efficient interfacing campus lan
play

Efficient Interfacing Campus LAN with NKN RS MANI rsm@nkn.in 2 nd - PowerPoint PPT Presentation

Feb 26, 2024 •17 likes •417 views

Efficient Interfacing Campus LAN with NKN RS MANI rsm@nkn.in 2 nd Annual NKN Workshop 25-Oct-13 # Efficient utilization Come from: Good Campus LAN Speed Segregation of LANs QoS Resilient Access Controls ( L2 and L3)

  1. Efficient Interfacing Campus LAN with NKN RS MANI rsm@nkn.in 2 nd Annual NKN Workshop 25-Oct-13 ‹#›

  2. Efficient utilization Come from: – Good Campus LAN • Speed Segregation of LANs • QoS Resilient • Access Controls ( L2 and L3) • NMS – Good Collaboration ( National / International) – Good Internet Governance Scientists/ Researchers 2 nd Annual NKN Workshop 25-Oct-13 ‹#›

  3. Various Components • Campus network best practice • Different Layers function • Firewall/IPS • AAA/ DHCP/ DNS • Server Farm • Security Best practices IPV4 & IPv6 • VPN Services • Gateway Services 2 nd Annual NKN Workshop 25-Oct-13 ‹#›

  4. Various Components • Campus network best practice • Different Layers function • Firewall/IPS • AAA/ DHCP/ DNS • Server Farm • Security Best practices IPV4 & IPv6 • VPN Services • Gateway Services 2 nd Annual NKN Workshop 25-Oct-13 ‹#›

  5. Typical Campus Network NKN NKN Link 1 LINK 2 Architecture Edge Outer Edge Router Switch Router Firewall Firewall with IPS- Standby with IPS-active core switch DHCP server 3 rd F 2 nd F USERS 1 st F Distribution switch 10G Fibre Gnd F Sever Switch 10G 3 rd F backbone 2 nd F USERS Distribution 1 st F Switch Gnd F CAT 6a / 7 2 nd Annual NKN Workshop 25-Oct-13 ‹#› 1G Fibre

  6. Security Devices • Firewall/IPS integrated Stateful Inspection Firewall • Maximizes network security with clear, deterministic L3/L4 policies • Reputation-based Intrusion Prevention .Identify the source of and block denial of service (DoS), distributed denial of service (DDoS), SYN flood, threat protection up to Layer 7. • Zero-Day Protection with Anomaly Detection • The Adoption and use of IPv6 • Remote Access VPN solution, provide VPN client and clientless access. 2 nd Annual NKN Workshop 25-Oct-13 ‹#›

  7. Some of the Best Practices Campus Security • Switch should support Dynamic port security, DHCP Dynamic ARP inspection, IP source guard • Use SSH to access devices instead of Telnet • Enable AAA and roles-based access control (RADIUS/TACACS+) for the CLI on all devices • Enable SYSLOG to a server. Collect and archive log • When using SNMP use SNMPv3 • Configure access-lists to limit who all can access management and CLI services • Enable control plane protocol authentication where it is available 2 nd Annual NKN Workshop 25-Oct-13 ‹#› •

  8. Layer 2 Snoop Attack 00:0e:00:aa:aa:aa 00:0e:00:bb:bb:bb Only Three MAC Addresses Allowed on the Port: Shutdown 400,000 Bogus MACs per Second Solution: Problem: Port Security Limits MAC Flooding Attack and Locks Down Port and Sends an SNMP Trap Flood Switch CAM Tables with Bogus Macs; Turning the VLAN into a Hub and Eliminating Privacy 2 nd Annual NKN Workshop 25-Oct-13 ‹#›

  9. DHCP Snooping 1 DHCP Server 1000s of DHCP Requests to Overrun the 2 DHCP Server • DHCP requests (discover) and responses (offer) tracked • Rate-limit requests on trusted interfaces; limits DoS attacks on DHCP server • Deny responses (offers) on non trusted interfaces; stop malicious or errant DHCP server 2 nd Annual NKN Workshop 25-Oct-13 ‹#›

  10. AAA server Strengthens Supports Increases Security Compliance Efficiency Enables corporate Enforce consistent Reduces IT overhead governance through security policy, through centralized consistent access ensure endpoint identity management policy for all users health, deliver a and integrated policy and devices secure network enforcement fabric 2 nd Annual NKN Workshop 25-Oct-13 ‹#›

  11. Multi-Homing • Basic requirement – IP numbers to be owned ( V4 or V6) – ASN number ( 16 Bit or 32 Bit) – Service Providers capable of doing BGP – Router Capable BGP and Holding the routes – Trained Manpower 2 nd Annual NKN Workshop 25-Oct-13 ‹#›

