DOCSLIB.ORG

Malicious Traffic Detection in Local Networks with Snort

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Malicious Traffic Detection in Local Networks with Snort Malicious Traffic Detection in Local Networks with Snort Lo¨ıcEtienne / EPFL - SSC Abstract personal computers. CERN hosts many conferences, and many students from universities all around the world. Snort is an open source Network Intrusion Detection System With scientists representing more than 80 countries, combining the benefits of signature, protocol and anomaly network and web traffic span across the whole Internet. based inspection and is considered to be the most widely de- The CERN Public Network is liberal, and there are ployed IDS/IPS technology worldwide. However, Snort's de- few restrictions on the network usage. The network is ployment in a large corporate network poses different prob- heterogenous, and contains mainly Windows (XP, Vista, lems in terms of performance or rule selection. This pa- 2000, Seven), Linux (Scientific Linux CERN, Ubuntu, per proposes different improvements to the Snort Security Debian, Redhat), and Mac OS (9, 10.4, 10.5) computers, Platform: the use of another library is proposed to signifi- but also hosts more exotic devices such as tablet PCs, cantly improve the amount of traffic that can be analyzed, mobile phones, and other various devices. As all the de- and Snort's multithreading possibilities are explored. A new vices are registered, the CERN public network provides rule classification has been devised, and rulesets suited to an easy way to interact and cross-check data with the large corporate networks are proposed. The use of Oinkmas- corresponding users. ter has been tested and documented to seamlessly update Table 1 shows a typical distribution of network traffic Snort's rules. on a sample of 1.5 million packets. This table provides interesting results, because they significantly differ from what could be found in a typical enterprise, where most 1 Introduction people have never heard the term of SSH for example. This paper will explore how Snort, an open source Net- #Protocol % of traffic TCP 93 % work Intrusion Detection System, can be used to secure UDP 6 % and monitor such a very large corporate network. Other 1 % SSH 26 % This thesis will start by a brief tour of horizon of net- HTTP 12 % work security in Chapters 3 and 4; Chapters 5 and 6 will SSL 2 % X11 1 % present Snort's functionalities and rule system. It will SMTP < 1 % show that Snort's default classification is inadequate for Other 59 % large network rule selection. Chapter 7 will present findings concerning commonly Tab. 1: Protocol breakdown of traffic sample available rules, starting with rules related to CERN poli- cies. A solution to improve Emule detection when Skype is present is proposed. Rules that significantly improve The IDS typically sees 600Mbits/s on average, and the detection of infected and compromized devices at more than 1Gbit/s during peak hours. CERN are also proposed. With such a broad variety of devices, origins, and Chapter 8 will introduce a tool to handle rule up- amount of traffic, this network offers a perfect frame- dates, and Chapter 9 will suggest possible performance work for IDS tuning. Clearly, naive approaches such as improvements to the Snort platform. blocking all non-http traffic would be unacceptable in this context. 2 About CERN 3 Network Traffic Analysis as Part of an 2.1 CERN IDS System CERN, the European Organization for Nuclear Research, 3.1 IDS is the largest particle physics laboratory in the world. Commonly referred to as the birthplace of the world- An Intrusion Detection System (or IDS) is composed of wide web, it currently hosts scientists from some 580 in- software and/or hardware designed to detect unwanted stitutes and counts 20 European member states. attempts of accessing, manipulating, and/or disabling of CERN's missions are Research, Technology, Collabo- computer systems. An IDS is used to detect several types ration, and Education [1]. of malicious behaviors that can compromize the security and trust of a computers system. These threats are vari- 2.2 CERN Public Network ous, and include network attacks against vulnerable ser- vices, data driven attacks on applications, host based at- The CERN Public Network offers a great playground for tacks such as privilege escalation, unauthorized accesses, any IDS system. or malware (viruses, worms) [2]. CERN hosts more than 10'000 visitors each year, most of whom bring their own, unmanaged and/or unpatched, 1 4 State of the Art - From Raw Packet Capture to Advanced Detection Mechanisms 2 Terminology • Source & Destination IPs: Provide the source and destination addresses of every packet. False positive: A false positive is defined by an incorrect result of a test which erroneously detects something • Protocol: The transport protocol. Typically TCP when in fact it is not present. In