have the potential to severely.

FirewallPK Security tool for centralized Access Control List Management th RoEduNet International Conference - Networking in Education and Research.

Security System for KOREN/APII-Testbed

HELSINKI UNIVERSITY OF TECHNOLOGY Visa Holopainen 1/18.

Content Delivery Networks: Status and Trends Speaker: Shao-Fen Chou Advisor: Dr. Ho-Ting Wu 5/8/

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 Course Introduction.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—3-1 Route Selection Using Policy Controls Using Multihomed BGP Networks.

Data Security in Local Network Using Distributed Firewall Presented By- Rahul N.Bais Guide Prof. Vinod Nayyar H.O.D Prof.Anup Gade.

1 Network Security: Introduction Behzad Akbari Fall 2009 In the Name of the Most High.

Internet Traffic Engineering Motivation: –The Fish problem, congested links. –Two properties of IP routing Destination based Local optimization TE: optimizing.

GROUP ASSIGNMENT CT NWT NETWORK TROUBLESHOOTING Name: Tan Ming Fatt Student ID: TP Group Members: - Gan Pei Shan Elamparithi A/L Thuraisamy.

IPv6 Security Issues Georgios Koutepas, NTUA IPv6 Technology and Advanced Services Oct.19, 2004.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Creating the Network Design Designing and Supporting Computer Networks – Chapter.

Distributed Network Monitoring in the Wisconsin Advanced Internet Lab Paul Barford Computer Science Department University of Wisconsin – Madison Spring,

Improving Security Over Ipv6 Authentication Header Protocol using IP Traceback and TTL Devon Thomas, Alex Isaac, Majdi Alharthi, Ali Albatainah & Abdelshakour.

Some Great Open Source Intrusion Detection Systems (IDSs)

Presented by Edith Ngai MPhil Term 3 Presentation

Potential Areas of Research Activity – March 2000

Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Module 5 - Switches CCNA 3 version 3.0.

IS4680 Security Auditing for Compliance

CT 1306 Communication Networks Management Lab

Chapter-5 Traffic Engineering.

Draft revision of ISPM 6: National surveillance systems ( )

Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Presentation transcript:

Introduction of An Engineering Project for KOREN/APII Seung-Joon Seok Korea University

Project Overview  Project Title is “A Study of Traffic Engineering in KOREN/APII Testbed”  Grant of NCA (National Computerization Agency)  Project Period is 1.5 year (from July 2003 to Dec. 2004)  Participants

Project Goal  Improvement of Network Engineering Capability for KOREN and APII  Activation of Cooperative Research Group (KESG) in KOREN  Activation of Cooperative Research Interchange between KOREN & QGPOP

Project’s Overall Research Area  This Project treats the issues of KOREN/APII Traffic Engineering Optimizing KOREN’s Network Performance Improving International Resource Utilization Preventing KOREN from anomalies

Block Diagram of Four Research Areas 2) Performance Engineering 1) Network Traffic Measurement 3) BGP Routing TE 4) Network Security Performance Measurement Infra Inter-Intra Routing International routing Info. view

1. Network Measurement Area  Measurement System is a Key Infrastructure for Network Management.  In this project, Measurement is needed as a base technology for the other areas: security, performance management in KOREN, and international performance management. Management Area Other Areas Collaboration Developing Traffic Engineering Mechanisms Collecting & Analyzing Traffic Information

1.2 Our Research Topics  Developing & Deploying an Efficient Measurement Infrastructure. First, Deploying a Measurement System covering entire KOREN/APII Links and using current open tools to collect basic information about KOREN status. Next, Developing a KOREN Measurement System to support Traffic Engineering & Security efficiently.  How to Interchange Measurement Information between KOREN & other networks (QGPOP, APAN …)  Providing Other Research Areas with indispensable information about KOREN & other networks

2. Performance Engineering in KOREN Area  Now Traffic Engineering for KOREN have to be considered because Over-Engineering is limited Simply Balancing Network Load Optimizing Network Resource Utilization  Supporting User Requirements for End-to-End Performance through Edge-to-Edge Traffic Control  Two Issues should be considered simultaneously for KOREN Traffic Engineering.

2.1 Our Research Topics  Deploying Traffic Engineering System in KOREN NOC & Developing Traffic Engineering Mechanism To collect network information To control network traffic according to engineering policy  KOREN Edge-to-Edge Performance Information Service To show end users edge-to-edge performance information through Web Service To recommend a application a best path supporting user application requirements and not hurting traffic engineering goals simultaneously

3. Int. Performance Management Area  Oversea links should be effectively managed because they have limited resources.  KOREN can’t exactly control BGP operations by itself. Received Information is up to neighbor domains (QGPOP). So KOREN needs to cooperate with neighbor for International Performance Management.  BGP Protocol’s imperfection considerably affects KOREN Interior Performance. So this area needs to be collaborated with Performance Engineering in KOREN area intimately.

3.1 Our Research Topics  Routing Technology for Oversea Link (APII- GENKAI) Management Detecting & Correcting Asymmetric BGP Path Load Balancing Mechanisms for Oversea links (APII- GENKAI)  Developing BGP Error Detection & Report System  To make overall map to show users/NOC BGP path at a glance

4. Network Security Area  Distributed Denial-of-Service (DOS) is to deny the victim(s) access to a particular resource/service consumption of scarce, limited, or non-renewable resources destruction or alteration of configuration information physical destruction or alteration of network components  Attacks are detected using their inherent statistical characteristics

4.1 What Can ISPs Do for DOS?  Deploy source address anti-spoof filters (very important!).  Turn off directed broadcasts.  Develop security relationships with neighbor ISPs.  Set up mechanism for handling customer security complaints.  Develop traffic volume monitoring techniques.

4.2 Our Research Topics  Algorithm for dynamic and adaptive attack detection  Traceback mechanism to find original attackers.  Implementation & Deployment of Network Security system A central network security system Monitoring & filtering elements

Thank you for your attention !