DOCSLIB.ORG

Application Adaptive Bandwidth Management Using Real-Time Network Monitoring

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Application Adaptive Bandwidth Management Using Real-Time Network Monitoring East Tennessee State University Digital Commons @ East Tennessee State University Electronic Theses and Dissertations Student Works 8-2003 Application Adaptive Bandwidth Management Using Real-Time Network Monitoring. Amit Grover East Tennessee State University Follow this and additional works at: https://dc.etsu.edu/etd Part of the Computer Sciences Commons Recommended Citation Grover, Amit, "Application Adaptive Bandwidth Management Using Real-Time Network Monitoring." (2003). Electronic Theses and Dissertations. Paper 802. https://dc.etsu.edu/etd/802 This Thesis - Open Access is brought to you for free and open access by the Student Works at Digital Commons @ East Tennessee State University. It has been accepted for inclusion in Electronic Theses and Dissertations by an authorized administrator of Digital Commons @ East Tennessee State University. For more information, please contact [email protected]. Application Adaptive Bandwidth Management Using Real–Time Network Monitoring ________________ A thesis presented to the faculty of the Department of Computer and Information Sciences East Tennessee State University _______________ In partial fulfillment of the requirements for the degree Master of Science in Computer Science ________________ by Amit Grover August 2003 _______________ Dr Neil Thomas, Chair Dr Phillip E. Pfeiffer IV Dr Qing Yuan Keywords: Bandwidth Management, Network, Security, Ports, Intrusion ABSTRACT Application Adaptive Bandwidth Management Using Real–Time Network Monitoring by Amit Grover Application adaptive bandwidth management is a strategy for ensuring secure and reliable network operation in the presence of undesirable applications competing for a network’s crucial bandwidth, covert channels of communication via non-standard traffic on well-known ports, and coordinated Denial of Service attacks. The study undertaken here explored the classification, analysis and management of the network traffic on the basis of ports and protocols used, type of applications, traffic direction and flow rates on the East Tennessee State University’s campus- wide network. Bandwidth measurements over a nine-month period indicated bandwidth abuse of less than 0.0001% of total network bandwidth. The conclusion suggests the use of the defense- in-depth approach in conjunction with the KHYATI (Knowledge, Host hardening, Yauld monitoring, Analysis, Tools and Implementation) paradigm to ensure effective information assurance. 2 DEDICATION To my parents Shri Suresh K Grover and Smt Asha Grover and my brother Sumit Grover to whom I am indebted for their constant encouragement and unwavering support that helped me sail through trying times. 3 ACKNOWLEDGEMENTS I wish to express my sincere gratitude to my advisory committee members—Dr Neil Thomas (chair for the final part), Dr Phillip E Pfeiffer IV (chair for the initial part), and Dr Qing Yuan— without whose unwavering support and guidance, this manuscript would not have been possible. Dr Pfeiffer’s academic brilliance, impeccable computing experience, clarity of vision, and meticulousness was responsible for shaping this thesis in its crucial foundation stages. Dr Thomas’s constant encouragement, thorough knowledge and invaluable computing expertise were responsible for guiding the remaining part of the thesis. I also wish to express my sincere thanks to the staff of OIT—Bob Cook, Steven Webb, Timothy White, JD Reed and Jim Ashe— for their help in dealing with various infrastructure issues. 