DOCSLIB.ORG

Fortios Wireless LAN Controller Data Sheet

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Fortios Wireless LAN Controller Data Sheet DATA SHEET FortiOS® Wireless LAN Controller Today’s organizations are facing numerous challenges from the Highlights campus to the branch as the network environment evolves with n Support for Wi-Fi 6 FortiAPs the rapid rise of IoT devices, demanding mobile and remote n Scale from 1 to 10,000+ APs workforce, and evolving security threats. Fortinet’s Secure n Flexible deployment models Wireless LAN Controllers are integrated into the FortiOS, a for SD-Branch, Education, purpose-built network security operating system, which forms Healthcare, and Hospitality the foundation of the FortiGate Network Security Platform. This n Integrated security solution leads to security-driven networking for wireless LANs. and management n PCI compliance capabilities for Security Fabric Integration retail stores Fortinet’s Security Fabric extends to our Secure Wireless solution n Integrated guest access providing coordinated security policies to the very edge of the management with captive wired/wireless network where there are the most vulnerabilities. portal n BYOD device finger printing and control Superior Performance n Integrated WIDS and rogue The latest wireless standards, integrated security at the edge via AP management FortiLink, client steering to 5 GHz radios and Application control services all combine to deliver the highest level of performance n Spectrum analysis and user experience. End-to-End Wireless LAN Security Integrated security services from the controller to the AP secures for the network, the clients and the applications. 1 DATA SHEET | FortiOS® Wireless LAN Controller HIGHLIGHTS Key Features and Benefits Scalable and Resilient Highly scalable and centrally managed enterprise WLAN, with integrated radio resource management to reduce co-channel interference and provide consistent WLAN performance. Integrated Security Features Extends wired security features to WLAN, unifying both wired and wireless management into a single console, providing a “Single Pane of Glass” management interface to the network. Layer-7 Application Visibility Leverage market leading features with the power of SPU-based deep packet inspection technology to deliver granular application level visibility and control. The need for secure wireless networks with intra-SSID industry-leading Application Control capability provides privacy, robust third-party certified security and advanced the fine-grained application control required to ensure the networking capabilities, is now more important than ever. Wireless LAN is performing at its best and is being utilized for Delivering the industry’s most comprehensive suite of the intended applications. security, wireless and networking services, the FortiOS enterprise-class Wireless LAN Controller is purpose-built to Industry-Leading Security leverage hardware acceleration provided by custom Fortinet FortiOS has its pedigree in Unified Threat Management and Security Processing Units (SPUs) while providing an easy to Fortinet holds more industry certifications than any other use enterprise wireless solution, in a single unified platform. vendor, providing the best-in-class unified protection with an integrated set of security services. From antivirus, web Unbeatable Flexibility to Meet all content filtering, application control, network IPS, email Deployment Needs filtering and DLP, the same security that is applied to the A wireless infrastructure must be flexible and scalable. By wired network can now be applied to the wireless LAN. Built- consolidating security and wireless network capabilities, in Wireless Intrusion Detection System capabilities further Fortinet Secure Wireless LAN Controllers significantly reduce protect the wireless LAN by detecting a vast array of RF network complexity and ultimately TCO. Fortinet’s no-VLANs™ intrusion techniques including: approach reduces complex Layer-2 requirements, eliminating § Association/ Authentication/ EAPOL Flooding the need to propagate VLAN information across the network § Broadcast deauthentication to simplify and accelerate large, scalable deployments. With a § Spoofed MAC wide range of FortiGate models to choose from, no matter the size of your network, there’s a FortiGate solution right for you. § Ad-hoc Network Detection and Containment § Wireless Bridge Detection Single Pane-of-Glass Management § Misconfigured AP Detection Integrating wired and wireless security into a single pane- § MAC OUI Checking of-glass lowers operating costs and reduces IT staff workloads by eliminating the complexities of troubleshooting Automated Rogue AP Detection a multivendor network and the need for costly training and and Suppression certification across multiple vendor products. In addition to Rogue access points pose a serious network security threat reducing operating costs, a single pane of glass provides by