  12. 2 nd Annual NKN Workshop 25-Oct-13 ‹#›

  13. What is an MPLS-VPN? • An IP network infrastructure delivering private network services over a public infrastructure – Use a layer 3 backbone – Scalability, easy provisioning – Global as well as non-unique private address space – QoS – Controlled access – Easy configuration 2 nd Annual NKN Workshop 25-Oct-13 ‹#›

  14. 2 nd Annual NKN Workshop 25-Oct-13 ‹#›

  15. NKN MPLS for CUG LAN of #2 State Each Sub-Interface Router associated with different VPN DC v Cloud Institute #2 NKN VLAN1-VPN Green VLAN2-Blue BACKBONE LAN of #1 VLAN3-Red State TN Contents of RED Institute #1 v VLAN1-VPN Green Contents of Blue VLAN2-Blue Contents of VPN Green Video/ Audio v Multi-VRF Intra-vpn 802.1Q Internet 2 nd Annual NKN Workshop 25-Oct-13 ‹#›

  16. Layer 2 Extensions 2 nd Annual NKN Workshop 25-Oct-13 ‹#›

  17. Physics Department Institute # 1 Institute #5 PE PE Router Router Mumbai Virtual Circuits / Pseudo wires PE Router VPLS Network Institute #4 PE Institute # 2 Router Indore Institute # 3 Physics Dept 2 nd Annual NKN Workshop 25-Oct-13 ‹#›

  18. End to End QoS #2 #3 VC Equipment #4 #8 #9 #5 #7 VC Equipment #6 #10 #11 VC Equipment 2 nd Annual NKN Workshop 25-Oct-13 ‹#›

  19. Inter Service Provider QoS A B B A D C D C E MPLS VPNs The Internet • Many QoS-enabled islands • Richly interconnected providers • No interprovider QoS • No QoS B A D E C Goal: richly connected AND QoS-enabled 2 nd Annual NKN Workshop 25-Oct-13 ‹#›

  20. Defense Depth and Breadth Security Network Operations Edge Center (NOC) Transit  Interface ACLs X AS2  Unicast RPF  Flexible packet AS1 Internet matching  IP option filtering  Marking/rate-limiting  Receive ACLs AS3  Routing techniques  CoPP NKN Core  eBGP techniques  ICMP techniques Transit Network  ICMP techniques  QoS techniques  Routing techniques  Disable unused X Enterprise services Remote Access Network  Protocol specific Systems X filters Core  Password security Internet X  SNMP security  Remote terminal access security X Internal Assets,  System banners Servers  AAA Edge E-mail,  Network telemetry Web Servers 2 nd Annual NKN Workshop 25-Oct-13 ‹#›  Secure file systems

  21. Using Strict Mode uRPF to Battle BOTNETs BGP Trigger Community Target – SRTBH on NKN ISP Partner Edge ISP ISP ISP uRPF Strict On NKN NOC Partner NKN Backbone Edge Access Access Access Access Access POP POP POP POP POP NKN Partner NKN Partner NKN Partner NKN Partner NKN Partner NKN Partner NKN Partner NKN Partner NKN Partner NKN Partner NKN Partner 2 nd Annual NKN Workshop 25-Oct-13 ‹#›

  22. Utilization of Few Members INSTITUTE-1 INSTITUTE-2 2 nd Annual NKN Workshop 25-Oct-13 ‹#›

  23. INSTITUTE-3 INSTITUTE-4 2 nd Annual NKN Workshop 25-Oct-13 ‹#›

  24. High Packet Per Sec DoS ATTACK 2 nd Annual NKN Workshop 25-Oct-13 ‹#›

  25. HIGH BANDWIDTH DoS ATTACK 2 nd Annual NKN Workshop 25-Oct-13 ‹#›

  26. Address Overload Crisis 2 nd Annual NKN Workshop 25-Oct-13 ‹#›

  27. Government’s Role  Understand the Countries requirement  Understand the Regional needs.  Increase awareness,  Encourage deployment  Create joint programs in the region with similar requirements.  Facilitate the adoption of IPv6  Create Test Beds  Showcase few case studies  Participate in World Forums 2 nd Annual NKN Workshop 25-Oct-13 ‹#›

  28. Transition Plan  Awareness program  Assessment program  Acquire IPv6 numbers  Testing of IPv6  Acceptance Test  Deployment of IPV6 2 nd Annual NKN Workshop 25-Oct-13 ‹#›