4 CONTENTS Page ABSTRACT ……………………………………………………………….……….. 2 DEDICATION ……………………………………………………………………… 3 ACKNOWLEDGEMENTS ………………………………………………………… 4 LIST OF TABLES………………………………………………………………….. 11 LIST OF FIGURES…………………………………………………………..…….. 13 Chapter 1 INTRODUCTION………………………………………………..………… 15 1.0 Information Assurance……………………………………………… 15 1.1 Synopsis of the Approach Taken…………………………………… 19 1.2 Firewalling……………………………………………..…………… 19 1.3 Packet-Shaping……………………………………………………… 19 1.4 Hybrid Strategy…………………………………………………...… 20 1.5 Key Results………………………………………………….….…… 20 1.6 Structure for the Balance of the Thesis……………………………… 21 2 PORT ABUSE AND COUNTERMEASURES…………………………..… 22 2.1 Characteristics of the Transport Layer ……………………………… 22 2.1.1 Mechanisms for Layer 4 Traffic Flow………………………. 22 2.1.1.1 Notion of Ports………………………………..…… 23 2.1.1.2 Standard Uses of Ports……………………………. 24 2.1.1.2.1 “Trojan” Ports…………………………… 25 2.1.1.3 Covert Channels of Communication……………… 25 2.1.2 Typical Characteristics of Layer 4 Traffic Flow………………. 26 5 2.2 Abusing Ports to Compromise Security…………………………….. 27 2.2.1 Port Scanning………………………………………..……… 27 2.2.1.1 TCP Connect Scan………………..………………… 28 2.2.1.2 TCP SYN (Half Open) Scan……………………..… 29 2.2.1.3 TCP FIN (Stealth) Scan………………………….… 29 2.2.1.4 TCP Ftp Proxy (Bounce Attack) Scan……………... 29 2.2.1.5 TCP Xmas Tree Scan…………………………….… 30 2.2.1.6 TCP Null Scan…………………………………….… 30 2.2.1.7 TCP ACK Scan……………………………….…… 30 2.2.1.8 TCP Windows Scan………………………………… 31 2.2.1.9 TCP RPC Scan……………………………………… 31 2.2.1.10 SYN / FIN Scan Using IP Fragments (Bypass Packet Filters)……………………………………………….. 31 2.2.1.11 UDP Recvfrom() And Write() Scan………….…… 32 2.2.1.12 UDP Raw ICMP Port Unreachable Scan…….…… 32 2.2.1.13 ICMP Echo Scan (Ping – Sweep) ………………… 32 2.2.1.14 Reverse-ident Scan………………………………… 33 2.2.1.15 Idle Scan…………………………………………… 33 2.2.2 Stack Fingerprinting……………..…………………………… 33 2.2.2.1 Active Stack Fingerprinting ….……………………… 34 2.2.2.1.1 FIN Probe………………………………… 34 2.2.2.1.2 Bogus Flag Probe………………………… 34 2.2.2.1.3 Initial Sequence Number (ISN) Sampling… 35 6 2.2.2.1.4 “Don’t Fragment Bit” Monitoring……… 35 2.2.2.1.5 TCP Initial Window Size……………… 35 2.2.2.1.6 ACK Value…………………………..… 36 2.2.2.1.7 ICMP Error Message Quenching…….… 36 2.2.2.1.8 ICMP Message Quoting………..…….… 36 2.2.2.1.9 ICMP Error Message-Echoing Integrity.. 37 2.2.2.1.10 Type of Service (TOS) ……..………….. 37 2.2.2.1.11 Fragmentation Handling………………… 37 2.2.2.1.12 TCP Options…………………………..… 38 2.2.2.2 Passive Stack Fingerprinting ………………………… 38 2.3 Techniques for Detecting Invalid Use of Ports…………………………… 38 2.3.1 Use Analysis……………………………………………….…… 38 2.3.2 Bandwidth Analysis…………………………………………… 39 2.3.3 Content Analysis……………………………………………… 40 2.3.3.1 Real Time Intrusion Detection……………………… 42 2.3.3.1.1 Overload, Crash and Subterfuge Attacks……. 43 2.3.3.2 Traffic Normalization………………………………..… 44 2.3.3.3 Intrusion Detection Wrappers………………………… 45 2.3.3.4 Intrusion Detection Based On Expert Systems………. 45 2.3.3.5 Intrusion Prevention…………………………………. 46 2.3.4 Timing Analysis……………………………………………… 46 2.4 Techniques for Blocking Invalid Use of “Mainstream” Ports……….. 47 2.4.1 Shutting Down Unneeded Services………………………..…. 