creating a leakage point where sensitive data such as complete visibility of clients, access points, switches and, credit card information can be siphoned off the network. For security services, ensuring consistent security and control this reason, the PCI DSS and other data security standards policies are applied across the enterprise. often mandate proactive monitoring and suppression of rogue APs. The FortiGate Rogue AP on-wire detection engine Sophisticated Application Control uses various correlation techniques to determine if a Rogue Wireless bandwidth is a precious shared medium and it is AP is connected to the network. This automated process critical that business applications receive priority on the continuously monitors for unknown APs and automatically wireless LAN. FortiOS Application Control is built-in to the suppresses any found to be unauthorized. Wireless LAN controller and uses deep Layer-7 inspection with over 4,000 application signatures to provide bandwidth guarantees and prioritization of critical applications. This 2 2 DATA SHEET | FortiOS® Wireless LAN Controller FEATURE HIGHLIGHTS Band Steering Captive Portal Band steering makes more efficient use of your available Browser-based authentication for guest users is also wireless network by sending clients to the bands where supported via SSL enabled captive portal. This built-in they are most efficiently served. FortiOS allows the user to captive portal allows for HTML login page customization as assign bands to clients based on their capabilities. Without well as guest account provisioning and management via an band steering, a dual-band client could associate on either integrated guest management portal. FortiOS also supports the 2.4 GHz or the 5 GHz channels, leading to overcrowding the universal access method (UAM) for integrating with third- on one band or the other depending on device preferences. party external captive portal servers as well as two-factor With band steering, you can direct some of this traffic to your authentication with the FortiToken One Time Password (OTP) band of choice. Another example of using band steering is to solution. separate devices by their importance (or the importance of the types of traffic they will be passing on your network). You Device Fingerprinting can leave all clients with low priority profiles on the 2.4 GHz Device fingerprinting allows the collection of various channels (where bandwidth is not a concern) and move attributes about a device connecting to the network. The clients to the 5 GHz band to achieve higher data rates. collected attributes can fully or partially identify individual devices, including the client’s OS, device type, and browser Automatic Radio Resource Provisioning being used. Device Fingerprinting can provide more FortiOS DARRP (Distributed Automatic Radio Resource information for the station and allows system administrators Provisioning) technology ensures the wireless infrastructure to be more aware of the types of devices in use and take is always optimized to deliver maximum performance. Fortinet actions if necessary. APs enabled with this advanced feature continuously monitor the RF environment for interference, noise, and signals from Spectrum Analysis neighboring APs, enabling the FortiGate WLAN Controller to Get detailed RF information to understand what interfering determine the optimal RF power levels for each AP on the devices are in your area by using an existing AP radio for network. When a new AP is provisioned, DARRP also ensures spectrum analysis. Several graphical depictions are available that it chooses the optimal channel, without administrator including Signal Inteferencce, Spectragram, and Interferer list. intervention. Authentication Role Derivation Complete Secure Wireless LAN Architecture Policy Enforcement n Captive Portal, 802.1x, Temporary Guest Access n User and Device Identification, Authorization Wireless & Network Security n User and Device based policies, Application Control Traffic Shaping n Rogue AP Mitigation, Wireless Intrusion Detection n User and Application Based Wireless QOS Visibility & Audit Trail n Detailed Network and Threat Visibility, Compliance Reporting Corporate Network 3 DATA SHEET | FortiOS® Wireless LAN Controller SPECIFICATIONS WIRELESS CONTROLLER WIRELESS CONTROLLER Networking Wireless Access and Authentication Bonjour Gateway Ability to monitor and control Apple’s Bonjour Protocol Access – Authentication IEEE 802.1x (EAP, Cisco-LEAP, PEAP, EAP-TLS, EAP-TTLS, Methods EAP-SIM, EAP-AKA) DHCP Integrated DHCP server RFC 2716 PPP EAP-TLS VLANs Interface and trunk RFC 2865 RADIUS authentication SSID to VLAN mapping RFC 3579 RADIUS support for EAP Dynamic VLAN Support RFC
Load more

Recommended publications
  • List of TCP and UDP Port Numbers - Wikipedia, the Free Encyclopedia 6/12/11 3:20 PM
