communication systems
play

Communication Systems Firewalls University of Freiburg Computer - PowerPoint PPT Presentation

Nov 03, 2022 •506 likes •909 views

Communication Systems Firewalls University of Freiburg Computer Science Computer Networks and Telematics Prof. Christian Schindelhauer Organization I. Data and voice communication in IP networks II. Security issues in networking

  1. Communication Systems Firewalls University of Freiburg Computer Science Computer Networks and Telematics Prof. Christian Schindelhauer

  2. Organization ‣ I. Data and voice communication in IP networks ‣ II. Security issues in networking ‣ III. Digital telephony networks and voice over IP Communication Systems Computer Networks and Telematics 2 Prof. Christian Schindelhauer University of Freiburg

  3. Network Security – “the magic device”: Firewall ‣ Take a completely new track now ... ‣ Firewalls are traffic / packet filters that operate on different layers of our OSI protocol stack ‣ Try for a definition: “A Firewall is a network security device designed to restrict access to resources (information or services) according to a security policy” ‣ Important remark is to be made here: • Firewalls are not a “magic solution” to network security problems, nor are they a complete solution for remote attacks or unauthorized access to data!! • Firewalls could be circumvented in several ways and may increase the complexity of network and this way decrease the level of security! Communication Systems Computer Networks and Telematics 3 Prof. Christian Schindelhauer University of Freiburg

  4. Network Security – Firewalls ‣ A Firewall is a often a network security device, but can be or simply is implemented directly into the end systems ‣ It serves to connect two parts of a network a control the traffic (data) which is allowed to flow between them ‣ Often installed between an entire organization's network and the Internet ‣ A Firewall is always the single path of communication between protected and unprotected networks • Of course there are special cases of multiple Firewalls, redundant connections, fault-tolerant failover etc. • A Firewall can only filter traffic which passes through it • If traffic can get to a network by other means, the Firewall cannot block it Communication Systems Computer Networks and Telematics 4 Prof. Christian Schindelhauer University of Freiburg

  5. Network Security – Firewalls ‣ Types of firewalling concepts: • (MAC / Ethernet frame filter) • Packet filter • Circuit-level proxy • Stateful packet filter • Application-level proxy ‣ Filtering on data link layer • Ethernet packets contain source and destination addresses: MAC • Allow only frames to be delivered from known sources, block frames with unknown MACs Communication Systems Computer Networks and Telematics 5 Prof. Christian Schindelhauer University of Freiburg

  6. Network Security – Firewalls ‣ Filtering on network layer • Source & destination IP addresses - Source address - Destination address Both are numerical – it is not easy for a Firewall ✴ to deal with machine or domain names e.g. www.hotmail.com ✴ - Request: client = source, server = destination - Response: server = source, client = destination Communication Systems Computer Networks and Telematics 6 Prof. Christian Schindelhauer University of Freiburg

  7. Network Security – Firewalls ‣ Filtering on transport level • This is where we deal with (mostly) TCP and UDP port numbers - e.g.: 25 SMTP – sending email (TCP) - 110 POP3 – collecting email (TCP) - 143 IMAP – collecting email (TCP) - 389 LDAP – directory service (TCP) - 636 LDAPS – TLS secured directory service (TCP) - 80 HTTP – web pages (TCP) - 443 HTTPS – secure web pages (TCP) - 53 DNS – name lookups (UDP) - 68, 69 DHCP – dynamic end system IP config (UDP) Communication Systems Computer Networks and Telematics 7 Prof. Christian Schindelhauer University of Freiburg

  8. Network Security – Firewalls ‣ Most Firewalls and their administrators assume that the port number defines the service – not necessarily • who could stop me from sending or receiving mail over the HTTP port • who could stop users from tunneling all their IP traffic over an open port (demonstration of tunnels in Christmas lecture) ‣ Here we get major problem: If users are blocked from using a service and try to avoid the blocking firewall they might find a way through – the admin still thinks all is fine with the network, but the situation might be even worse than without firewall at all ... Communication Systems Computer Networks and Telematics 8 Prof. Christian Schindelhauer University of Freiburg

  9. Network Security – Firewalls ‣ Layer 7 – Application • There is where we find all the 'interesting' stuff ... - Web requests - Images - Executable files - Viruses - Email addresses - Email contents - Usernames - Passwords Communication Systems Computer Networks and Telematics 9 Prof. Christian Schindelhauer University of Freiburg

  10. Network Security – Firewalls ‣ Packet filter – a special router that have the ability to throw packets away independently of network congestion ‣ Examines TCP/IP headers of every packet going through the Firewall, in either direction ‣ Choice of whether to allow or block packet based on: • (MAC source & destination) • IP source & destination addresses (layer 3) • TCP / UDP source & destination ports (layer 4) ‣ Stateful filter • Same as a packet filter, except initial packets in one direction are remembered, and replies are automatically allowed fo • Simpler rules than simple port based packet filter Communication Systems Computer Networks and Telematics 10 Prof. Christian Schindelhauer University of Freiburg

