Presentation is loading. Please wait.

Presentation is loading. Please wait.

LANCOM LAnguage for Network COnfiguration and Management Chitra S Agastya Nipun Arora Sambuddho Chakravarty.

Published byAbraham Robertson Modified over 9 years ago

Similar presentations

Presentation on theme: "LANCOM LAnguage for Network COnfiguration and Management Chitra S Agastya Nipun Arora Sambuddho Chakravarty."— Presentation transcript:

1 LANCOM LAnguage for Network COnfiguration and Management Chitra S Agastya (csa2111@columbia.edu) Nipun Arora (na2271@columbia.edu) Sambuddho Chakravarty (sc2516@columbia.edu) Milind Nimesh (mn2353@columbia.edu) Ashish Singh Tomar (ast2124@columbia.edu)

2 Meet the System Administrator Implement security / access policies on various of routers and firewalls Proficient in esoteric configuration languages Configure complex security strategies using low level firewall rules

3 The End Result…. Affects scalability of the network No reusability of code Conflicts arise due to use of different router configuration languages in the same network “Misconfigurations are source of most network vulnerabilities”

4 The Business Angle… “Security managers need a single place to look for the corporate policies on who gets in and who doesn’t” -Forrester report

5 The Solution: LANCOM An out of the box solution to configure routers in a network, manufactured by different vendors Device Independent Configuration Language Domain Specific User Focus: Network Administrator

6 LEXER PARSER SYNTAX DIRECTED TRANSLATION CONFIGURATION ACTIONS SYMBOL TABLE COMMAND CLASSES ROUTING/ FIREWALLING COMMANDS FOR LINUX TRANSLATOR ARCHITECTURE OF LANCOM INPUT SOURCE PROGRAM OUTPUT CONFIG. FILE ROUTING/ FIREWALLING COMMANDS FOR FREE BSD LANCOM COMPILER

7 Programming Constructs Host Host Group Topology Route

8 Program Structure prog Declarative Statements Assignment Statements Configuration Statements endprog policy_type_t pol; pol = inbound deny tcp dst 1.1.1.1 netmask 255.255.255.0 8088; apply policy pol;

9 Separation of Network Topology and Security Policy Description prog ipaddr_t ip1,ip2; ip1=1.1.1.1; ip2=4.4.4.4; policy_type_t p1; p1= inbound deny tcp src 2.2.2.2 netmask 255.255.255.0 all; role_type_t r1; r1=role { p1, outbound deny dst ip2 netmask 255.255.255.255 all}; host_type_t h1; h1=ip_addr 6.6.6.6 netmask 255.255.255.0; host_group_type_t hg1; hg1=host_group {h1, ip_addr 5.5.5.5 netmask 255.255.255.0}; topology_type_t t1; t1=hg1 r1; apply topology t1; endprog POLICY ROLE HOST HOST GROUP TOPOLOGY

10 FreeBSD (IPFW) Linux (IPTABLES ) Webserver Test-Bed to Test Basic Firewall Policy Description Using LANCOM Test-Bed Designed and Implemented on deterlab

11 Device Independent Configuration prog policy_type_t p; p=inbound deny tcp dst 10.3.0.6 netmask 255.255.255.0 8088; apply policy p; endprog Linux (iptables) /sbin/iptables -I FORWARD -p tcp -d 10.3.0.6/255.255.255.0 - s 0.0.0.0/0.0.0.0 --destination-port 8088 -j DROP FreeBSD(ipfw) /sbin/ipfw add deny tcp from 0.0.0.0:0.0.0.0 to 10.3.0.6:255.255.255.0 8088

12 Tools Used

13 What we learned AntlrWorks – an easy to use GUI interface for writing your own language Networking Concepts Team Work Not all team members were conversant with networking

14 THANK YOU!!

Download ppt "LANCOM LAnguage for Network COnfiguration and Management Chitra S Agastya Nipun Arora Sambuddho Chakravarty."

Similar presentations

Student Guide www.visioninfosystems.org Access List.

Student Guide Access List.
Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:

Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:
CSC458 Programming Assignment II: NAT Nov 7, 2014.

CSC458 Programming Assignment II: NAT Nov 7, 2014.
Static Routing Exercise AFNOG 2003/ Track 2 # 1 Static Routing Exercise u Unix network interface configuration u Cisco network interface configuration.

Static Routing Exercise AFNOG 2003/ Track 2 # 1 Static Routing Exercise u Unix network interface configuration u Cisco network interface configuration.
Chapter 9: Access Control Lists

Chapter 9: Access Control Lists
CIS 193A – Lesson9 Network Infrastructure. CIS 193A – Lesson9 Focus Question What are three high level subnets a corporate intranet will want to support?

CIS 193A – Lesson9 Network Infrastructure. CIS 193A – Lesson9 Focus Question What are three high level subnets a corporate intranet will want to support?
Firewall Simulation Teaching Information Security Using: Visualization Tools, Case Studies, and Hands-on Exercises May 23, 2012.

Firewall Simulation Teaching Information Security Using: Visualization Tools, Case Studies, and Hands-on Exercises May 23, 2012.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
NetML Network Markup Language Ivan Santarelli Alexandra Bellogini

NetML Network Markup Language Ivan Santarelli Alexandra Bellogini
Policy Based Routing using ACL & Route Map By Group 7 Nischal (304360958) Pranali (304378534)

Policy Based Routing using ACL & Route Map By Group 7 Nischal ( ) Pranali ( )
Securing Network using Linux. Lesson Outline Setting up a secure system TCP Wrapper configuration Firewalls in Linux Authentication Systems –NIS –Kerberos.

Securing Network using Linux. Lesson Outline Setting up a secure system TCP Wrapper configuration Firewalls in Linux Authentication Systems –NIS –Kerberos.
1 Version 3.0 Module 8 Virtual LANs. 2 Version 3.0.

1 Version 3.0 Module 8 Virtual LANs. 2 Version 3.0.
Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.

Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—4-1 LAN Connections Constructing a Network Addressing Scheme.

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—4-1 LAN Connections Constructing a Network Addressing Scheme.
Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.

Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
PacNOG 6: Nadi, Fiji Dealing with DDoS Attacks Hervey Allen Network Startup Resource Center.

PacNOG 6: Nadi, Fiji Dealing with DDoS Attacks Hervey Allen Network Startup Resource Center.
Linux Operations and Administration

Linux Operations and Administration
CISCO PIX FIREWALL Configuration for DCSL Tuan Anh Nguyen CSCI 5234 University of Houston Clear Lake Fall Semester, 2005.

CISCO PIX FIREWALL Configuration for DCSL Tuan Anh Nguyen CSCI 5234 University of Houston Clear Lake Fall Semester, 2005.
Interior Gateway Routing Protocol (IGRP) is a distance vector interior routing protocol (IGP) invented by Cisco. It is used by routers to exchange routing.

Interior Gateway Routing Protocol (IGRP) is a distance vector interior routing protocol (IGP) invented by Cisco. It is used by routers to exchange routing.

Similar presentations

Ads by Google