47 7 2.4.2 Port Re-Mapping…………………………….……………… 47 2.4.3 Static Packet Filtering………………………………….…… 48 2.4.4 Dynamic Packet Filtering…………………………………… 48 2.4.5 Stateful Filtering…………………………………………..… 48 2.4.6 Proxy Filtering……………………………………………… 49 2.4.7 Plug Gateways……………………………………………… 49 2.4.8 Port Address Translation…………………………………… 49 2.4.9 Traffic Management………………………………………… 49 3 BANDWIDTH MANAGEMENT…………………………………………… 51 3.1 Goals ………………………………………………………………… 51 3.2 Preliminaries………………………………………………..………… 51 3.2.1 Background study…………………………………………….. 52 3.2.2 Data Collection Tools………………………………………… 52 3.2.2.1 PacketShaper………………………………………… 53 3.2.2.2 Active Ports ………………………………………… 53 3.2.2.3 PacketPup …………………………………………… 54 3.2.2.4 Network Probe 0.4…………………………………… 54 3.2.2.5 Ethereal ……………………………………………… 55 3.2.2.6 Action Request System ……………………………… 56 3.2.2.7 McAfee’s GroupShield Exchange 5.0 Enterprise Suite… 56 3.2.3 Monitoring Station………..………………………………….… 56 3.3 Bandwidth Management………………………………………….…… 57 3.3.1 Classification of the Network Traffic…………………………. 57 8 3.3.2 Analysis and Interpretation…………………………………… 61 3.3.3 Enforcement of Management Policies………………………… 63 3.3.3.1 Feedback-Oriented Fine-Tuning……………………… 65 3.3.4 Data Integrity Verification……………………………………. 73 3.3.5 Non-Standard Traffic ………………………………………… 73 3.3.5.1 Step I: Initiate Network Probe………………………… 75 3.3.5.2 Step II: Isolate Communication for Interesting Ports….. 78 3.3.5.3 Step III : Identification of Potential Secondary Target Ports…………………………………………..... 78 3.3.5.4 Step IV : Isolating Conversations from ‘Suspect’ Hosts…………………………………………….…..…. 79 3.3.5.5 Step V: Target Host Investigation…….……………….. 80 3.3.5.6 Step VI : Physical Identification of Target Machines…. 84 4 RESULTS …………………………………………………………………….… 88 4.1 Results ………………………………………………………………….. 88 4.2 Bandwidth Traffic Tree………………………………………………… 88 4.3 Top Ten Protocols……………………………………………………… 89 4.4 Breakdown of HTTP Traffic…………………………………………… 90 4.5 Bandwidth Utilization………………………………………………..… 91 4.6 Rogue Traffic on Legitimate Ports……………………………..……… 93 4.7 Bandwidth Abuse……………………………………………………… 94 4.7.1 Bandwidth Abuse Analysis…………………………………… 96 5 CONCLUSION……………………………………………………………..… 97 9 5.1 Defense–In–Depth ………………………………………………..…… 97 5.2 The ‘KHYATI’ Paradigm……………………………………………… 97 5.2.1 Knowledge……………………………………………………… 98 5.2.2 Host hardening…………..……………………………………… 98 5.2.3 Yauld monitoring……………….……………………………… 99 5.2.4 Analysis…………….………………………………………..… 99 5.2.5 Tools…………………..……………………………………..… 99 5.2.6 Implementation………………………..……………………..… 100 BIBLIOGRAPHY ………………..………………………………………………… 101 APPENDICES Appendix A: PROTOCOLS AND SERVICES SUPPORTED BY ETHEREAL 105 Appendix B: PROTOCOLS AND SERVICES CLASSIFIED BY PACKETSHAPER ………………………………….………….... 107 Appendix C: SAMPLE AVERAGE AND PEAK FLOW RATES…………….. 112 Appendix D: NETWORK PERFORMANCE SUMMARY………..…………… 115 Appendix E: ETSU NETWORK TRAFFIC TREE
Load more

Recommended publications
  • Case Study PRO