  11. Network Security – Filtering of Packets ‣ Packet filter use rules specify which packets are allowed through the Firewall, and which are dropped • Rules must allow for packets in both directions • Rules may specify source / destination IP addresses, and source / destination TCP / UDP port numbers • Certain (common) protocols are very difficult to support securely (e.g. FTP, IRC, SIP, ...) • Low level of security ‣ Stateful packet filter • Packet filter which understands requests and replies (e.g.: for TCP: SYN, SYN-ACK, ACK) Communication Systems Computer Networks and Telematics 11 Prof. Christian Schindelhauer University of Freiburg

  12. Network Security – Packet Filters ‣ Stateful packet filter • Rules need only specify packets in one direction (from client to server – the direction of the first packet in a connection) • Replies and further packets in the communication are automatically processed • Supports wider range of protocols than simple packet filter (eg: FTP, IRC, H323) • Medium-high level of security ‣ But how to handle the packets traveling through the network stack? ‣ Packet Classification Problem • Individual entries for classifying a packet are called rules Communication Systems Computer Networks and Telematics 12 Prof. Christian Schindelhauer University of Freiburg

  13. Network Security – Filter Rules ‣ Rules • Each rule is a combination of K values (one for each header field in the packet), a priority and an action Ai. • For each entry in a rule different kind of matches are allowed: - exact match (e.g. protocol or packet flags/options) - prefix match (e.g. blocking subnetwork) - range match (e.g. port number ranges) • The classifier or rules database consists of a finite set of rules (R 1 , ... R n ) ordered by descending priority • A packet P matches R i if all the header fields F j , (j = 1...K) match the corresponding fields in R i • The Packet Classification Problem is to determine the matching rule with highest priority for each incoming packet Communication Systems Computer Networks and Telematics 13 Prof. Christian Schindelhauer University of Freiburg

  14. Network Security – Packet Classification ‣ Packet Classification Problem • Todays network links easily reach 1 GBit/s • Fiber optic links can operate at over 40 GBit/s • A huge amount of current Internet traffic is TCP which transmits ACK packets (40 Bytes each) or VoIP RTP/ UDP packets of ~80 Byte • Therefore a worst-case scenario could be a constant stream of ACK packets: - E.g. a saturated 10 GBit/s link carries more then 31/15 million packets per second Communication Systems Computer Networks and Telematics 14 Prof. Christian Schindelhauer University of Freiburg

  15. Network Security – Classification Algorithms ‣ Packet Classification Problem: Algorithm design • Exhaustive Search - Test all rules (e.g. linear search) • Decision Tree - Construct a decision tree from filter rules. Use packet fields to traverse the tree • Decomposition - Decompose multiple field search in instances of single field searches and perform independent searches. Finally combine results • Tuple Space - Partition filter set according to the number of specified bits in filter. Probe partitions or subsets with simple exact match searches Communication Systems Computer Networks and Telematics 15 Prof. Christian Schindelhauer University of Freiburg

  16. Network Security – Classification Algorithms ‣ Packet Classification Problem: Algorithm design (examples) Communication Systems Computer Networks and Telematics 16 Prof. Christian Schindelhauer University of Freiburg

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

SK Telecom 1 U U U U U U U- U - - communication - - - - - communication

SK Telecom 1 U U U U U U U- U - - communication - - - - - communication

U U U U U U U- U - - communication - - - - - communication communication communication communication communication communication communication Korea Mobile Market Trend for Convergence & Ubiquitous Communication 2004.

400 views • 16 slides
Secret Communication via Secret Communication via Multi- -antenna Systems antenna Systems

Secret Communication via Secret Communication via Multi- -antenna Systems antenna Systems

Secret Communication via Secret Communication via Multi- -antenna Systems antenna Systems Multi Zang Li Wade Trappe Roy Yates WINLAB, Rutgers University 1 Outline Information theory background on information security Problem

511 views • 22 slides
Communication in Distributed Systems Issues in communication (today) Message-oriented

Communication in Distributed Systems Issues in communication (today) Message-oriented

Communication in Distributed Systems Issues in communication (today) Message-oriented Communication Remote Procedure Calls Transparency but poor for passing references Remote Method Invocation RMIs are essentially RPCs

246 views • 9 slides
Optimizing MPI Communication on Multi-GPU Systems using CUDA Inter-Process Communication Sreeram

Optimizing MPI Communication on Multi-GPU Systems using CUDA Inter-Process Communication Sreeram

Optimizing MPI Communication on Multi-GPU Systems using CUDA Inter-Process Communication Sreeram Potluri* Hao Wang* Devendar Bureddy* Ashish Kumar Singh* Carlos Rosales + Dhabaleswar K. Panda* *Network-Based Computing Laboratory

779 views • 22 slides
Digital Communication Syst Digital Communication Systems ems ECS 452 ECS 452 Asst. Prof. Dr.