    List of TCP and UDP port numbers - Wikipedia, the free encyclopedia 6/12/11 3:20 PM List of TCP and UDP port numbers From Wikipedia, the free encyclopedia (Redirected from TCP and UDP port numbers) This is a list of Internet socket port numbers used by protocols of the Transport Layer of the Internet Protocol Suite for the establishment of host-to-host communications. Originally, these port numbers were used by the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP), but are used also for the Stream Control Transmission Protocol (SCTP), and the Datagram Congestion Control Protocol (DCCP). SCTP and DCCP services usually use a port number that matches the service of the corresponding TCP or UDP implementation if they exist. The Internet Assigned Numbers Authority (IANA) is responsible for maintaining the official assignments of port numbers for specific uses.[1] However, many unofficial uses of both well-known and registered port numbers occur in practice. Contents 1 Table legend 2 Well-known ports: 0–1023 3 Registered ports: 1024–49151 4 Dynamic, private or ephemeral ports: 49152–65535 5 See also 6 References 7 External links Table legend Color coding of table entries Official Port/application combination is registered with IANA Unofficial Port/application combination is not registered with IANA Conflict Port is in use for multiple applications (may be official or unofficial) Well-known ports: 0–1023 The port numbers in the range from 0 to 1023 are the well-known ports. They are used by system processes that provide widely-used types of network services.
    [Show full text]
  • Edition with Romkey, April 16, 1986 (PDF)
    PC/IP User's Guide MASSACHUSETTS INSTITUTE OF TECHNOLOGY Laboratory For Computer Science Network programs based on the DoD Internet Protocol for the mM Personal Computer PC/~ release or March, 1986; document updated Aprill4, 1986 by: Jerome H. Saltzer John L. Romkey .• Copyright 1984, 1985, 1986 by the Massachusetts Institute or Technology Permission to use, copy, modlt'y, and distribute these programs and their documentation ror any purpose and without ree ls hereby granted, provided that this copyright and permission notice appear on all copies and supporting documentation, the name or M.I.T. not be used in advertising or publlclty pertalnlng to dlstrlbutlon or the programs without written prior permission, and notice be glven in supporting documentation that copying and distribution ls by permlsslon or M.I.T. M.I.T. makes no representations about the suitablllty or this software for any purpose. It is provided "as ls" without express or Implied warranty. - ii - CREDITS The PC/IP packages are bullt on the work of many people in the TCP/IP community, both at M.I.T. and elsewhere. Following are some of the people who directly helped in the creation of the packages. Network environment-John L. Romkey Terminal emulator and customizer-David A. Bridgham Inltlal TFTP-Kari D. Wright Inltlal telnet-Louls J. Konopelskl Teinet model-David D. Clark Tasking package-Larry W. Allen Development system-Christopher J. Terman Development environment-Wayne C. Gramlich Administrative Assistant-Muriel Webber October 3, 1985. This document is in cover .mss - iii- - iv Table of Contents 1. Overview of PC/IP network programs 1 1.1.
    [Show full text]
  • List of TCP and UDP Port Numbers from Wikipedia, the Free Encyclopedia
    List of TCP and UDP port numbers From Wikipedia, the free encyclopedia This is a list of Internet socket port numbers used by protocols of the transport layer of the Internet Protocol Suite for the establishment of host-to-host connectivity. Originally, port numbers were used by the Network Control Program (NCP) in the ARPANET for which two ports were required for half- duplex transmission. Later, the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP) needed only one port for full- duplex, bidirectional traffic. The even-numbered ports were not used, and this resulted in some even numbers in the well-known port number /etc/services, a service name range being unassigned. The Stream Control Transmission Protocol database file on Unix-like operating (SCTP) and the Datagram Congestion Control Protocol (DCCP) also systems.[1][2][3][4] use port numbers. They usually use port numbers that match the services of the corresponding TCP or UDP implementation, if they exist. The Internet Assigned Numbers Authority (IANA) is responsible for maintaining the official assignments of port numbers for specific uses.[5] However, many unofficial uses of both well-known and registered port numbers occur in practice. Contents 1 Table legend 2 Well-known ports 3 Registered ports 4 Dynamic, private or ephemeral ports 5 See also 6 References 7 External links Table legend Official: Port is registered with IANA for the application.[5] Unofficial: Port is not registered with IANA for the application. Multiple use: Multiple applications are known to use this port. Well-known ports The port numbers in the range from 0 to 1023 are the well-known ports or system ports.[6] They are used by system processes that provide widely used types of network services.
