Panel on Network Data and Monitoring - The Abilene Network

Slides:



Advertisements
Similar presentations
Routing Routing in an internetwork is the process of directing the transmission of data across two connected networks. Bridges seem to do this function.
Advertisements

IP datagrams Service paradigm, IP datagrams, routing, encapsulation, fragmentation and reassembly.
Collecting and Managing Network Traffic Data February 8, 2005
Abilene Transit Security Policy Joint Techs Summer ’05 Vancouver, BC, CA Steve Cotter Director, Network Services Steve Cotter Director,
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
IP: The Internet Protocol
Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by.
Passive traffic measurement Capturing actual Internet packets in order to measure: –Packet sizes –Traffic volumes –Application utilisation –Resource utilisation.
Stephen S. Yau CSE , Fall Security Strategies.
What Data Do We Need and Why Do We Need It? Jim Pepin Chief Technology Officer University of Southern California.
Protocols and the TCP/IP Suite Chapter 4. Multilayer communication. A series of layers, each built upon the one below it. The purpose of each layer is.
Network Security (Firewall) Instructor: Professor Morteza Anvari Student: Xiuxian Chen ID: Term: Spring 2001.
Types of Addresses in IPv4 Network Range
The Network Layer. Network Projects Must utilize sockets programming –Client and Server –Any platform Please submit one page proposal Can work individually.
13 September 2015 The Abilene Observatory and Network Research Rick Summerhill, Director Network Research, Architecture, and Technology, Internet2 Joint.
Network Component's and terms.. Hubs  An Ethernet hub, active hub, network hub, repeater hub, multiport repeater or hub is a device for connecting multiple.
Firewall and Internet Access Mechanism that control (1)Internet access, (2)Handle the problem of screening a particular network or an organization from.
IP Tutorial 1. 2 An IP address is a unique number used to identify your computer on the internet. Every system has it’s own unique IP address. IP addresses.
Module 4: Designing Routing and Switching Requirements.
Client/Server Model.
HOPI Update Rick Summerhill Director Network Research, Architecture, and Technologies Jerry Sobieski MAX GigaPoP and TSC Program Manager Mark Johnson MCNC.
workshop eugene, oregon What is network management? System & Service monitoring  Reachability, availability Resource measurement/monitoring.
MonNet – a project for network and traffic monitoring Detection of malicious Traffic on Backbone Links via Packet Header Analysis Wolfgang John and Tomas.
Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.
Research and Education Networking Information Sharing and Analysis Center REN-ISAC John Hicks TransPAC2/Indiana University
Chapter 4 Objectives Upon completion you will be able to: Classful Internet Addressing Understand IPv4 addresses and classes Identify the class of an.
OS Services And Networking Support Juan Wang Qi Pan Department of Computer Science Southeastern University August 1999.
1.1 1 Purpose of firewall : –Control access to or from a protected network; –Implements network access policy connections pass through firewall and are.
Internet2 Network Observatory Update Matt Zekauskas, Measurement SIG 2006 Fall Member Meeting 4-Dec-2006.
1 An Error Reporting Mechanism (ICMP). 2 IP Semantics IP is best-effort Datagrams can be –Lost –Delayed –Duplicated –Delivered out of order –Corrupted.
1 Chapter 23 Internetworking Part 3 (Control Messages, Error Handling, ICMP)
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 9 Virtual Trunking Protocol.
Interpreting Network Traffic Flows Bill Jensen, Paul Nazario and Perry Brunelli.
Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor.
5/18/2006 Department of Technology Services Security Architecture.
TCP/IP Model & How it Relates to Browsing the Internet Anonymously BY: HELEN LIN.
IP addresses IPv4 and IPv6. IP addresses (IP=Internet Protocol) Each computer connected to the Internet must have a unique IP address.
1 Distributed Monitoring CERNET's experience Xing Li
Selective Packet Inspection to Detect DoS Flooding Using Software Defined Networking Author : Tommy Chin Jr., Xenia Mountrouidou, Xiangyang Li and Kaiqi.
Early Detection of DDoS Attacks against SDN Controllers
INTERNATIONAL NETWORKS At Indiana University 1 NetSage: An Open, Privacy-Aware, Network Measurement, Analysis, and Visualization Service GLIF 2015, Prague.
Wikipedia Edit. Internet of Things It is the idea of enabling everyday objects with software, sensors and network connectivity. The connectivity would.
Computer Network Architecture Lecture 7: OSI Model Layers Examples II 1 26/12/2012.
Department of Computer Science Introduction to Information Security Chapter 7 Activity Security Assessment Semester 1.
1 Chapter 23 Internetworking Part 3 (Control Messages, Error Handling, ICMP)
The Internet2 Network and LHC Rick Summerhill Director Network Research, Architecture, and Technologies Internet2 LHC Meeting 23 October 2006 FERMI Lab,
June 11, 2002 Abilene Route Quality Control Initiative Aaron D. Britt Guy Almes Route Optimization.
DISA Cyclops Program.
Virtual Private Network (VPN)
Visit for more Learning Resources
Mobile IP.
A quick intro to networking
Network Fundamentals – Chapter 5
Part III Datalink Layer 10.
Secure Software Confidentiality Integrity Data Security Authentication
21-2 ICMP(Internet control message protocol)
Outline Basics of network security Definitions Sample attacks
Network Architecture Introductory material
BIS 320 NERD Perfect Education/ bis320nerd.com.
Binary Lesson 5 Classful IP Addresses
Review of Important Networking Concepts
Virtual Private Network (VPN)
* Essential Network Security Book Slides.
IS4680 Security Auditing for Compliance
INTERNET PROTOCOL Presented by: Md:Faruque-A-Azam ID:1642CSE00570 Batch:42 CSE,MIU.
Net 323 D: Networks Protocols
Part III Datalink Layer 10.
NET 323D: Networks Protocols
Outline Basics of network security Definitions Sample attacks
OSI Network Layer Presented By Dr. Waleed Alseat Mutah University.
Presentation transcript:

