TERENA Networking Conference, 2003©The JNT Association, 2003 Designing Manageable Protocols Andrew Cormack Chief Security Adviser UKERNA.

Slides:



Advertisements
Similar presentations
©2012 ClearOne Communications. Confidential and proprietary. COLLABORATE ® Video Conferencing Networking Basics.
Advertisements

H. 323 and firewalls: Problem Statement and Solution Framework Author: Melinda Shore, Nokia Presenter: Shannon McCracken.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Skills: Concepts: layered protocols, transport layer functions, TCP and UDP protocols, isochronous applications This work is licensed under a Creative.
Policy Based Routing using ACL & Route Map By Group 7 Nischal ( ) Pranali ( )
Introduction to Transport Layer. Transport Layer: Motivation A B R1 R2 r Recall that NL is responsible for forwarding a packet from one HOST to another.
1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &
TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.
Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
1 Version Traffic Class Flow Label Payload Length Next Header Hop Limit Source Address Destination Address IPv6 Header.
Subnetting.
Information Networking Security and Assurance Lab National Chung Cheng University Anti-hacker Tool Kit: CH13 Port Redirection Jared 04/03/31.
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 12 Transmission Control Protocol (TCP) Basics.
A Brief Taxonomy of Firewalls
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
1 Figure 5-4: Drivers of Performance Requirements: Traffic Volume and Complexity of Filtering Performance Requirements Traffic Volume (Packets per Second)
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.
Intranet, Extranet, Firewall. Intranet and Extranet.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 4 v3.0 Module 1 Scaling IP Addresses.
IP Ports and Protocols used by H.323 Devices Liane Tarouco.
January 2009Prof. Reuven Aviv: Firewalls1 Firewalls.
Chabot College ELEC Ports (Layer 4).
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Module 12: Routing Fundamentals. Routing Overview Configuring Routing and Remote Access as a Router Quality of Service.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Crossing firewalls Liane Tarouco Leandro Bertholdo RNP POP/RS.
TCP/IP Transport and Application (Topic 6)
Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.
1 © 2004, Cisco Systems, Inc. All rights reserved. Chapter 9 Intermediate TCP/IP/ Access Control Lists (ACLs)
1 Firewalls G53ACC Chris Greenhalgh. 2 Contents l Attacks l Principles l Simple filters l Full firewall l Books: Comer ch
TCP/IP Protocols Contains Five Layers
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
TCP/IP Protocol Suite 1 Chapter 16 Upon completion you will be able to: Host Configuration: BOOTP and DHCP Know the types of information required by a.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 4 v3.0 Module 1 Scaling IP Addresses.
1 Firewalls Types of Firewalls Inspection Methods  Static Packet Inspection  Stateful Packet Inspection  NAT  Application Firewalls Firewall Architecture.
Module 10: How Middleboxes Impact Performance
ACCESS CONTROL LIST.
Security fundamentals Topic 10 Securing the network perimeter.
IP addresses IPv4 and IPv6. IP addresses (IP=Internet Protocol) Each computer connected to the Internet must have a unique IP address.
Firewall Matthew Prestifilippo, Bill Kazmierski, Pat Sparrow.
1 12-Jan-16 OSI network layer CCNA Exploration Semester 1 Chapter 5.
1 Figure 3-13: Internet Protocol (IP) IP Addresses and Security  IP address spoofing: Sending a message with a false IP address (Figure 3-17)  Gives.
Firewall Technology and InterCell Communication Peter T. Dinsmore Trusted Information Systems Network Associates Inc 3060 Washington Rd (Rt. 97) Glenwood,
Chapter 11 – Cloud Application Development. Contents Motivation. Connecting clients to instances through firewalls. Cloud Computing: Theory and Practice.
Cisco I Introduction to Networks Semester 1 Chapter 7 JEOPADY.
Kittiphan Techakittiroj (25/06/59 19:10 น. 25/06/59 19:10 น. 25/06/59 19:10 น.) Network Address Translation Kittiphan Techakittiroj
Ad Hoc – Wireless connection between two devices Backbone – The hardware used in networking Bandwidth – The speed at which the network is capable of sending.
Security fundamentals
© 2003, Cisco Systems, Inc. All rights reserved.
Application Layer Functionality and Protocols Abdul Hadi Alaidi
NAT、DHCP、Firewall、FTP、Proxy
Host Configuration: BOOTP and DHCP
Computer Communication and Networking
What the OSI Protocol Layers Do
Chris Meullion Preston Burden Dwight Philpotts John C. Jones-Walker
Working at a Small-to-Medium Business or ISP – Chapter 7
Working at a Small-to-Medium Business or ISP – Chapter 7
Host Configuration: BOOTP and DHCP
Working at a Small-to-Medium Business or ISP – Chapter 7
IS 4506 Server Configuration (HTTP Server)
What does this packet do?
دیواره ی آتش.
When you connect with DHCP, you are assigned a
Firewalls.
ACCESS CONTROL LIST Slides Prepared By Adeel Ahmed,
46 to 1500 bytes TYPE CODE CHECKSUM IDENTIFIER SEQUENCE NUMBER OPTIONAL DATA ICMP Echo message.
Computer Networks Protocols
Session 20 INST 346 Technologies, Infrastructure and Architecture
Transport Protocols Relates to Lab 5. An overview of the transport protocols of the TCP/IP protocol suite. Also, a short discussion of UDP.
Presentation transcript:

TERENA Networking Conference, 2003©The JNT Association, 2003 Designing Manageable Protocols Andrew Cormack Chief Security Adviser UKERNA

TERENA Networking Conference, 2003©The JNT Association, 2003 Why Manage Networks? Networks have production uses Teaching, assessment, administration, video conferencing, … Time-critical, bandwidth-criticial, reliability-critical Bandwidth is finite Some things are more important than others Different priorities in different organisations Important things should have priority Helps if priorities are written down!

TERENA Networking Conference, 2003©The JNT Association, 2003 Management Tools? Manager told – “Service X is important” Manager sees – IP packets Packets have Source & destination address Source & destination port Initial TCP packet has a direction How to map packets to services? Need help from protocol design

TERENA Networking Conference, 2003©The JNT Association, 2003 Management Requirements Identifiable Services give rise to recognisable network flows Controllable Services can be permitted on some network segments Services can be denied from some network segments Non-hazardous My use of a service must not be a hazard to others My use of a service should not be a hazard to me

TERENA Networking Conference, 2003©The JNT Association, 2003 Management Assumptions Least-worst assumptions Port number identifies service E.g. port 80 = web IP address(es) identify location on network Source is client; destination is server [TCP only] Dangerous assumptions IP address identifies person Port <1024 means trusted

TERENA Networking Conference, 2003©The JNT Association, 2003 Case Studies – HTTP ? 80? I [ C [ H ? I [ C [ H [

TERENA Networking Conference, 2003©The JNT Association, 2003 Case Studies – FTP ftp.site ? 21??20 I [ C [ H ? I ? C [ H x

TERENA Networking Conference, 2003©The JNT Association, 2003 Case Studies – passive FTP ftp.site ? 21??? I x C x H x I x C x H [

TERENA Networking Conference, 2003©The JNT Association, more Variable UDP ports Case Studies – P2P (Napster) /24 ?? I x C x H x

TERENA Networking Conference, 2003©The JNT Association, 2003 Future developments Dynamic address allocation DHCP or NAT Must align address allocation with managed groups IP version 6 Little change to manageability Port numbers may be buried in a chain of headers Encryption may make application layer invisible Mobility is extreme dynamic address allocation

TERENA Networking Conference, 2003©The JNT Association, 2003 Conclusion: Protocols need Identifiable traffic flows Well defined, appropriate use of reserved ports Clarity over relationship between hosts Direction of initiation must be apparent Support for layered protection Expect to meet firewalls; work with proxies Application proxies may be only option

TERENA Networking Conference, 2003©The JNT Association, 2003 Give managers options YES/NO is not enough

TERENA Networking Conference, 2003©The JNT Association, 2003

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.