  29. IPv6 IPV4 Address IPV6 Address (Present) (Future) Total Addresses = 2 128 = 340 billion, • Total Addresses = 2 32 = 4 billion billion, billion, billion 2 nd Annual NKN Workshop 25-Oct-13 ‹#›

  30. First Hop Security ICMP Type = 134 (RA) Src = link-local address (FE80::2/10) RA Dst = all-nodes multicast address (FF02::1) Data = options, subnet prefix, lifetime, autoconfig flag RA RS ICMP Type = 133 (RS) Src = link-local address (FE80::1/10) Dst = all-routers multicast address (FF02::2) RS Query = please send RA 2 nd Annual NKN Workshop 25-Oct-13 ‹#›

  31. First Hop Security Router (R1) RA1 RA2 RS RS Attacker (R2) Default Router: R1 and R2 RS 2 nd Annual NKN Workshop 25-Oct-13 ‹#›

  32. 6PE – Enabling core with IPv6 2 nd Annual NKN Workshop 25-Oct-13 ‹#›

  33. WATCH OUT ?? Network Infrastructure: Clients : Routers PC’s on the LAN Bandwidth Shapers Server If any Switches Layer2 Proxy/ UTM Layer3 Network Printers Data centre Devices : Display System Load Balancers Antivirus/ HIPS Firewall IPS/IDS Virtual Machines ( VMWARE/ ZEN) Blade management consoles IP KVM 2 nd Annual NKN Workshop 25-Oct-13 ‹#›

  34. WATCH OUT ?? Infrastructure: Software Stacks: Power/Infra management S/W Windows/Linux/Solaris/ AIX UPS management IIS6 & above / Apache 2 & Console above Building Management AAA server System Bind 9.5 & above Access Control System Database ( Transaction Log ) Cameras Logging Server ( Syslog / Digital Video Recorders Special tools like Web trends) Wifi Systems: WIFI controllers 2 nd Annual NKN Workshop 25-Oct-13 ‹#›

  35. Security IPv6 IPv4 Vulnerabilities IPv6 Vulnerabilities Specific IPv6 Issues Specific IPv4 Issues 2 nd Annual NKN Workshop 25-Oct-13 ‹#›

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Microcontroller Interfacing CSE/EE 5/7385 Microcontroller Architecture and Interfacing David

Microcontroller Interfacing CSE/EE 5/7385 Microcontroller Architecture and Interfacing David

Microcontroller Interfacing CSE/EE 5/7385 Microcontroller Architecture and Interfacing David Houngninou Southern Methodist University Table of content 1. Target device: MCBSTM32C 2. References 3. GPIO ports: registers and pins 4. Interfacing

585 views • 31 slides
ROI Campus Forum Making Efficient Use of Department Budgets January 30, 2020 Campus Forums

ROI Campus Forum Making Efficient Use of Department Budgets January 30, 2020 Campus Forums

ROI Campus Forum Making Efficient Use of Department Budgets January 30, 2020 Campus Forums This Spring Jan. 30 Making Efficient Use of Department Budgets Feb. 18 Importance of Enrollment, Retention, & Student Success Mar. 3 UCAs

620 views • 28 slides
SYSC3601 Microprocessor Systems Unit 5: Memory Structures and Interfacing SYSC3601 1

SYSC3601 Microprocessor Systems Unit 5: Memory Structures and Interfacing SYSC3601 1

SYSC3601 Microprocessor Systems Unit 5: Memory Structures and Interfacing SYSC3601 1 Microprocessor Systems Topics/Reading 1. Memory Types 2. Interfacing 8-bit memory/IO (8088) 3. Interfacing 16-bit memory/IO (8086) 4. Interfacing

823 views • 39 slides
CS184c: Computer Architecture [Parallel and Multithreaded] Day 13: May 17 22, 2001 Interfacing

CS184c: Computer Architecture [Parallel and Multithreaded] Day 13: May 17 22, 2001 Interfacing

CS184c: Computer Architecture [Parallel and Multithreaded] Day 13: May 17 22, 2001 Interfacing Heterogeneous Computational Blocks CALTECH cs184c Spring2001 -- DeHon Previously Interfacing Array logic with Processors ease

333 views • 19 slides
Chapter 3 Interfacing to a microprocessor ECE 3120 Dr. Mohamed Mahmoud

Chapter 3 Interfacing to a microprocessor ECE 3120 Dr. Mohamed Mahmoud

Chapter 3 Interfacing to a microprocessor ECE 3120 Dr. Mohamed Mahmoud http://iweb.tntech.edu/mmahmoud/ mmahmoud@tntech.edu Outline 3 .1 Basic Concepts of Parallel I / O Ports 3.2 Interfacing with Simple I/ O Devices 3.3 Advanced