Panel on Network Data and Monitoring - The Abilene Network Rick Summerhill Director, Network Research, Architecture, and Technologies, Internet2 Net@Edu 2005 Tempe, AZ 8 December 2018

The Abilene Network Abilene Network - national backbone connecting most of the research universities across the united states Original design included measurement capabilities to support operations. We realized there was tremendous research potential, leading to the Abilene Observatory. The Abilene Observatory A correlated database consisting of datasets, including utilization data, routing data, throughput data, latency data, netflow data, etc. Some of the data is sensitive - neflow data and passive measurement data - IP addresses and port numbers - the potential to understand what individuals are doing. 12/8/2018

Sensitive Datasets Netflow data - sampled at 1% Collected from all 11 backbone routers in Abilene and saved for approximately 3 months. Current dataset is anonymized by zeroing the low order 11 bits before it ever touches a disk. There is interest in having more detailed data. Passive monitoring data - sampled at 100% A router clamp around the Indianapolis router. Can look at headers from all packets in and out of the router! IP addresses are hashed, but there are potential exploits that could weaken privacy. 12/8/2018

The Issues Privacy Network Research and Operations We have an ethical responsibility to assure the individual privacy of our members' students, faculty, and staff using the Abilene Network. Datasets given to others, no matter how well intentioned, could be vulnerable to mistakes, errors in access, etc. However, Network Research and Operations The network is under threat. Unfortunately, if someone wants to take a host off the network, one that has limited resources associated with it, it can be done. We need to insure researchers have access to data - understand fundamental problems and propose solutions. Similarly, for operational reasons, keeping data for reasonable periods of time is essential for understanding operational problems. 12/8/2018

Policy Issues Considering changes in policy to allow additional collections of data and its access. Need to build a process for approval of expanded data access We’re interested in reactions from the community. It would be nice to reach consensus on what is appropriate and the process involved. Some examples: Could allow access to data that is hashed, with reasonable persistence for keys. Might require agreements with universities Could allow access to data that, after a reasonable period of time, is anonymized using existing techniques. Would require agreements with universities. 12/8/2018

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.