Digital Communication Syst Digital Communication Systems ems ECS 452 ECS 452 Asst. Prof. Dr.

Digital Communication Syst Digital Communication Systems ems ECS 452 ECS 452 Asst. Prof. Dr. Prapun Suksompong prapun@siit.tu.ac.th Fading Channels Office Hours: Rangsit Library: Tuesday 16:20-17:20 BKD3601-7: Thursday 16:00-17:00 1

470 views • 22 slides
= + 2 cos (2 ) 0.5 (1 cos(2 2 )) 0.5( ) ft dt ft dt b

= + 2 cos (2 ) 0.5 (1 cos(2 2 )) 0.5( ) ft dt ft dt b

Backgorund: Digital Communication Systems In this note, we will review the basic transmitter and receiver principles in digital communication systems. The discussions will provide useful background for this course. Binary phase shift keying

537 views • 10 slides
Lecture 01 Introduction to Communication Systems I-Hsiang Wang ihwang@ntu.edu.tw National

Lecture 01 Introduction to Communication Systems I-Hsiang Wang ihwang@ntu.edu.tw National

Principle of Communications, Fall 2017 Lecture 01 Introduction to Communication Systems I-Hsiang Wang ihwang@ntu.edu.tw National Taiwan University 2017/9/13 Outline The basic architecture of communication systems Source-channel

213 views • 9 slides
Operating Systems Inter-Process Communication ENCE 360 Outline Introduction Examples

Operating Systems Inter-Process Communication ENCE 360 Outline Introduction Examples

Operating Systems Inter-Process Communication ENCE 360 Outline Introduction Examples Shared Memory Files Pipes Signals Pages 43-45, 733-734 MODERN OPERATING SYSTEMS (MOS) By Andrew Tanenbaum Interprocess Communication

741 views • 29 slides
CHAPTER 8: AGENT COMMUNICATION An Introduction to Multiagent Systems

CHAPTER 8: AGENT COMMUNICATION An Introduction to Multiagent Systems

CHAPTER 8: AGENT COMMUNICATION An Introduction to Multiagent Systems http://www.csc.liv.ac.uk/mjw/pubs/imas/ Chapter 8 An Introduction to Multiagent Systems 1 Agent Communication In this lecture, we cover macro-aspects of intelligent

485 views • 21 slides
A Privacy-preserving Pseudonym Acquisition Scheme for Vehicular Communication Systems Andreas

A Privacy-preserving Pseudonym Acquisition Scheme for Vehicular Communication Systems Andreas

A Privacy-preserving Pseudonym Acquisition Scheme for Vehicular Communication Systems Andreas Messing amessing@kth.se 1 Vehicular Communication Systems Smart Cities Self-driving Transportation Systems Vehicle-to-Vehicle

198 views • 19 slides
Information, Computation, and Communication Networks 1 ICC Module Systems Networks

Information, Computation, and Communication Networks 1 ICC Module Systems Networks

ICC Module Systems Networks Information, Computation, and Communication Networks 1 ICC Module Systems Networks Computer Networks 2 ICC Module Systems Networks Outline Communication protocols Packet switching Protocol

1.17k views • 82 slides
Distributed Systems Group Communication Paul Krzyzanowski pxk@cs.rutgers.edu Except as

Distributed Systems Group Communication Paul Krzyzanowski pxk@cs.rutgers.edu Except as

Distributed Systems Group Communication Paul Krzyzanowski pxk@cs.rutgers.edu Except as otherwise noted, the content of this presentation is licensed under the Creative Commons Attribution 2.5 License. Page 1 Page 1 Modes of communication

961 views • 46 slides
Rowing Together - Communication Tactics in Ambulatory Systems and Collaboration Groups Tracking

Rowing Together - Communication Tactics in Ambulatory Systems and Collaboration Groups Tracking

Rowing Together - Communication Tactics in Ambulatory Systems and Collaboration Groups Tracking Quality, Finance, and Daily Improvement (MDI) Metrics Dina Aper, BSMLS (ASCP), CIC November 1, 2018 2 Objectives Define Communication Tactics

416 views • 19 slides
# Comm. ! Params * ! Optimizing Communication Spark 1.0.1 6 ! Performance: Hadoop 1.0.4 10 !