1.02k views • 78 slides
of your campus John Smith March 06, 2016 LED lighting Energy efficient Long life

of your campus John Smith March 06, 2016 LED lighting Energy efficient Long life

Are LED lights in the future of your campus John Smith March 06, 2016 LED lighting Energy efficient Long life Effective Illumination Cold environments Small size LumiLEDs Luxeon Emitter Easily controlled Instant on

469 views • 23 slides
open EMS What is openEMS? Interfacing Tools Status & Outlook Outline What is openEMS? 1

open EMS What is openEMS? Interfacing Tools Status & Outlook Outline What is openEMS? 1

openEMS - An Introduction and Overview Using an EM field solver to design antennas and PCBs Thorsten Liebig FOSDEM19 03.02.2019 open EMS What is openEMS? Interfacing Tools Status & Outlook Outline What is openEMS? 1 Interfacing

325 views • 19 slides
MyEvents Quick and efficient reimbursement process MyEvents is the result of campus demand

MyEvents Quick and efficient reimbursement process MyEvents is the result of campus demand

MyEvents Quick and efficient reimbursement process MyEvents is the result of campus demand and a collaborative effort by the Entertainment Tiger Team, ACT, and the UCSD Travel Team. MyEvents is a new application that replaces Payment

295 views • 12 slides
Campus LAN at NKN Member Institutions RS MANI rsm@nkn.in 3 rd Annual workshop 1/7/2015 1

Campus LAN at NKN Member Institutions RS MANI rsm@nkn.in 3 rd Annual workshop 1/7/2015 1

Campus LAN at NKN Member Institutions RS MANI rsm@nkn.in 3 rd Annual workshop 1/7/2015 1 Efficient utilization Come from: Good Campus LAN Speed Segregation of LANs QoS Resilient Access Controls ( L2 and L3) NMS

513 views • 28 slides
Interfacing Peripherals Instructor: Dmitri A. Gusev Fall 2007 CS 502: Computers and

Interfacing Peripherals Instructor: Dmitri A. Gusev Fall 2007 CS 502: Computers and

Interfacing Peripherals Instructor: Dmitri A. Gusev Fall 2007 CS 502: Computers and Communications Technology Lecture 12, October 15, 2007 Interfacing Processors and Peripherals I/O Design affected by many factors (expandability,

577 views • 24 slides
Interfacing with the Numerical Homotopy Algorithms in PHCpack Anton Leykin and Jan Verschelde

Interfacing with the Numerical Homotopy Algorithms in PHCpack Anton Leykin and Jan Verschelde

PHCmaple PHCpack and C Interfacing with the Numerical Homotopy Algorithms in PHCpack Anton Leykin and Jan Verschelde Institute of Mathematics and its Applications, Minneapolis, USA ICMS 2006, Castro Urdiales Anton Leykin Interfacing with the

464 views • 9 slides
Pecan Campus Technology Campus Starr County Mid Valley Nursing & Allied Campus Campus

Pecan Campus Technology Campus Starr County Mid Valley Nursing & Allied Campus Campus

Pecan Campus Technology Campus Starr County Mid Valley Nursing & Allied Campus Campus Health Campus STC is One of Three Community Colleges in Texas Accredited to Offer Applied Bachelor Degrees Technology Management Computer and

391 views • 23 slides
Tackling Climate Change Through Laundry Encouraging Energy Efficient Laundry Habits Campus Wide

Tackling Climate Change Through Laundry Encouraging Energy Efficient Laundry Habits Campus Wide

Tackling Climate Change Through Laundry Encouraging Energy Efficient Laundry Habits Campus Wide Hailey Kennedy and Dj Thomas Energy Consumption The Alliance to Save Energy says that as much as 90% of the energy consumed by washing

395 views • 15 slides
Cython: Interfacing Python with C Jrgen Hgberget, FV309 Department of Fabulous Physics

Cython: Interfacing Python with C Jrgen Hgberget, FV309 Department of Fabulous Physics

Cython: Interfacing Python with C Jrgen Hgberget, FV309 Department of Fabulous Physics University of Oslo, N-0316 Oslo, Norway Computational Physics Computational Physics Cython: Interfacing Python with C Interfacing? Cython?