an IDS, it typically or UDP. consists in detecting a network threat which is in • Source & Destination Ports: Complete the source fact non-existent. and destination addresses. Intrusion: Any set of actions that compromise the in- • Size: The size of the packets. tegrity, confidentiality or availability of a resource. • Flags: Whether the packet has some flag bits set. Attack: An attempt to bypass security controls on a These could be: urgent, SYN, ACK, FIN, ... computer. May precede an intrusion. • Payload: The data itself, that will be delivered to Signature: Network traffic is examined for preconfig- the application running on destination address and ured and predetermined patterns known as signa- port. tures. Many attacks or threats today have dis- tinct signatures. Good security practice requires a Each of these features can provide valuable informa- database of known signatures to be constantly up- tion for a NIDS. Today, many corporate switches can dated to mitigate emerging threats. export raw data, NetFlow, sFlow or similar data. Net- Flow data contains Source and Destination IP and port, Alert: Event generated when a signature matches traffic and the amount of traffic transferred per flow. activity. On a higher level, it is also possible to analyze the payload of every packet. However this requires a full Noise: Amount of unneeded, unwanted, or false-positive understanding of the protocols by the analyzer, as well alerts; masking or reducing the number of real alerts. as a full access to the traffic, which is not easily scalable. Structure of an IDS An IDS is typically composed of NetFlow is an embedded instrumentation within Cisco three main parts: a sensor, an engine, and a console. IOS Software to characterize network operation. It gives The sensor's main task is to analyze all the data ac- the administrators the tools to understand who, what, cording to some configuration data, and create events when, where, and how network traffic is flowing. accordingly. The engine records events logged by the Data is collected directly by switches, and can be ex- sensors in a database, and uses a system of rules to gen- ported to a reporting server. A flow is a n-tuple1, usually erate alerts from security events received. The console identified by the source and destination IPs and ports, monitors events and alerts, and allows to interact with the protocol, and the unilateral number of bytes trans- the latter. ferred. In many cases, the three components are combined in a This data can then be aggregated and analyzed to de- simple device or appliance. A more detailed explanation tect unwanted or malicious behavior. One could, for of the components can be found in [3]. example, count the number of SMTP servers (destina- tion port 25), the number of peers, or the number of SSH servers contacted by any host to detect misbehav- Different Types of IDS There are two main types of ing hosts (sending spam mail, using P2P, or doing ssh IDS working at different points in the infrastructure: scans). Network IDS (NIDS): The NIDS scans all network traf- A worm detection system based on netflow data is pro- fic that is fed to it. The NIDS typically functions in posed in [5]. the same way as an antivirus software: every single packet is scanned for patterns which may indicate a High Level Analysis With this technique, the payload problem. of every single packet is inspected. This requires much more resources than NetFlow based inspection tech- Host-based IDS (HIDS): HIDS are typically installed on niques, as all packets have to be opened up to the 7th every host. HIDS are more platform specific, and are layer of the OSI model to be analyzed. However, this focused on the target computer. HIDS can capture is obviously much more useful, as it can detect proto- all the traffic generated by a host, which a NIDS cols running on any ports, as well as any byte pattern typically cannot do in a switched network. HIDS regardless of the underlying protocol. are not necessarily traffic based, but also look at the system's state. Snort is an open source NIDS software [6]. Combining the benefits of signature, protocol and anomaly based 4 State of the Art - From Raw Packet inspection Snort is the most widely deployed IDS/IPS Capture to Advanced Detection technology worldwide. It is able to perform \high level analysis" on all the traffic flowing through its sensor. Mechanisms Snort is available in two different version: Snort itself, and the Snort Security Platform (Snort SP). Snort SP Network Traffic Analysis can be performed in many is an extension of Snort, using the same engine, but al- different ways. Here is a list of the features that charac- lowing much more options, such as multithreading, an terizes network traffic. Each of these features is part of the OSI model [4]. 1 n depending on the version 5 Snort in a Large Corporate Network 3 interactive shell, and performance improvements.