    GoToMyPC™ case study PRO SUMMARY AdministGoToMyPC Pro TopsTion pcAnywhere The Enterprise Rapattoni Corporation provides for Easy Network Administration management information software "GoToMyPC Pro simply works better than pcAnywhere" is the for real estate associations. reason Chris Edgar gives for his company's switch to GoToMyPC Pro.As network support manager for Rapattoni Corporation, his The Challenge team uses GoToMyPC Pro to administer and support custom Network Support Manager Chris software implementations. Edgar requires reliable access to customer computers to remotely Rapattoni Corporation remotely manages its customized SQL database product for administer his company's custom more than 250 real estate associations.The company had previously used pcAnywhere software implementation.The and other packaged products for remote administration, but found implementation and company was using pcAnywhere configuration to be difficult, especially when working with customers who had limited and other remote-access software, computer experience. Rapattoni now uses GoToMyPC Pro to easily administer but found it to be unreliable and customer networks. Edgar believes that GoToMyPC Pro is faster and more reliable than difficult to use pcAnywhere. "GoToMyPC Pro is very non-intrusive and fast," he says. "Our customers love it." The GoToMyPC Solution GoToMyPC Pro can be easily “Their mouths drop and they ask implemented within minutes on customer networks, even for where they can get GoToMyPC Pro.” customers with limited computer experience.There is virtually no GoToMyPC Pro has been a real money saver for Rapattoni because administrators can configuration with GoToMyPC resolve issues without a customer's intervention. "We probably save two or three phone Pro, allowing company calls per incident with GoToMyPC," says Edgar.
    [Show full text]
  • Netcat and Trojans/Backdoors
    Netcat and Trojans/Backdoors ECE4883 – Internetwork Security 1 Agenda Overview • Netcat • Trojans/Backdoors ECE 4883 - Internetwork Security 2 Agenda Netcat • Netcat ! Overview ! Major Features ! Installation and Configuration ! Possible Uses • Netcat Defenses • Summary ECE 4883 - Internetwork Security 3 Netcat – TCP/IP Swiss Army Knife • Reads and Writes data across the network using TCP/UDP connections • Feature-rich network debugging and exploration tool • Part of the Red Hat Power Tools collection and comes standard on SuSE Linux, Debian Linux, NetBSD and OpenBSD distributions. • UNIX and Windows versions available at: http://www.atstake.com/research/tools/network_utilities/ ECE 4883 - Internetwork Security 4 Netcat • Designed to be a reliable “back-end” tool – to be used directly or easily driven by other programs/scripts • Very powerful in combination with scripting languages (eg. Perl) “If you were on a desert island, Netcat would be your tool of choice!” - Ed Skoudis ECE 4883 - Internetwork Security 5 Netcat – Major Features • Outbound or inbound connections • TCP or UDP, to or from any ports • Full DNS forward/reverse checking, with appropriate warnings • Ability to use any local source port • Ability to use any locally-configured network source address • Built-in port-scanning capabilities, with randomizer ECE 4883 - Internetwork Security 6 Netcat – Major Features (contd) • Built-in loose source-routing capability • Can read command line arguments from standard input • Slow-send mode, one line every N seconds • Hex dump of transmitted and received data • Optional ability to let another program service established connections • Optional telnet-options responder ECE 4883 - Internetwork Security 7 Netcat (called ‘nc’) • Can run in client/server mode • Default mode – client • Same executable for both modes • client mode nc [dest] [port_no_to_connect_to] • listen mode (-l option) nc –l –p [port_no_to_connect_to] ECE 4883 - Internetwork Security 8 Netcat – Client mode Computer with netcat in Client mode 1.