    [Show full text]
  • TCP/IP Explained
    TCP/IP Explained PHILIP MILLER DIGITAL PRESS Boston Oxford Johannesburg Melbourne New Delhi Singapore Table of Contents Preface xvii Chapter 1 - Introduction 1 1.1 What is TCP/IP? 1 1.1.1 A Brief History of TCP/IP 2 1.1.2 The Internet Protocol Suite 3 1.2 The Internet 5 1.2.1 The Growth of the Internet 6 1.3 Summary 9 Chapter 2 - Standardization 11 2.1 The Internet Architecture Board 11 2.1.1 The Internet Engineering Task Force 12 2.1.2 The Internet Research Task Force 13 2.2 Internet Protocol Standards 13 2.2.1 Protocol States 14 2.2.2 Protocol Status 16 2.2.3 The Request For Comments (RFC) 16 2.3 Internet Protocol Architecture 17 2.3.1 The Open Systems Interconnection (OSI) Model 18 2.3.2 The OSI Model and LANs 20 2.3.3 The Internet Protocol Suite Model 23 2.4 A Comparison of Major Architectures 25 2.5 Summary 26 Chapter 3 - An Overview of Network Technologies and Relay Systems 27 3.1 Ethernet and IEEE 802.3 27 3.1.1 802.3 Specifications 27 3.1.2 Ethernet/802.3 Frame Structure 30 3.1.3 Ethernet/802.3 Operation 32 3.2 Token Ring 33 3.2.1 802.5 Specifications 34 3.2.2 802.5 Frame Structure 36 3.2.3 802.5 Operation 38 3.3 Fibre Distributed Data Interface (FDDI) 39 3.3.1 FDDI Specifications 41 3.3.2 FDDI Frame Structure 42 3.3.3 FDDI Operation 43 3.4 Relay Systems 43 3.4.1 Repeaters 44 3.4.2 Bridges 45 3.5 WAN Links 50 3.6 Summary 51 Chapter 4 - Internet Addressing 53 4.1 The Need for an Addressing Scheme 53 4.2 Internet Addressing 54 4.2.1 Dotted Decimal Notation 55 4.2.2 Identifying IP Addresses and Rules 56 4.2.3 Choosing the Right Addressing
    [Show full text]
  • Network Working Group J. Postel Request for Comments: 840 ISI April 1983
    Network Working Group J. Postel Request for Comments: 840 ISI April 1983 Official Protocols This RFC identifies the documents specifying the official protocols used in the Internet. Annotations identify any revisions or changes planned. To first order, the official protocols are those in the Internet Protocol Transition Workbook (IPTW) dated March 1982. There are several protocols in use that are not in the IPTW. A few of the protocols in the IPTW have been revised these are noted here. In particular, the mail protocols have been revised and issued as a volume titled "Internet Mail Protocols" dated November 1982. There is a volume of protocol related information called the Internet Protocol Implementers Guide (IPIG) dated August 1982. A few of the protocols (in particular the Telnet Options) have not been revised for many years, these are found in the old ARPANET Protocol Handbook (APH) dated January 1978. This document is organized as a sketchy outline. The entries are protocols (e.g., Transmission Control Protocol). In each entry there are notes on status, specification, comments, other references, dependencies, and contact. The status is one of: required, recommended, elective, or experimental. The specification identifies the protocol defining documents. The comments describe any differences from the specification or problems with the protocol. The other references identify documents that comment on or expand on the protocol. The dependencies indicate what other protocols are called upon by this protocol. The contact indicates a person
    [Show full text]
  • ECHO Through EXEC
