Research of the IP-Telephony for the Czech Armed Forces Zburníková Lucie Lt. Bc. Zburníková Lucie.

Slides:



Advertisements
Similar presentations
NETWORK SECURITY ADD ON NOTES MMD © Oct2012. IMPLEMENTATION Enable Passwords On Cisco Routers Via Enable Password And Enable Secret Access Control Lists.
Advertisements

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Exploring the Network Network Basics.
Net security - budi rahardjo Overview of Network Security Budi Rahardjo CISCO seminar 13 March 2002.
1 MITP 458 : Information Security and Assurance VOIP Xeon Group Rohit Bhat Ryan Hannan Alan Mui Irfan Siddiqui.
Intrusion Detection Systems By: William Pinkerton and Sean Burnside.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
1 Telstra in Confidence Managing Security for our Mobile Technology.
Introduction to Firewall Technologies. Objectives Upon completion of this course, you will be able to: Understand basic concepts of network security Master.
2 3856_10_2001_c1_X © 2001, Cisco Systems, Inc. All rights reserved. Security Technologies.
Student : Wilson Hidalgo Ramirez Supervisor: Udaya Tupakula Filtering Techniques for Counteracting DDoS Attacks.
Computer Security and Penetration Testing
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World
Business Data Communications, Fourth Edition Chapter 10: Network Security.
Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
By Edith Butler Fall Our Security Ways we protect our valuables: Locks Security Alarm Video Surveillance, etc.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Design and Implementation of SIP-aware DDoS Attack Detection System.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Exploring the Network Introduction to Networks.
Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
APA of Isfahan University of Technology In the name of God.
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 5 – Implementing Intrusion Prevention.
1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.
Week 8-1 Week 8: Denial of Service (DoS) What is Denial of Service Attack? –Any attack that causes a system to be unavailability. This is a violation of.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
IDS – Intrusion Detection Systems. Overview  Concept  Concept : “An Intrusion Detection System is required to detect all types of malicious network.
1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.
Exploring the Network.
Chapter 5: Networks, Internet & Ecommerce IT Auditing & Assurance, 2e, Hall & Singleton.
Denial-of-Service Attacks Justin Steele Definition “A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate.
Securing Wired Local Area Networks(LANs)
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Basic Security Networking for Home and Small Businesses – Chapter 8.
Chapter 5: Implementing Intrusion Prevention
Denial of Service (DoS) Attacks: A Nightmare for eCommerce Jearanai Muangsuwan Strayer University.
CHAPTER 3 Classes of Attack. INTRODUCTION Network attacks come from both inside and outside firewall. Kinds of attacks: 1. Denial-of-service 2. Information.
GORAN OSIM AND TIM MYERS CPSC 424 DDOS AND THE SYSADMIN.
Deployment of Snort IDS in SIP based VoIP environments Jiří Markl Jaroslav Dočkal.
Group 8 Distributed Denial of Service. DoS SYN Flood DDoS Proposed Algorithm Group 8 What is Denial of Service? “Attack in which the primary goal is to.
Denial of Service Sharmistha Roy Adversarial challenges in Web Based Services.
Secure Wired Local Area Network( LAN ) By Sentuya Francis Derrick ID Module code:CT3P50N BSc Computer Networking London Metropolitan University.
Denial of Service Attacks
Module 11: Designing Security for Network Perimeters.
Denial of Service DoS attacks try to deny legimate users access to services, networks, systems or to other resources. There are DoS tools available, thus.
Cryptography and Network Security Sixth Edition by William Stallings.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Intrusion Detection and Incidence Response Course Name – IT Intrusion Detection and Incidence.
Computer Security Status C5 Meeting, 2 Nov 2001 Denise Heagerty, CERN Computer Security Officer.
Intro to Network Security. Vocabulary Vulnerability Weakness that can be compromised Threat A method to exploit a vulnerability Attack Use of one or more.
IT Ess I v.4x Chapter 1 Cisco Discovery Semester 1 Chapter 8 JEOPADY Q&A by SMBender, Template by K. Martin.
DOS Attacks Lyle YapDiangco COEN 150 5/21/04. Background DOS attacks have been around for decades Usually intentional and malicious Can cost a target.
ASHRAY PATEL Securing Public Web Servers. Roadmap Web server security problems Steps to secure public web servers Securing web servers and contents Implementing.
Network Security SUBMITTED BY:- HARENDRA KUMAR IT-3 RD YR. 1.
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
1Security for Service Providers – Dave Gladwin – Newport Networks – SIP ’04 – 22-Jan-04 Security for Service Providers Protecting Service Infrastructure.
Chapter 1: Exploring the Network
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
ISMS Information Security Management System
Networking for Home and Small Businesses – Chapter 8
Networking for Home and Small Businesses – Chapter 8
Networking for Home and Small Businesses – Chapter 8
Presentation transcript:

Research of the IP-Telephony for the Czech Armed Forces Zburníková Lucie Lt. Bc. Zburníková Lucie

Main points of presentation characteristic of IP-telephony aims of the scientific work DoS attacks prevention and response overall summary 2

3 Aims of the scientific work to create a possible network diagram to categorize the DoS attacks to make the total and actual list of them to make the total and actual list of them to propose the form of detection and counteraction against them

Network diagram 4

5 Categories and types of Denial of Service attacks Direct Denial of Service attacks: Direct Denial of Service attacks: Single-tier attacks Single-tier attacks Dual-tier attacks Dual-tier attacks Triple-tier ‘distributed’ attacks Triple-tier ‘distributed’ attacks Indirect Denial of Service attacks: Indirect Denial of Service attacks: The LoveBug virus The LoveBug virus Code Red and Nimda worms Code Red and Nimda worms

6 Direct Denial of Service attacks  Single-tier DoS Attacks ( ) Examples: Ping of Death, SYN floods, other malformed packet attacks  Dual-tier DoS Attacks (late 1997)‏ Example: Smurf  Triple-tier DDoS Attacks ( )‏ Examples: TFN2K, Stacheldraht, Mstream

7 Compare of the attacks  Older attacks are ineffective or of low danger.  The attempts that use new vulnerabilities of systems have low lifetime.  Flood attacks are simple, but dangerous.  DDoS flood attacks cause serious problems which can shift of any server.  Some new attempts can combine number of different simple attacks and can use DDos.

8 Prevention and Response Intrusion detection system (IDS) Intrusion detection system (IDS) network intrusion detection system network intrusion detection system protocol-based intrusion detection system (Example: Snort)‏ protocol-based intrusion detection system (Example: Snort)‏ application protocol-based intrusion detection system application protocol-based intrusion detection system host-based intrusion detection system host-based intrusion detection system hybrid intrusion detection system (Example: Prelude)‏ hybrid intrusion detection system (Example: Prelude)‏ Intrusion prevention system Intrusion prevention system (Self)defence against DoS attacks (Self)defence against DoS attacks

- Network -Based Host- Based + It's able to verify if attack was succesful or not. The functionality isn't affected by transmission or using the encryption. It's able to prevent the attack. It uses server as a source. The possibility of usage depends on OS. The extensibility - requires installation of one agent / server. It protects all terminal station on the monitoring net. It has no influence on function of the terminal stations / servers. It's able to detect DoS attacks. There are more difficult implement. in the environment of the switching LAN. Monitoring above 1Gb/s is the problem for now. Generally it can't for-actively stop the attack. Network-based vs. host- based system

10 Solution Set Router Sensor Host Sensor Firewall Sensor Mgmt Network Sensor Standard Edition Web Server Edition xxx Secure Command Line Web UI Embedded Mgr CiscoWorks VMS Switch Sensor Catalyst 6500 IDS Module E515E IDS on platforms of Cisco

11 General defence The systems for detection (and prevention) unauthorized intersection get past accessories for security nets by the firewalls. We obtain high level of defence in the face of unauthorized activities by the combination of net IDS and IDS for servers. The correct function of IDS has to be supported by regular plotting the adventitious information and upgrade of the system.

Overall summary VoIP telephony has a great potential to bring considerable advantages into telecommunications in comparison with standard technologies. The main advantage is cost reduction especially in the case of long distance calls. It offers quality phone services including secure voice and development prevention and response. 12

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.