Load more

Recommended publications
  • Qos: NBAR Protocol Library, Cisco IOS XE Release 3.8S
    QoS: NBAR Protocol Library, Cisco IOS XE Release 3.8S Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 C O N T E N T S 3COM-AMP3 through AYIYA-IPV6-TUNNELED 34 3COM-AMP3 35 3COM-TSMUX 36 3PC 37 9PFS 38 914C G 39 ACAP 40 ACAS 40 ACCESSBUILDER 41 ACCESSNETWORK 42 ACP 43 ACR-NEMA 44 ACTIVE-DIRECTORY 45 ACTIVESYNC 45 ADOBE-CONNECT 46 AED-512 47 AFPOVERTCP 48 AGENTX 49 ALPES 50 AMINET 50 AN 51 ANET 52 ANSANOTIFY 53 ANSATRADER 54 ANY-HOST-INTERNAL 54 AODV 55 AOL-MESSENGER 56 AOL-MESSENGER-AUDIO 57 AOL-MESSENGER-FT 58 QoS: NBAR Protocol Library, Cisco IOS XE Release 3.8S ii Contents AOL-MESSENGER-VIDEO 58 AOL-PROTOCOL 59 APC-POWERCHUTE 60 APERTUS-LDP 61 APPLEJUICE 62 APPLEQTC 63 APPLEQTCSRVR 63 APPLIX 64 ARCISDMS 65 ARGUS 66 ARIEL1 67 ARIEL2 67 ARIEL3 68 ARIS 69 ARNS 70 ARUBA-PAPI 71 ASA 71 ASA-APPL-PROTO 72 ASIPREGISTRY 73 ASIP-WEBADMIN 74 AS-SERVERMAP 75 AT-3 76 AT-5 76 AT-7 77 AT-8 78 AT-ECHO 79 AT-NBP 80 AT-RTMP 80 AT-ZIS 81 AUDIO-OVER-HTTP 82 AUDIT 83 AUDITD 84 AURORA-CMGR 85 AURP 85 AUTH 86 QoS: NBAR Protocol Library, Cisco IOS XE Release 3.8S iii Contents AVIAN 87 AVOCENT 88 AX25 89 AYIYA-IPV6-TUNNELED 89 BABELGUM through BR-SAT-MON 92 BABELGUM 93 BACNET 93 BAIDU-MOVIE 94 BANYAN-RPC 95 BANYAN-VIP 96 BB 97 BBNRCCMON 98 BDP 98 BFTP 99 BGMP 100 BGP 101 BGS-NSI 102 BHEVENT 103 BHFHS 103 BHMDS 104 BINARY-OVER-HTTP 105 BITTORRENT 106 BL-IDM 107 BLIZWOW 107 BLOGGER 108 BMPP 109 BNA 110 BNET 111 BORLAND-DSJ 112 BR-SAT-MON 112
    [Show full text]
  • Simulacijski Alati I Njihova Ograničenja Pri Analizi I Unapređenju Rada Mreža Istovrsnih Entiteta
    SVEUČILIŠTE U ZAGREBU FAKULTET ORGANIZACIJE I INFORMATIKE VARAŽDIN Tedo Vrbanec SIMULACIJSKI ALATI I NJIHOVA OGRANIČENJA PRI ANALIZI I UNAPREĐENJU RADA MREŽA ISTOVRSNIH ENTITETA MAGISTARSKI RAD Varaždin, 2010. PODACI O MAGISTARSKOM RADU I. AUTOR Ime i prezime Tedo Vrbanec Datum i mjesto rođenja 7. travanj 1969., Čakovec Naziv fakulteta i datum diplomiranja Fakultet organizacije i informatike, 10. listopad 2001. Sadašnje zaposlenje Učiteljski fakultet Zagreb – Odsjek u Čakovcu II. MAGISTARSKI RAD Simulacijski alati i njihova ograničenja pri analizi i Naslov unapređenju rada mreža istovrsnih entiteta Broj stranica, slika, tablica, priloga, XIV + 181 + XXXVIII stranica, 53 slike, 18 tablica, 3 bibliografskih podataka priloga, 288 bibliografskih podataka Znanstveno područje, smjer i disciplina iz koje Područje: Informacijske znanosti je postignut akademski stupanj Smjer: Informacijski sustavi Mentor Prof. dr. sc. Željko Hutinski Sumentor Prof. dr. sc. Vesna Dušak Fakultet na kojem je rad obranjen Fakultet organizacije i informatike Varaždin Oznaka i redni broj rada III. OCJENA I OBRANA Datum prihvaćanja teme od Znanstveno- 17. lipanj 2008. nastavnog vijeća Datum predaje rada 9. travanj 2010. Datum sjednice ZNV-a na kojoj je prihvaćena 18. svibanj 2010. pozitivna ocjena rada Prof. dr. sc. Neven Vrček, predsjednik Sastav Povjerenstva koje je rad ocijenilo Prof. dr. sc. Željko Hutinski, mentor Prof. dr. sc. Vesna Dušak, sumentor Datum obrane rada 1. lipanj 2010. Prof. dr. sc. Neven Vrček, predsjednik Sastav Povjerenstva pred kojim je rad obranjen Prof. dr. sc. Željko Hutinski, mentor Prof. dr. sc. Vesna Dušak, sumentor Datum promocije SVEUČILIŠTE U ZAGREBU FAKULTET ORGANIZACIJE I INFORMATIKE VARAŽDIN POSLIJEDIPLOMSKI ZNANSTVENI STUDIJ INFORMACIJSKIH ZNANOSTI SMJER STUDIJA: INFORMACIJSKI SUSTAVI Tedo Vrbanec Broj indeksa: P-802/2001 SIMULACIJSKI ALATI I NJIHOVA OGRANIČENJA PRI ANALIZI I UNAPREĐENJU RADA MREŽA ISTOVRSNIH ENTITETA MAGISTARSKI RAD Mentor: Prof.