    ECHO through EXEC • ECHO, page 3 • EDONKEY-STATIC, page 4 • EDONKEY, page 5 • EGP, page 6 • EIGRP, page 7 • ELCSD, page 8 • EMBL-NDT, page 9 • EMCON, page 10 • EMFIS-CNTL, page 11 • EMFIS-DATA, page 12 • ENCAP, page 13 • ENCRYPTED-BITTORRENT, page 14 • ENCRYPTED-EMULE, page 15 • ENTOMB, page 16 • ENTRUST-AAAS, page 17 • ENTRUST-AAMS, page 18 • ENTRUST-ASH, page 19 • ENTRUST-KMSH, page 20 • ENTRUST-SPS, page 21 • EPMAP, page 22 • ERPC, page 23 • ESCP-IP, page 24 • ESIGNAL, page 25 • ESPN-BROWSING, page 26 NBAR2 Protocol Pack 7.0.0 1 ECHO through EXEC • ESPN-VIDEO, page 27 • ESRO-EMSDP, page 28 • ESRO-GEN, page 29 • ETHERIP, page 30 • EUDORA-SET, page 31 • EXCHANGE, page 32 • EXEC, page 33 NBAR2 Protocol Pack 7.0.0 2 ECHO through EXEC ECHO ECHO Name/CLI Keyword echo Full Name Echo Protocol Description Echo is a protocol that is used for debugging and measurement. It works by sending back all the data that was received from the source. The protocol works on TCP and UDP, typically on port 7. Reference http://www.faqs.org/rfcs/rfc862.html Global ID L4:7 ID 101 Known Mappings UDP Port 7 TCP Port 7 IP Protocol - IP Version IPv4 Support Yes IPv6 Support Yes Application Group other Category net-admin Sub Category network-management P2P Technology No Encrypted No Tunnel No Underlying Protocols - NBAR2 Protocol Pack 7.0.0 3 ECHO through EXEC EDONKEY-STATIC EDONKEY-STATIC Name/CLI Keyword edonkey-static Full Name eDonkey Description eDonkey is peer-to-peer file sharing adopted to share large files.
    [Show full text]
  • VPN Ipsec Tunnels with Cisco ASA/Asav VTI on Oracle Cloud Infrastructure
    Deploying VPN IPSec Tunnels with Cisco ASA/ASAv VTI on Oracle Cloud Infrastructure O R A C L E SOLUTION GUIDE | M A R C H 2 0 1 8 | VERSION 1.1 Table of Contents Overview 4 Scope and Assumptions 4 VPN IPSec Tunnel Concepts 5 CPE Configuration 5 General Requirements for Connecting to the Oracle Cloud Infrastructure DRG via IPSec 6 Establish the IKE Security Association Using Pre-Shared Keys 6 Establish the IPSec Security Association 6 Use AES 256-Bit Encryption 6 Use the SHA-1 or SHA-256 Hashing Function 6 Use Diffie-Hellman with Perfect Forward Secrecy 7 IPSec Dead Peer Detection 7 Bind Tunnel to Logical Interface (Route-Based VPN) 7 Fragment IP Packets Before Encryption 8 Recommendations for TCP Maximum Segment Size and DF Flags 8 Data Lifetime Rekey Interval 9 VPN IPSec Tunnels on Oracle Cloud Infrastructure 9 Key Components of VPN IPSec Tunnels on OCI 10 Access Requirements for VPN IPSec Tunnels Configuration 13 Configure the VPN IPSec 14 Step 1: Create a VCN 15 Step 2: Create the DRG 16 Step 3: Attach the DRG to the VCN 17 Step 4: Modify the Default Route Table for the VCN 17 Step 6: Edit the Default Security List for the Subnet 18 2 | DEPLOYING VPN IPSEC TUNNELS WITH CISCO ASA/ASAV VTI ON ORACLE CLOUD INFRASTRUCTURE Step 7: Create a Subnet 19 Step 8: Create a CPE Object 21 Step 9: Create an IPSec Tunnel Between the DRG and CPE 22 Step 10: Verify the IPSec Tunnels 23 Summary 24 Configure the ASA/ASAv On-Premises Device 25 Step 1: Note All the Values Used in the ASA/ASAv Configuration 25 Step 2: Configure the IKE and IPSec Policy and IPSec Profile 26 Step 3: Set Up Some IPSec and Tunnel Friendly Parameters 27 Step 4: Configure the Tunnel Group 28 Step 5: Configure the VTI 28 Step 6: Configure the Static Routes 29 Step 7: Verify That the Tunnels Are Up on Oracle Cloud Infrastructure 31 Sample ASA/ASAv Configuration File from this Document 31 Conclusion 33 3 | DEPLOYING VPN IPSEC TUNNELS WITH CISCO ASA/ASAV VTI ON ORACLE CLOUD INFRASTRUCTURE Overview This guide provides step-by-step instructions for configuring VPN IPSec tunnels on Oracle Cloud Infrastructure.
