Workpackage 3 New security algorithm design ICS-FORTH Ipswich 19 th December 2007.

Slides:



Advertisements
Similar presentations
Firewall Simulation Teaching Information Security Using: Visualization Tools, Case Studies, and Hands-on Exercises May 23, 2012.
Advertisements

Guide to Network Defense and Countermeasures Second Edition
Firewalls and Intrusion Detection Systems
Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.
1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &
Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.
OSI Model Routing Connection-oriented/Connectionless Network Services.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Workpackage 3 New security algorithm design ICS-FORTH Heraklion, 3 rd June 2009.
ICS-FORTH WISDOM Workpackage 3: New security algorithm design FORTH-ICS The next six months Cork, 29 January 2007.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.
FIREWALL Mạng máy tính nâng cao-V1.
Workpackage 3 New security algorithm design ICS-FORTH Paris, 30 th June 2008.
COEN 252 Computer Forensics
What is a Protocol A set of definitions and rules defining the method by which data is transferred between two or more entities or systems. The key elements.
Chapter 6: Packet Filtering
Firewall and Internet Access Mechanism that control (1)Internet access, (2)Handle the problem of screening a particular network or an organization from.
1 The Firewall Menu. 2 Firewall Overview The GD eSeries appliance provides multiple pre-defined firewall components/sections which you can configure uniquely.
Access Control List ACL. Access Control List ACL.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Introduction to Networks CS587x Lecture 1 Department of Computer Science Iowa State University.
11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Transmission Control Protocol TCP. Transport layer function.
Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.
Access Control List (ACL)
1 Firewalls G53ACC Chris Greenhalgh. 2 Contents l Attacks l Principles l Simple filters l Full firewall l Books: Comer ch
TCP/IP Protocols Contains Five Layers
Linux Networking and Security
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
Packet Filtering COMP 423. Packets packets datagram To understand how firewalls work, you must first understand packets. Packets are discrete blocks of.
Open-Eye Georgios Androulidakis National Technical University of Athens.
Network Security Part III: Security Appliances Firewalls.
1 Network Firewalls CSCI Web Security Spring 2003 Presented By Yasir Zahur.
Security fundamentals Topic 10 Securing the network perimeter.
1 Firewall Rules. 2 Firewall Configuration l Firewalls can generally be configured in one of two fundamental ways. –Permit all that is not expressly denied.
Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:
ICS-FORTH WISDOM Workpackage 3: New security algorithm design FORTH-ICS Update and plans for the next six months Heraklion, 4 th June 2007.
Data Security in Local Network Using Distributed Firewall Presented By- Rahul N.Bais Guide Prof. Vinod Nayyar H.O.D Prof.Anup Gade.
Role Of Network IDS in Network Perimeter Defense.
Access Control List (ACL) W.lilakiatsakun. Transport Layer Review (1) TCP (Transmission Control Protocol) – HTTP (Web) – SMTP (Mail) UDP (User Datagram.
SYSTEM ADMINISTRATION Chapter 10 Public vs. Private Networks.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
WISDOM Demonstrator End of project experiment to demonstrate optical security checking Hardware/software for TCP port checking Proposal –Use software defined.
Chapter 8.  Upon completion of this chapter, you should be able to:  Understand the purpose of a firewall  Name two types of firewalls  Identify common.
FIREWALLS An Important Component in Computer Systems Security By: Bao Ming Soh.
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
Security fundamentals
What is a Protocol A set of definitions and rules defining the method by which data is transferred between two or more entities or systems. The key elements.
CompTIA Security+ Study Guide (SY0-401)
Snort – IDS / IPS.
Introduction to Networking
CompTIA Security+ Study Guide (SY0-401)
Digital Pacman: Firewall Edition
I. Basic Network Concepts
Firewalls Purpose of a Firewall Characteristic of a firewall
POOJA Programmer, CSE Department
دیواره ی آتش.
Internet Protocols IP: Internet Protocol
Firewalls.
Firewalls Chapter 8.
Session 20 INST 346 Technologies, Infrastructure and Architecture
Presentation transcript:

Workpackage 3 New security algorithm design ICS-FORTH Ipswich 19 th December 2007

WISDOM WP3: New security algorithm design Objectives Identify critical security application components which can be efficiently implemented in the optical domain. Characterise constraints to algorithmic components and develop novel analytical techniques for simplified pattern matching. Design a Security Application Programming Interface (SAPI) which will be the interface between high-level security applications and low-level optical implementation Tasks - Deliverables WP 3.1: Security Applications Partitioning (M12) WP 3.2: Identification of simplified Security Algorithm Components (M24) WP 3.3: Definition of a Security Application Programming Interface: SAPI (M27)