    [Show full text]
  • Abstract Introduction Methodology
    Kajetan Hinner (2000): Statistics of major IRC networks: methods and summary of user count. M/C: A Journal of Media and Culture 3(4). <originally: http://www.api-network.com/mc/0008/count.html> now: http://www.media-culture.org.au/0008/count.html - Actual figures and updates: www.hinner.com/ircstat/ Abstract The article explains a successful approach to monitor the major worldwide Internet Relay Chat (IRC) networks. It introduces a new research tool capable of producing detailed and accurate statistics of IRC network’s user count. Several obsolete methods are discussed before the still ongoing Socip.perl program is explained. Finally some IRC statistics are described, like development of user figures, their maximum count, IRC channel figures, etc. Introduction Internet Relay Chat (IRC) is a text-based service, where people can meet online and chat. All chat is organized in channels which a specific topic, like #usa or #linux. A user can be taking part in several channels when connected to an IRC network. For a long time the only IRC network has been EFnet (Eris-Free Network, named after its server eris.berkeley.edu), founded in 1990. The other three major IRC networks are Undernet (1993), DALnet (1994) and IRCnet, which split off EFnet in June 1996. All persons connecting to an IRC network at one time create that IRC network’s user space. People are constantly signing on and off, the total number of users ever been to a specific IRC network could be called social space of that IRC network. It is obvious, that the IRC network’s social space by far outnumbers its user space.
    [Show full text]
  • List of NMAP Scripts Use with the Nmap –Script Option
    List of NMAP Scripts Use with the nmap –script option Retrieves information from a listening acarsd daemon. Acarsd decodes ACARS (Aircraft Communication Addressing and Reporting System) data in real time. The information retrieved acarsd-info by this script includes the daemon version, API version, administrator e-mail address and listening frequency. Shows extra information about IPv6 addresses, such as address-info embedded MAC or IPv4 addresses when available. Performs password guessing against Apple Filing Protocol afp-brute (AFP). Attempts to get useful information about files from AFP afp-ls volumes. The output is intended to resemble the output of ls. Detects the Mac OS X AFP directory traversal vulnerability, afp-path-vuln CVE-2010-0533. Shows AFP server information. This information includes the server's hostname, IPv4 and IPv6 addresses, and hardware type afp-serverinfo (for example Macmini or MacBookPro). Shows AFP shares and ACLs. afp-showmount Retrieves the authentication scheme and realm of an AJP service ajp-auth (Apache JServ Protocol) that requires authentication. Performs brute force passwords auditing against the Apache JServ protocol. The Apache JServ Protocol is commonly used by ajp-brute web servers to communicate with back-end Java application server containers. Performs a HEAD or GET request against either the root directory or any optional directory of an Apache JServ Protocol ajp-headers server and returns the server response headers. Discovers which options are supported by the AJP (Apache JServ Protocol) server by sending an OPTIONS request and lists ajp-methods potentially risky methods. ajp-request Requests a URI over the Apache JServ Protocol and displays the result (or stores it in a file).
    [Show full text]
  • Chapter 3 Composite Default Screen Blind Folio 3:61
    Color profile: GenericORACLE CMYK printerTips & Techniques profile 8 / Oracle9i for Windows 2000 Tips & Techniques / Jesse, Sale, Hart / 9462-6 / Chapter 3 Composite Default screen Blind Folio 3:61 CHAPTER 3 Configuring Windows 2000 P:\010Comp\OracTip8\462-6\ch03.vp Wednesday, November 14, 2001 3:20:31 PM Color profile: GenericORACLE CMYK printerTips & Techniques profile 8 / Oracle9i for Windows 2000 Tips & Techniques / Jesse, Sale, Hart / 9462-6 / Chapter 3 Composite Default screen Blind Folio 3:62 62 Oracle9i for Windows 2000 Tips & Techniques here are three basic configurations of Oracle on Windows 2000: as T a management platform, as an Oracle client, and as a database server. The first configuration is the platform from which you will manage Oracle installations across various machines on various operating systems. Most system and database administrators are given a desktop PC to perform day-to-day tasks that are not DBA specific (such as reading e-mail). From this desktop, you can also manage Oracle components installed on other operating systems (for example, Solaris, Linux, and HP-UX). Even so, you will want to configure Windows 2000 to make your system and database administrative tasks quick and easy. The Oracle client software configuration is used in more configurations than you might first suspect: ■ Web applications that connect to an Oracle database: ■ IIS 5 ASPs that use ADO to connect to an Oracle database ■ Perl DBI application running on Apache that connects to an Oracle database ■ Any J2EE application server that uses the thick JDBC driver ■ Client/server applications: ■ Desktop Visual Basic application that uses OLEDB or ODBC to connect to an Oracle Database ■ Desktop Java application that uses the thick JDBC to connect to Oracle In any of these configurations, at least an Oracle client installation is required.