    [Show full text]
  • Official 2 TCP UDP Compr
    Port TCP UDP Description Status 0 UDP Reserved Official 1 TCP UDP TCP Port Service Multiplexer (TCPMUX) Official 2 TCP UDP CompressNET[2] Management Utility[3] Official 3 TCP UDP CompressNET[2] Compression Process[4] Official 4 TCP UDP Unassigned Official 5 TCP UDP Remote Job Entry Official 7 TCP UDP Echo Protocol Official 8 TCP UDP Unassigned Official 9 TCP UDP Discard Protocol Official 9 UDP Wake-on-LAN Unofficial 10 TCP UDP Unassigned Official 11 TCP UDP Active Users (systat service)[5][6] Official 12 TCP UDP Unassigned Official 13 TCP UDP Daytime Protocol (RFC 867) Official 14 TCP UDP Unassigned Official 15 TCP UDP Previously netstat service[5] Unofficial 16 TCP UDP Unassigned Official 17 TCP UDP Quote of the Day Official 18 TCP UDP Message Send Protocol Official 19 TCP UDP Character Generator Protocol (CHARGEN) Official 20 TCP UDP FTP data transfer Official 21 TCP FTP control (command) Official 22 TCP UDP Secure Shell (SSH) — used for secure logins, file Officialtransfers (scp, sftp) and port forwarding 23 TCP UDP Telnet protocol—unencrypted text communicationsOfficial 24 TCP UDP Priv-mail : any private mail system. Official 25 TCP Simple Mail Transfer Protocol (SMTP)—used forOfficial e-mail routing between mail servers 26 TCP UDP Unassigned Official 27 TCP UDP NSW User System FE Official 29 TCP UDP MSG ICP Official 33 TCP UDP Display Support Protocol Official 35 TCP UDP Any private printer server protocol Official 37 TCP UDP TIME protocol Official 39 TCP UDP Resource Location Protocol*7+ (RLP)—used for determiningOfficial the location
    [Show full text]
  • The Definitive Guide to HTML5 Websocket // Example Websocket Server
    For your convenience Apress has placed some of the front matter material after the index. Please use the Bookmarks and Contents at a Glance links to access them. Contents at a Glance Foreword ���������������������������������������������������������������������������������������� xiii About the Authors ���������������������������������������������������������������������������� xv About the Technical Reviewer ������������������������������������������������������� xvii Acknowledgments �������������������������������������������������������������������������� xix ■ Chapter 1: Introduction to HTML5 WebSocket �������������������������������� 1 ■ Chapter 2: The WebSocket API ����������������������������������������������������� 13 ■ Chapter 3: The WebSocket Protocol ��������������������������������������������� 33 ■ Chapter 4: Building Instant Messaging and Chat over WebSocket with XMPP ��������������������������������������������������������� 61 ■ Chapter 5: Using Messaging over WebSocket with STOMP ���������� 85 ■ Chapter 6: VNC with the Remote Framebuffer Protocol ������������� 109 ■ Chapter 7: WebSocket Security �������������������������������������������������� 129 ■ Chapter 8: Deployment Considerations �������������������������������������� 149 ■ Appendix A: Inspecting WebSocket Traffic ��������������������������������� 163 ■ Appendix B: WebSocket Resources �������������������������������������������� 177 Index ���������������������������������������������������������������������������������������������� 183 v CHAPTER 1 Introduction
    [Show full text]
  • Scalable Remote Measurement of Application-Layer Censorship
    Quack: Scalable Remote Measurement of Application-Layer Censorship Benjamin VanderSloot, Allison McDonald, Will Scott, J. Alex Halderman, and Roya Ensafi University of Michigan {benvds, amcdon, willscott, jhalderm, ensafi}@umich.edu Abstract under repressive or secretive government controls, coop- erating with security researchers has substantial risks. Remote censorship measurement tools can now detect An emerging body of work addresses these problems DNS- and IP-based blocking at global scale. However, by using existing protocols and infrastructure to remotely a major unmonitored form of interference is blocking measure network interference. Such approaches have triggered by deep packet inspection of