Presentation is loading. Please wait.

Presentation is loading. Please wait.

TERENA Networking Conference, 2003©The JNT Association, 2003 Designing Manageable Protocols Andrew Cormack Chief Security Adviser UKERNA.

Published byIlene Bond Modified over 9 years ago

Similar presentations

Presentation on theme: "TERENA Networking Conference, 2003©The JNT Association, 2003 Designing Manageable Protocols Andrew Cormack Chief Security Adviser UKERNA."— Presentation transcript:

1 TERENA Networking Conference, 2003©The JNT Association, 2003 Designing Manageable Protocols Andrew Cormack Chief Security Adviser UKERNA

2 TERENA Networking Conference, 2003©The JNT Association, 2003 Why Manage Networks? Networks have production uses Teaching, assessment, administration, video conferencing, … Time-critical, bandwidth-criticial, reliability-critical Bandwidth is finite Some things are more important than others Different priorities in different organisations Important things should have priority Helps if priorities are written down!

3 TERENA Networking Conference, 2003©The JNT Association, 2003 Management Tools? Manager told – “Service X is important” Manager sees – IP packets Packets have Source & destination address Source & destination port Initial TCP packet has a direction How to map packets to services? Need help from protocol design

4 TERENA Networking Conference, 2003©The JNT Association, 2003 Management Requirements Identifiable Services give rise to recognisable network flows Controllable Services can be permitted on some network segments Services can be denied from some network segments Non-hazardous My use of a service must not be a hazard to others My use of a service should not be a hazard to me

5 TERENA Networking Conference, 2003©The JNT Association, 2003 Management Assumptions Least-worst assumptions Port number identifies service E.g. port 80 = web IP address(es) identify location on network Source is client; destination is server [TCP only] Dangerous assumptions IP address identifies person Port <1024 means trusted

6 TERENA Networking Conference, 2003©The JNT Association, 2003 Case Studies – HTTP www.site ? 80? I [ C [ H ? I [ C [ H [

7 TERENA Networking Conference, 2003©The JNT Association, 2003 Case Studies – FTP ftp.site ? 21??20 I [ C [ H ? I ? C [ H x

8 TERENA Networking Conference, 2003©The JNT Association, 2003 Case Studies – passive FTP ftp.site ? 21??? I x C x H x I x C x H [

9 TERENA Networking Conference, 2003©The JNT Association, 2003 6697-6701 + more Variable UDP ports Case Studies – P2P (Napster) 64.124.41/24 ?? 4444-8888 I x C x H x

10 TERENA Networking Conference, 2003©The JNT Association, 2003 Future developments Dynamic address allocation DHCP or NAT Must align address allocation with managed groups IP version 6 Little change to manageability Port numbers may be buried in a chain of headers Encryption may make application layer invisible Mobility is extreme dynamic address allocation

11 TERENA Networking Conference, 2003©The JNT Association, 2003 Conclusion: Protocols need Identifiable traffic flows Well defined, appropriate use of reserved ports Clarity over relationship between hosts Direction of initiation must be apparent Support for layered protection Expect to meet firewalls; work with proxies Application proxies may be only option

12 TERENA Networking Conference, 2003©The JNT Association, 2003 Give managers options YES/NO is not enough

13 TERENA Networking Conference, 2003©The JNT Association, 2003

Download ppt "TERENA Networking Conference, 2003©The JNT Association, 2003 Designing Manageable Protocols Andrew Cormack Chief Security Adviser UKERNA."

Similar presentations

©2012 ClearOne Communications. Confidential and proprietary. COLLABORATE ® Video Conferencing Networking Basics.

©2012 ClearOne Communications. Confidential and proprietary. COLLABORATE ® Video Conferencing Networking Basics.
H. 323 and firewalls: Problem Statement and Solution Framework Author: Melinda Shore, Nokia Presenter: Shannon McCracken.

H. 323 and firewalls: Problem Statement and Solution Framework Author: Melinda Shore, Nokia Presenter: Shannon McCracken.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Skills: Concepts: layered protocols, transport layer functions, TCP and UDP protocols, isochronous applications This work is licensed under a Creative.

Skills: Concepts: layered protocols, transport layer functions, TCP and UDP protocols, isochronous applications This work is licensed under a Creative.
Policy Based Routing using ACL & Route Map By Group 7 Nischal (304360958) Pranali (304378534)

Policy Based Routing using ACL & Route Map By Group 7 Nischal ( ) Pranali ( )
Introduction to Transport Layer. Transport Layer: Motivation A B R1 R2 r Recall that NL is responsible for forwarding a packet from one HOST to another.

Introduction to Transport Layer. Transport Layer: Motivation A B R1 R2 r Recall that NL is responsible for forwarding a packet from one HOST to another.
1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &

1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &
TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.

TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.
Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.

Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
1 Version Traffic Class Flow Label Payload Length Next Header Hop Limit Source Address Destination Address 0 4 12 16 24 31 IPv6 Header.

1 Version Traffic Class Flow Label Payload Length Next Header Hop Limit Source Address Destination Address IPv6 Header.
Subnetting.

Subnetting.
Information Networking Security and Assurance Lab National Chung Cheng University Anti-hacker Tool Kit: CH13 Port Redirection Jared 04/03/31.

Information Networking Security and Assurance Lab National Chung Cheng University Anti-hacker Tool Kit: CH13 Port Redirection Jared 04/03/31.
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 12 Transmission Control Protocol (TCP) Basics.

Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 12 Transmission Control Protocol (TCP) Basics.
A Brief Taxonomy of Firewalls

A Brief Taxonomy of Firewalls
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
1 Figure 5-4: Drivers of Performance Requirements: Traffic Volume and Complexity of Filtering Performance Requirements Traffic Volume (Packets per Second)

1 Figure 5-4: Drivers of Performance Requirements: Traffic Volume and Complexity of Filtering Performance Requirements Traffic Volume (Packets per Second)
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.

Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.
Intranet, Extranet, Firewall. Intranet and Extranet.

Intranet, Extranet, Firewall. Intranet and Extranet.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 4 v3.0 Module 1 Scaling IP Addresses.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 4 v3.0 Module 1 Scaling IP Addresses.

Similar presentations

Ads by Google