    [Show full text]
  • Major Qualifying Project
    Network Anomaly Detection Utilizing Robust Principal Component Analysis Major Qualifying Project Advisors: PROFESSORS LANE HARRISON,RANDY PAFFENROTH Written By: AURA VELARDE RAMIREZ ERIK SOLA PLEITEZ A Major Qualifying Project WORCESTER POLYTECHNIC INSTITUTE Submitted to the Faculty of the Worcester Polytechnic Institute in partial fulfillment of the requirements for the Degree of Bachelor of Science in Computer Science. AUGUST 24, 2017 - MARCH 2, 2018 ABSTRACT n this Major Qualifying Project, we focus on the development of a visualization-enabled anomaly detection system. We examine the 2011 VAST dataset challenge to efficiently Igenerate meaningful features and apply Robust Principal Component Analysis (RPCA) to detect any data points estimated to be anomalous. This is done through an infrastructure that promotes the closing of the loop from feature generation to anomaly detection through RPCA. We enable our user to choose subsets of the data through a web application and learn through visualization systems where problems are within their chosen local data slice. In this report, we explore both feature engineering techniques along with optimizing RPCA which ultimately lead to a generalized approach for detecting anomalies within a defined network architecture. i TABLE OF CONTENTS Page List of Tables v List of Figures vii 1 Introduction 1 1.1 Introduction .......................................... 1 2 VAST Dataset Challenge3 2.1 2011 VAST Dataset...................................... 3 2.2 Attacks in the VAST Dataset ................................ 6 2.3 Avoiding Data Snooping ................................... 7 2.4 Previous Work......................................... 8 3 Anomalies in Cyber Security9 3.1 Anomaly detection methods................................. 9 4 Feature Engineering 12 4.1 Feature Engineering Process ................................ 12 4.2 Feature Selection For a Dataset..............................
    [Show full text]
  • Honeydv6 a Low-Interaction Ipv6 Honeypot
    HoneydV6 A low-interaction IPv6 honeypot Sven Schindler Potsdam University Institute for Computer Science Operating Systems and Distributed Systems Reykjavík, July 29, 2013 Outline 1 Introduction 2 An IPv6 darknet experiment 3 HoneydV6 - Development and Performance Measurements 4 Conclusion and Future work Sven Schindler (Potsdam University) HoneydV6 Frame 2 of 26 Introduction Outline 1 Introduction 2 An IPv6 darknet experiment 3 HoneydV6 - Development and Performance Measurements 4 Conclusion and Future work Sven Schindler (Potsdam University) HoneydV6 Frame 3 of 26 Introduction Why do we need IPv6 dark- and honeynets? huge IPv6 address space makes brute-force network scanning impossible new scanning approaches in the wild? attacks aiming at IPv6 design weaknesses how to analyse IPv6 related attacks? Sven Schindler (Potsdam University) HoneydV6 Frame 4 of 26 Introduction THC and si6 - IPv6 Attack Toolkits IPv6 attack tools like THC toolkit [3] and si6 [8] available fragment6 (THC) - duplicate fragments fake_router6 (THC) - become the default router rsmurf6 (THC) - remote smurf attack tool dos-new-ip6 (THC) - block new hosts from joining a network scan6 (si6) - intelligent scan approaches Sven Schindler (Potsdam University) HoneydV6 Frame 5 of 26 An IPv6 darknet experiment Outline 1 Introduction 2 An IPv6 darknet experiment 3 HoneydV6 - Development and Performance Measurements 4 Conclusion and Future work Sven Schindler (Potsdam University) HoneydV6 Frame 6 of 26 An IPv6 darknet experiment Prior darknet experiments Why another IPv6 Darknet
    [Show full text]
  • Ipsec Overhead in Wireline and Wireless Networks for Web and Email Applications
    IPSec Overhead in Wireline and Wireless Networks for Web and Email Applications George C. Hadjichristofi Nathaniel J. Davis, IV Scott F. Midkiff Bradley Department of Electrical and Computer Engineering Virginia Polytechnic Institute and State University Blacksburg, Virginia 2406 1 USA Abstract inserted in a system model to calculate the overall This paper focuses on characterizing the overhead of speedup when compression was used in different types of IP Security (IPSec)for email and web applications using networks. The research did not involve deploying test a set of test bed configurations. The different beds for “live” experimental measurements. confligurations are implemented using both wireline and Chappell, et al. did additional work [2]. The purpose wireless netwrk links. ne