    [Show full text]
  • Synology NAS User's Guide Based on DSM 4.3
    Synology NAS User's Guide Based on DSM 4.3 Document ID Syno_UsersGuide_NAS_20130906 Table of Contents Chapter 1: Introduction Chapter 2: Get Started with Synology DiskStation Manager Install Synology NAS and DSM ............................................................................................................................................. 8 Log into Synology DiskStation Manager .............................................................................................................................. 8 DiskStation Manager Appearance ........................................................................................................................................ 9 Manage DSM with the Main Menu ..................................................................................................................................... 11 Manage Personal Options ................................................................................................................................................... 12 Chapter 3: Modify System Settings Change DSM Settings .......................................................................................................................................................... 14 Change Network Settings .................................................................................................................................................... 16 Modify Regional Options .....................................................................................................................................................
    [Show full text]
  • NBAR2 Standard Protocol Pack 1.0
    NBAR2 Standard Protocol Pack 1.0 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 © 2013 Cisco Systems, Inc. All rights reserved. CONTENTS CHAPTER 1 Release Notes for NBAR2 Standard Protocol Pack 1.0 1 CHAPTER 2 BGP 3 BITTORRENT 6 CITRIX 7 DHCP 8 DIRECTCONNECT 9 DNS 10 EDONKEY 11 EGP 12 EIGRP 13 EXCHANGE 14 FASTTRACK 15 FINGER 16 FTP 17 GNUTELLA 18 GOPHER 19 GRE 20 H323 21 HTTP 22 ICMP 23 IMAP 24 IPINIP 25 IPV6-ICMP 26 IRC 27 KAZAA2 28 KERBEROS 29 L2TP 30 NBAR2 Standard Protocol Pack 1.0 iii Contents LDAP 31 MGCP 32 NETBIOS 33 NETSHOW 34 NFS 35 NNTP 36 NOTES 37 NTP 38 OSPF 39 POP3 40 PPTP 41 PRINTER 42 RIP 43 RTCP 44 RTP 45 RTSP 46 SAP 47 SECURE-FTP 48 SECURE-HTTP 49 SECURE-IMAP 50 SECURE-IRC 51 SECURE-LDAP 52 SECURE-NNTP 53 SECURE-POP3 54 SECURE-TELNET 55 SIP 56 SKINNY 57 SKYPE 58 SMTP 59 SNMP 60 SOCKS 61 SQLNET 62 SQLSERVER 63 SSH 64 STREAMWORK 65 NBAR2 Standard Protocol Pack 1.0 iv Contents SUNRPC 66 SYSLOG 67 TELNET 68 TFTP 69 VDOLIVE 70 WINMX 71 NBAR2 Standard Protocol Pack 1.0 v Contents NBAR2 Standard Protocol Pack 1.0 vi CHAPTER 1 Release Notes for NBAR2 Standard Protocol Pack 1.0 NBAR2 Standard Protocol Pack Overview The Network Based Application Recognition (NBAR2) Standard Protocol Pack 1.0 is provided as the base protocol pack with an unlicensed Cisco image on a device.