# Comm. ! Params * ! Optimizing Communication Spark 1.0.1 6 ! Performance: Hadoop 1.0.4 10 !

Varys Efficient Coflow Scheduling ! Mosharaf Chowdhury, ! Yuan Zhong, Ion Stoica ! UC#Berkeley# Communication is Crucial ! Performance Facebook analytics jobs spend 33% of their runtime in communication 1 ! As in-memory systems proliferate, ! the

781 views • 25 slides
Communication systems for vehicle electronics Presentation overview Background automotive

Communication systems for vehicle electronics Presentation overview Background automotive

Communication systems for vehicle electronics Communication systems for vehicle electronics Presentation overview Background automotive electronics as an application area for real-time communication Real time protocols LIN Local

724 views • 38 slides
Communication systems for vehicle electronics Presentation overview Background automotive

Communication systems for vehicle electronics Presentation overview Background automotive

2014-05-05 Communication systems for vehicle electronics Communication systems for vehicle electronics Presentation overview Background automotive electronics as an application area for real-time communication Real time protocols LIN

582 views • 19 slides
Cryptography in the Age of Quantum Computers Mark Zhandry MIT Based on joint works with:

Cryptography in the Age of Quantum Computers Mark Zhandry MIT Based on joint works with:

Cryptography in the Age of Quantum Computers Mark Zhandry MIT Based on joint works with: Dan Boneh, zgr Dagdelen, Marc Fischlin, Anja Lehmann, Christian Schaffner Typical Crypto Application m ! Solution: (Private Key) Encryption c ! c

865 views • 58 slides
Foundation of Cryptography (0368-4162-01), Lecture 8 Encryption Schemes Iftach Haitner, Tel Aviv

Foundation of Cryptography (0368-4162-01), Lecture 8 Encryption Schemes Iftach Haitner, Tel Aviv

Definitions Constructions Active Adversaries Foundation of Cryptography (0368-4162-01), Lecture 8 Encryption Schemes Iftach Haitner, Tel Aviv University January 3 17, 2012 Definitions Constructions Active Adversaries Section 1

1.33k views • 112 slides
Symmetric Cryptography Nadia Heninger and Deian Stefan Some slides adopted from Kirill Levchenko

Symmetric Cryptography Nadia Heninger and Deian Stefan Some slides adopted from Kirill Levchenko

CSE 127: Computer Security Symmetric Cryptography Nadia Heninger and Deian Stefan Some slides adopted from Kirill Levchenko and Dan Boneh Cryptography Cryptography Is: A tremendous tool The basis for many security mechanisms

783 views • 67 slides
Penultimate Review IT Security Ido Rosen University of Chicago 3 March 2007 Ido Rosen

Penultimate Review IT Security Ido Rosen University of Chicago 3 March 2007 Ido Rosen

Policy Cryptography Network Security Penultimate Review IT Security Ido Rosen University of Chicago 3 March 2007 Ido Rosen Penultimate Review Policy Cryptography Network Security 1 Policy Information Security Framework Defining

538 views • 32 slides
Computer Worms A program that copies itself from one computer to another Origins:

Computer Worms A program that copies itself from one computer to another Origins:

Computer Worms A program that copies itself from one computer to another Origins: distributed computations Schoch and Hupp: animations, broadcast messages Segment: part of program copied onto workstation Segment processes

861 views • 35 slides
...Let them hate so long as they fear... oderint dum metuant /WARNING!/:

...Let them hate so long as they fear... oderint dum metuant /WARNING!/:

#UFONet = ( To0L.AlienWare ) / ninja [ DDoS + DoS ] \ (multi- ProXY / DarkNet ( HTTP(s) / WebAbuse [ Layer7 ] ) +(extra[Layer3]+d0rKng+eVas(h)iVe(CA- che/ge0) +FngPrinting+ sTAT[RanKiNgs+F0RuMS + WarGameS (P2P/ClAns-RanKings)] Denial of

690 views • 51 slides
Software Vulnerabilities in Programming Languages and Applications A presentation to Ada Europe

Software Vulnerabilities in Programming Languages and Applications A presentation to Ada Europe

Software Vulnerabilities in Programming Languages and Applications A presentation to Ada Europe 2010 Stephen Michell, Maurya Software, Ottawa, Canada Security There are people out there trying to attack every computer that we own. Most

503 views • 48 slides
3 Industrial Communication Networks Automation Overview 3 Industrial Communication Networks 3.1

3 Industrial Communication Networks Automation Overview 3 Industrial Communication Networks 3.1

EPFL, Spring 2017 3 Industrial Communication Networks Automation Overview 3 Industrial Communication Networks 3.1 Field bus principles 3.2 Field bus operation 3.3 Standard field busses 3.4 Industrial wireless communication Industrial

1.26k views • 87 slides

More recommend