WP3.1 Security Applications Partitioning Identify components which can be effectively and efficiently implemented in the optical domain Partitioning of security-related applications (Firewalls, DoS attacks detection, IDS/IPS) into -high-level part (electronic) -low-level part (optical) D3.1 report M12

WP3.1 Security Applications Partitioning Basic firewall functionality in the optical domain Look at port numbers Block traffic for specific ports Optical filtering, optical pattern matching Look at IP addresses Block traffic for specific IP addresses Optical filtering, optical/electronic pattern matching Look at IP protocol Block traffic for certain protocols Headers only Less than 10% of rules, more than 90% of alerts

WP3.1 Security Applications Partitioning Firewall rule example Inspection Deny all incoming traffic with IP matching internal IP source IP address Deny incoming from black-listed IP addresses source IP address Deny all incoming ICMP traffic IP protocol Deny incoming TCP/UDP 135/445 (RPC, Windows Sharing) destination port Deny incoming/outgoing TCP 6666/6667 destination port Allow incoming TCP 80, 443 (http, https) destination port to internal web server (destination IP address) Deny incoming TCP 25 to SMTP server destination port from external IP addresses (destination)/source IP address Allow UDP 53 to internal destination port DNS server (destination IP address) typical port assignments for some other services/applications ftp TCP 21, ssh TCP 22, telnet TCP 23, POP3 TCP 110, IMAP 143

WP3.1 Security Applications Partitioning Filtering out traffic

WP3.1 Security Applications Partitioning DoS attacks SYN bit optical counter proposed optical DoS attack detection

WP3.1 Security Applications Partitioning Security OperationInspectionApplication Example Match network packet targeting a specific service Destination Port Number Filtering out traffic Match network packet originating from a specific service Source Port Number Filtering out a Web server’s response Match network packet targeting specific computer(s) Destination IP Address Preventing contact with a computer Match network packet originating from specific computer(s) Source IP Address Preventing access from a computer Match network packet with specific properties IP protocol header field Filtering out ICMP traffic Match network packet targeting a specific service and originating from specific computers Destination Port Number and Source IP Address SPAM filter Denial of Service attack detectionSYN flag Preventing TCP SYN flood attacks

WP3.2 Identification of Simplified Security Algorithms Components Optical pre-processing for more complex pattern recognition Restrictions in optical domain (buffering, level of integration, etc) Scalability of security pattern matching algorithms, optimum balance between optical and electronic processing (WP6 ) Develop algorithms that will allow optical bit-serial processing subsystems to operate as a pre-processor to more complex pattern recognition techniques. D3.2 Identification of simplified Security Algorithms Components (M24)

WP3.2 Identification of Simplified Security Algorithms Components Tree-like structures Hash functions Bloom filters Heuristics Parallel use of optical devices up to a dozen “on a chip” Parallel/Distributed Architectures

WP3.2 Identification of Simplified Security Algorithms Components Combine optical and electronic signature-based detection Optical traffic splitter optical header processing for load balancing e.g., group packets according to port number, IP, etc Multiple “specialized” (electronic) processors parallel operation possibly more efficient payload inspection by performing same operations to same type of packets Many issues, such as even distribution of load to sensors, anomaly-based detection, etc.

WP3.2 Identification of Simplified Security Algorithms Components Specifications for optical hardware: Optical Bit Filter Coarse “sift” of packet header Optical Routing Switch Optical Pattern Matching Circuit Optical Buffer Memory Embedded in Bit Filter and Pattern Matching? Optical PRBS generator XOR, AND gates

WP3.2 Identification of Simplified Security Algorithms Components Functional models of optical devices and simulator 1) Very simple, basic building blocks are logic gates Useful for testing efficiency of more complex algorithms, hybrid optical/electronic detection, etc. 2) Include physical models for actual optical components Useful in device development. Much more demanding… Build simulator starting with (1) and expand to (2), when necessary. Commercial solutions (Virtual Photonics, etc).

WP 3.3 Definition of a Security Application Programming Interface (SAPI) SAPI will bridge the gap between optical execution of key components and programming of security applications High-level programming, abstract all low-level details Monitoring Application Programming Interface (MAPI) D3.3 Definition of SAPI (M27)

WP 3.3 Definition of a Security Application Programming Interface (SAPI) Hardware - Software Interface Frequency of user interventions small compared to frequency of optical recognitions Electronics – Optics Interface Labview, Agilent Vee (HPV) Start with Software – Electronics - Optics