testing considers different of their research was to determine the suitability of IPSec combinations of authentication algorithms and for a Multiple Level Security environment. The research authentication protocols. Authentication algorithms used an experimental version of IPSec that was not include Hashed Message Authentication Code-Message optimized for performance. A simple IPSec wireline test Digest 5 (HMAC-MD5) and Hashed Message bed was deployed and various measurements were made. Authentication Code-Secure Hash Algorithm 1 (HMAC- The research did not investigate the overhead of using SHAl). Authentication protocols include Encapsulating authentication and encryption and the IPSec Security Payload (ESP) and Authentication Header (AH) implementation used only DES for confidentiality. protocols. Triple Digital Enclyption Standard (3DEq is The results presented in this paper are derived from used for encryption. Overhead is examined for scenarios actual measurements taken on wired and wireless test using no enclyption and no authentication, authentication beds and provide an expanded testing environment when and no encryption, and authentication and enclyption.
    [Show full text]
  • Ncircle IP360
    VULNERABILITY MANAGEMENT TECHNOLOGY REPORT nCircle IP360 OCTOBER 2006 www.westcoastlabs.org 2 VULNERABILITY MANAGEMENT TECHNOLOGY REPORT CONTENTS nCircle IP360 nCircle, 101 Second Street, Suite 400, San Francisco, CA 94105 Phone: +1 (415) 625 5900 • Fax: +1 (415) 625 5982 Test Environment and Network ................................................................3 Test Reports and Assessments ................................................................4 Checkmark Certification – Standard and Premium ....................................5 Vulnerabilities..........................................................................................6 West Coast Labs Vulnerabilities Classification ..........................................7 The Product ............................................................................................8 Developments in the IP360 Technology ....................................................9 Test Report ............................................................................................10 Test Results ............................................................................................17 West Coast Labs Conclusion....................................................................18 Security Features Buyers Guide ..............................................................19 West Coast Labs, William Knox House, Britannic Way, Llandarcy, Swansea, SA10 6EL, UK. Tel : +44 1792 324000, Fax : +44 1792 324001. www.westcoastlabs.org VULNERABILITY MANAGEMENT TECHNOLOGY REPORT 3 TEST ENVIRONMENT
    [Show full text]
  • Remote Administration
    Remote Administration Contents Preparing The Server 2 Firewall Considerations 3 Performing Remote Administration 4 Additional Notes 5 Mobile Application Administration 6 Managing Users In The iPhone App 9 © Maxum Development Corp. Remote Administration Rumpus allows you to add users, check server status, review logs, and generally administer your server from your own desktop Mac, rather than having to go to the server to perform these tasks. Setting up Rumpus for remote administration is fairly straightforward, though some effort needs to be expended making sure your Rumpus settings remain secure, even when you make them accessible to remote Macs. Not all administrative tasks can be performed remotely. In particular, server installation, the setup assistants, and automatic diagnostics must be performed on the server itself. Almost all Rumpus control features needed for long-term server maintenance are accessible remotely, but before enabling remote access, you will need to install and perform basic setup of the server. In fact, we recommend that your server be functional and that you at least test the ability to log in to the server before attempting to remotely administer it. Preparing The Server Once basic operation of the server has been established, you are ready to enable remote administration. Open the “Network Settings” window and flip to the “Remote Admin” tab, shown below. ! Setup of remote administration from a desktop Mac Maxum Development Corp. "2 Remote Administration Maintaining security over remote administration is extremely important, so start by specifying an administration password and a list of client IP addresses that will be allowed to administer the server.