application-layer been effective in measuring DNS poisoning [35,41] and data. We close this gap by introducing Quack, a scalable, for detecting interference in TCP/IP-connectivity between remote measurement system that can efficiently detect remote machines [17,34]. There has not yet been a global, application-layer interference. remote method for detecting another broadly deployed We show that Quack can effectively detect application- censorship technique: application-layer censorship. layer blocking triggered on HTTP and TLS headers, and Application-layer censorship has become increasingly it is flexible enough to support many other diverse pro- important with the rise of content delivery networks tocols. In experiments, we test for blocking across 4458 (CDNs). CDNs use a small number of network entry- autonomous systems, an order of magnitude larger than points for a large number of customers, resulting in siz- provided by country probes used by OONI over a one able collateral damage to IP-based blocking techniques. week span. We also test a corpus of 100,000 keywords When an adversary wishes to block some, but not all, of from vantage points in 40 countries to produce detailed these sites, they must look into the content of requests national blocklists.
    [Show full text]
  • Implementing Host Services and Applications
    Implementing Host Services and Applications Cisco IOS XR software Host Services and Applications features on the router are used primarily for checking network connectivity and the route a packet follows to reach a destination, mapping a hostname to an IP address or an IP address to a hostname, and transferring files between routers and UNIX workstations. Note For a complete description of host services and applications commands listed in this module, refer to the Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Command Reference publication. Feature History for Implementing Host Services and Applications Release Modification Release This feature was introduced. 3.7.2 • Prerequisites for Implementing Host Services and Applications , on page 1 • Information About Implementing Host Services and Applications , on page 2 • How to Implement Host Services and Applications , on page 5 • Configuring syslog source-interface, on page 14 • IPv6 Support for IP SLA ICMP Echo Operation, on page 15 • Configuration Examples for Implementing Host Services and Applications , on page 17 • Additional References, on page 19 Prerequisites for Implementing Host Services and Applications The following prerequisites are required to implement Cisco IOS XR software Host Services and applications • You must be in a user group associated with a task group that includes the proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command,
    [Show full text]
  • Configuring IP Slas UDP Echo Operations
    Configuring IP SLAs UDP Echo Operations This module describes how to configure an IP Service Level Agreements (SLAs) User Datagram Protocol (UDP) Echo operation to monitor end-to-end response time between a Cisco device and devices using IPv4 or IPv6. UDP echo accuracy is enhanced by using the Cisco IP SLAs Responder at the destination Cisco device. This module also demonstrates how the results of the UDP echo operation can be displayed and analyzed to determine how a UDP application is performing. • Finding Feature Information, page 1 • Restrictions for IP SLAs UDP Echo Operations, page 1 • Information About IP SLAs UDP Echo Operations, page 2 • How to Configure IP SLAs UDP Echo Operations, page 3 • Configuration Examples for IP SLAs UDP Echo Operations, page 12 • Additional References, page 12 • Feature Information for the IP SLAs UDP Echo Operation, page 13 Finding Feature Information Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table. Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required. Restrictions for IP SLAs UDP Echo Operations We recommend using a Cisco networking device as the destination device, although any networking device that supports RFC 862, Echo Protocol , can be used.
    [Show full text]