    [Show full text]
  • Hash Collision Attack Vectors on the Ed2k P2P Network
    Hash Collision Attack Vectors on the eD2k P2P Network Uzi Tuvian Lital Porat Interdisciplinary Center Herzliya E-mail: {tuvian.uzi,porat.lital}[at]idc.ac.il Abstract generate colliding executables – two different executables which share the same hash value. In this paper we discuss the implications of MD4 In this paper we present attack vectors which use collision attacks on the integrity of the eD2k P2P such colliding executables into an elaborate attacks on network. Using such attacks it is possible to generate users of the eD2k network which uses the MD4 hash two different files which share the same MD4 hash algorithm in its generation of unique file identifiers. value and therefore the same signature in the eD2k By voiding the 'uniqueness' of the identifiers, the network. Leveraging this vulnerability enables a attacks enable selective distribution – distributing a covert attack in which a selected subset of the hosts specially generated harmless file as a decoy to garner receive malicious versions of a file while the rest of the popularity among hosts in the network, and then network receives a harmless one. leveraging this popularity to send malicious We cover the trust relations that can be voided as a executables to a specific sub-group. Unlike consequence of this attack and describe a utility conventional distribution of files over P2P networks, developed by the authors that can be used for a rapid the attacks described give the attacker relatively high deployment of this technique. Additionally, we present control of the targets of the attack, and even lets the novel attack vectors that arise from this vulnerability, attacker terminate the distribution of the malicious and suggest modifications to the protocol that can executable at any given stage.
    [Show full text]
  • List of TCP and UDP Port Numbers from Wikipedia, the Free Encyclopedia
    List of TCP and UDP port numbers From Wikipedia, the free encyclopedia This is a list of Internet socket port numbers used by protocols of the transport layer of the Internet Protocol Suite for the establishment of host-to-host connectivity. Originally, port numbers were used by the Network Control Program (NCP) in the ARPANET for which two ports were required for half- duplex transmission. Later, the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP) needed only one port for full- duplex, bidirectional traffic. The even-numbered ports were not used, and this resulted in some even numbers in the well-known port number /etc/services, a service name range being unassigned. The Stream Control Transmission Protocol database file on Unix-like operating (SCTP) and the Datagram Congestion Control Protocol (DCCP) also systems.[1][2][3][4] use port numbers. They usually use port numbers that match the services of the corresponding TCP or UDP implementation, if they exist. The Internet Assigned Numbers Authority (IANA) is responsible for maintaining the official assignments of port numbers for specific uses.[5] However, many unofficial uses of both well-known and registered port numbers occur in practice. Contents 1 Table legend 2 Well-known ports 3 Registered ports 4 Dynamic, private or ephemeral ports 5 See also 6 References 7 External links Table legend Official: Port is registered with IANA for the application.[5] Unofficial: Port is not registered with IANA for the application. Multiple use: Multiple applications are known to use this port. Well-known ports The port numbers in the range from 0 to 1023 are the well-known ports or system ports.[6] They are used by system processes that provide widely used types of network services.