    [Show full text]
  • Delegating Network Security with More Information
    Delegating Network Security with More Information Jad Naous Ryan Stutsman Stanford University Stanford University California, USA California, USA [email protected] David Mazières Nick McKeown Nickolai Zeldovich Stanford University Stanford University MIT CSAIL California, USA California, USA Massachusetts, USA [email protected] [email protected] ABSTRACT network has become more centralized, enabling an admin- Network security is gravitating towards more centralized istrator to configure a consistent security policy at a single control. Strong centralization places a heavy burden on the location and have it enforced across various devices. Recent administrator who has to manage complex security policies proposals take centralization even further, proposing that al- and be able to adapt to users’ requests. To be able to cope, most all network features be pulled out of the datapath into the administrator needs to delegate some control back to a central controller [6, 5, 8, 10, 1], giving the administrator end-hosts and users, a capability that is missing in today’s direct control over routing, mobility, and access control. We networks. Delegation makes administrators less of a bottle- expect this trend to continue. neck when policy needs to be modified and allows network While there are many advantages to centralizing the con- administration to follow organizational lines. To enable del- trol of enterprise networks, such centralization places a heavy egation, we propose ident++—a simple protocol to request burden on the administrator. She needs to manage an in- additional information from end-hosts and networks on the creasingly complex set of rules, respond to user requests, path of a flow.
    [Show full text]
  • List of TCP and UDP Port Numbers from Wikipedia, the Free Encyclopedia
    List of TCP and UDP port numbers From Wikipedia, the free encyclopedia This is a list of Internet socket port numbers used by protocols of the transport layer of the Internet Protocol Suite for the establishment of host-to-host connectivity. Originally, port numbers were used by the Network Control Program (NCP) in the ARPANET for which two ports were required for half- duplex transmission. Later, the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP) needed only one port for full- duplex, bidirectional traffic. The even-numbered ports were not used, and this resulted in some even numbers in the well-known port number /etc/services, a service name range being unassigned. The Stream Control Transmission Protocol database file on Unix-like operating (SCTP) and the Datagram Congestion Control Protocol (DCCP) also systems.[1][2][3][4] use port numbers. They usually use port numbers that match the services of the corresponding TCP or UDP implementation, if they exist. The Internet Assigned Numbers Authority (IANA) is responsible for maintaining the official assignments of port numbers for specific uses.[5] However, many unofficial uses of both well-known and registered port numbers occur in practice. Contents 1 Table legend 2 Well-known ports 3 Registered ports 4 Dynamic, private or ephemeral ports 5 See also 6 References 7 External links Table legend Official: Port is registered with IANA for the application.[5] Unofficial: Port is not registered with IANA for the application. Multiple use: Multiple applications are known to use this port. Well-known ports The port numbers in the range from 0 to 1023 are the well-known ports or system ports.[6] They are used by system processes that provide widely used types of network services.
    [Show full text]