448 views • 16 slides
Work Item C: NOC tools, Work Item C: NOC tools, interworking/interfacing issues, and

Work Item C: NOC tools, Work Item C: NOC tools, interworking/interfacing issues, and

Work Item C: NOC tools, Work Item C: NOC tools, interworking/interfacing issues, and interworking/interfacing issues, and automation automation Maria Isabel Ganda Carriedo Communications Area, Systems & Networks Department, CESCA

653 views • 26 slides
Introduction to SAT and SMT Solvers Interfacing Yosys and SMT Solvers for BMC and more using

Introduction to SAT and SMT Solvers Interfacing Yosys and SMT Solvers for BMC and more using

Introduction to SAT and SMT Solvers Interfacing Yosys and SMT Solvers for BMC and more using SMT-LIB 2.5 Clifford Wolf 1 Abstract Bounded model checking and other SAT-based formal methods are an important part of todays digital design

773 views • 52 slides
Cable & Wireless Communications Plc Caribbean Investor Briefing 1 July 2011 Disclaimer This

Cable & Wireless Communications Plc Caribbean Investor Briefing 1 July 2011 Disclaimer This

Cable & Wireless Communications Plc Caribbean Investor Briefing 1 July 2011 Disclaimer This presentation contains forward-looking statements that are based on current expectations or beliefs, as well as assumptions about future events.

916 views • 69 slides
POSITIVE ENGAGEMENT OF INMATES POSITIVE ENGAGEMENT OF INMATES IN PRISONS DEPARTMENT OF PRISONS

POSITIVE ENGAGEMENT OF INMATES POSITIVE ENGAGEMENT OF INMATES IN PRISONS DEPARTMENT OF PRISONS

POSITIVE ENGAGEMENT OF INMATES POSITIVE ENGAGEMENT OF INMATES IN PRISONS DEPARTMENT OF PRISONS AND CORRECTIONAL SERVICES, KARNATAKA STATE CRIMINAL JUSTICE SYSTEM CRIMINAL JUSTICE SYSTEM Prisons Prisons Court Court Police Police

572 views • 31 slides
By: Sh. R. K. Bahuguna, CMD Agenda Introduction Infrastructure & Services

By: Sh. R. K. Bahuguna, CMD Agenda Introduction Infrastructure & Services

RailTel Presentation By: Sh. R. K. Bahuguna, CMD Agenda Introduction Infrastructure & Services National Projects Infrastructure Augmentation New Projects & Services Introduction RailTel is a leading Telecom

893 views • 26 slides
2017 Business Plan and Strategy Renewable Energy Association of Nigeria About Us An

2017 Business Plan and Strategy Renewable Energy Association of Nigeria About Us An

2017 Business Plan and Strategy Renewable Energy Association of Nigeria About Us An Umbrella for the other associations of renewable energy sector in Nigeria . Providing a unified platform for all Renewable Energy Companies,

549 views • 37 slides
**xzqi&8 dk izLrqfrdj. j.k** k** PAC in year 2020 xqzi&8 1& Jh c`tHkwk.k iqfyl

**xzqi&8 dk izLrqfrdj. j.k** k** PAC in year 2020 xqzi&8 1& Jh c`tHkwk.k iqfyl

**xzqi&8 dk izLrqfrdj. j.k** k** PAC in year 2020 xqzi&8 1& Jh c`tHkwk.k iqfyl egkfujh{kh ih,lh ifpeh tksu eqjknkckn v/;{k 2& Jh d`.k eksgu lsukuk;d prqFkZ okfguh ih,lh bykgkckn lnL; 3& Jh izse xkSre]

593 views • 18 slides
T l Telecommunications i ti Usage Patterns and Usage Patterns and Satisfaction in Lebanon 3

T l Telecommunications i ti Usage Patterns and Usage Patterns and Satisfaction in Lebanon 3

T l Telecommunications i ti Usage Patterns and Usage Patterns and Satisfaction in Lebanon 3 December, 2008 Click to edit Master title style Click to edit Master title style Outline Outline Objective and Scope of the Project Key

208 views • 19 slides
Ionospheric disturbances disturbances Ionospheric Ionospheric disturbances possibly associated

Ionospheric disturbances disturbances Ionospheric Ionospheric disturbances possibly associated

Ionospheric disturbances disturbances Ionospheric Ionospheric disturbances possibly associated with possibly associated with possibly associated with Large Earthquakes Large Earthquakes Large Earthquakes - temporal and spatial analysis

1.49k views • 110 slides
Gujarat National Law University Conference on Indias Foreign Relations - Southeast Asia and

Gujarat National Law University Conference on Indias Foreign Relations - Southeast Asia and

Gujarat National Law University Conference on Indias Foreign Relations - Southeast Asia and the Indian Ocean: Strengthening the Political, Economic, Security and Cultural Prospects 12-13 September 2014 No. Name Title of Paper

85 views • 5 slides

More recommend