    [Show full text]
  • Hacking for Dummies.Pdf
    01 55784X FM.qxd 3/29/04 4:16 PM Page i Hacking FOR DUMmIES‰ by Kevin Beaver Foreword by Stuart McClure 01 55784X FM.qxd 3/29/04 4:16 PM Page v 01 55784X FM.qxd 3/29/04 4:16 PM Page i Hacking FOR DUMmIES‰ by Kevin Beaver Foreword by Stuart McClure 01 55784X FM.qxd 3/29/04 4:16 PM Page ii Hacking For Dummies® Published by Wiley Publishing, Inc. 111 River Street Hoboken, NJ 07030-5774 Copyright © 2004 by Wiley Publishing, Inc., Indianapolis, Indiana Published by Wiley Publishing, Inc., Indianapolis, Indiana Published simultaneously in Canada No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permis- sion of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4447, e-mail: permcoordinator@ wiley.com. Trademarks: Wiley, the Wiley Publishing logo, For Dummies, the Dummies Man logo, A Reference for the Rest of Us!, The Dummies Way, Dummies Daily, The Fun and Easy Way, Dummies.com, and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc.
    [Show full text]
  • Broadcasters and the Broadcasters and the Internet
    Broadcasters and the Broadcasters and the Internet Internet EBU Members’ Internet Presence Distribution Strategies Online Consumption Trends Social Networking and Video Sharing Communities November 2007 European Broadcasting Union Strategic Information Service (SIS) L’Ancienne-Route 17A CH-1218 Grand-Saconnex Switzerland Phone +41 (0) 22 717 21 11 Fax +41 (0)22 747 40 00 www.ebu.ch/sis European Broadcasting Union l Strategic Information Service Broadcasters and the Internet EBU Members' Internet Presence Distribution Strategies Online Consumption Trends Social Networking and Video Sharing Communities November 2007 The Report Staff This report was produced by the Strategic Information Service of the EBU. Editor: Alexander Shulzycki Production Editor: Anna-Sara Stalvik Principal Researcher: Anna-Sara Stalvik Special appreciation to: Danish Radio and Television (DR) Swedish Television (SVT) Swedish Radio (SR) Cover Design: Philippe Juttens European Broadcasting Union Telephone: +41 22 717 2111 Address: L'Ancienne-Route 17A, 1218 Geneva, Switzerland SIS web-site: www.ebu.ch/director_general/sis.php SIS contact e-mail: [email protected] BROADCASTERS AND THE INTERNET TABLE OF CONTENTS INTRODUCTION.............................................................................................................. 1 OVERVIEW .............................................................................................................................1 1. The general Internet landscape: usage, websites, advertising ............................................
    [Show full text]
  • The Deep Dark
    THE DEEP DARK WEB Pierluigi Paganini—Richard Amores Published by Paganini Amores at Smashwords Copyright 2012 Paganini–Amores The Deep Dark Web - paganini/amores publishing 212 providence St, West Warwick, RI 02893 - 401-400-2932 ALL RIGHTS RESERVED. This book contains material protected under International and Federal Copyright Laws and Treaties. Any unauthorized reprint or use of this material is prohibited. No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system without express written permission from the author / publisher. The information in this book is distributed on an “As Is and for educational only” basis, without warranty. While every precaution has been taken in the preparation of this work, neither the author nor Paganini-Amores publishing. shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in this book. ISBN: 9781301147106 Publisher – Paganini – Amores For information on book distributors or translations, please contact Publisher Paganini –Amores 212 Providence St Rhode Island 02893 Or Via Dell'Epomeo 180 Parco del Pino Fab.C Sc. A 80126 - Napoli (ITALY) Phone 401-400-2932 – [email protected] deepdarkweb.com – uscyberlabs.com – securityaffairs.co Graphics Designer – Gianni Motta was born in Naples in 1977. He is a creative with over ten years in the field of communication, graphic and web designer. Currently he is in charge for Communication Manager in a cyber security firm.
    [Show full text]
  • ELFIQ APP OPTIMIZER White Paper V1.03 - May 2015 CONTENTS Introduction
    ELFIQ APP OPTIMIZER White Paper V1.03 - May 2015 CONTENTS Introduction ...............................................................................................................................................................................3 Signature-Based Recognition vs. ACL’s ................................................................................................................3 Detection Engine ...................................................................................................................................................................3 Using Groups or Individual Applications .............................................................................................................3 Actions Once an Application is Detected ...........................................................................................................3 Appendix A: Application List ........................................................................................................................................ 4 martellotech.com elfiq.com 2 INTRODUCTION The Elfiq AppOptimizer is designed to give organizations full control over their existing and future bandwidth, guaranteeing key applications such as Citrix XenDesktop or Skype get priority treatment and undesirables such as peer-to-peer file transfers or games are limited or no longer permitted. It is an add-on-module that provides application-layer deep packet inspection (layer 7) classification and control, including Mobile, Social Networking, P2P, Instant Messaging,
    [Show full text]
  • Advanced Rails, O'reilly
    Advanced Rails Other resources from O’Reilly Related titles Ajax on Rails Ruby on Rails: Up and Learning Ruby Running Rails Cookbook™ Ruby Pocket Reference RESTful Web Services Test Driven Ajax (on Rails) oreilly.com oreilly.com is more than a complete catalog of O’Reilly books. You’ll also find links to news, events, articles, weblogs, sample chapters, and code examples. oreillynet.com is the essential portal for developers interested in open and emerging technologies, including new platforms, pro- gramming languages, and operating systems. Conferences O’Reilly brings diverse innovators together to nurture the ideas that spark revolutionary industries. We specialize in document- ing the latest tools and systems, translating the innovator’s knowledge into useful skills for those in the trenches. Visit conferences.oreilly.com for our upcoming events. Safari Bookshelf (safari.oreilly.com) is the premier online refer- ence library for programmers and IT professionals. Conduct searches across more than 1,000 books. Subscribers can zero in on answers to time-critical questions in a matter of seconds. Read the books on your Bookshelf from cover to cover or sim- ply flip to the page you need. Try it today for free. Advanced Rails Brad Ediger Beijing • Cambridge • Farnham • Köln • Paris • Sebastopol • Taipei • Tokyo Advanced Rails by Brad Ediger Copyright © 2008 Brad Ediger. All rights reserved. Printed in the United States of America. Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. O’Reilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (safari.oreilly.com).
    [Show full text]
  • Domain Name System - Wikipedia, the Free Encyclopedia
    Domain Name System - Wikipedia, the free encyclopedia Create account Log in Article Talk Read Edit View history Domain Name System From Wikipedia, the free encyclopedia Main page The ( ) is a hierarchical Domain Name System DNS Internet protocol suite Contents distributed naming system for computers, services, or Application layer Featured content any resource connected to the Internet or a private DHCP · DHCPv6 · DNS · FTP · HTTP · Current events network. It associates various information with domain IMAP · IRC · LDAP · MGCP · NNTP · BGP · Random article names assigned to each of the participating entities. NTP · POP · RPC · RTP · RTSP · RIP · SIP · Donate to Wikipedia Most prominently, it translates easily memorised domain SMTP · SNMP · SOCKS · SSH · Telnet · TLS/SSL · XMPP · (more) · Interaction names to the numerical IP addresses needed for the Transport layer Help purpose of locating computer services and devices TCP · UDP · DCCP · SCTP · RSVP · (more) · About Wikipedia worldwide. By providing a worldwide, distributed Internet layer Community portal keyword-based redirection service, the Domain Name IP(IPv4 · IPv6 · ·ICMP · ICMPv6 · ECN · System is an essential component of the functionality of Recent changes IGMP · IPsec · (more) · the Internet. Contact Wikipedia Link layer An often-used analogy to explain the Domain Name ARP/InARP · NDP · OSPF · Toolbox System is that it serves as the phone book for the Tunnels(L2TP · ·PPP · Print/export Internet by translating human-friendly computer Media access control(Ethernet · DSL · ISDN · FDDI · ·(more) · hostnames into IP addresses. For example, the domain Languages V T E name www.example.com translates to the addresses · · · Afrikaans 192.0.43.10 (IPv4) and 2001:500:88:200::10 (IPv6).
    [Show full text]