480 research outputs found
Impact of denial of service solutions on network quality of service
The Internet has become a universal communication network tool. It has evolved from a platform that supports best-effort traffic to one that now carries different traffic types including those involving continuous media with quality of service (QoS) requirements. As more services are delivered over the Internet, we face increasing risk to their availability given that malicious attacks on those Internet services continue to increase. Several networks have witnessed denial of service (DoS) and distributed denial of service (DDoS) attacks over the past few years which have disrupted QoS of network services, thereby violating the Service Level Agreement (SLA) between the client and the Internet Service Provider (ISP). Hence DoS or DDoS attacks are major threats to network QoS. In this paper we survey techniques and solutions that have been deployed to thwart DoS and DDoS attacks and we evaluate them in terms of their impact on network QoS for Internet services. We also present vulnerabilities that can be exploited for QoS protocols and also affect QoS if exploited. In addition, we also highlight challenges that still need to be addressed to achieve end-to-end QoS with recently proposed DoS/DDoS solutions
Recommended from our members
Traffic engineering multi-layer optimization for wireless mesh network transmission a campus network routing protocol transmission performance inhancement
This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel UniversityThe wireless mesh network is a potential network for the future due to its excellent inherent characteristic for dynamic self-healing, self-configuration and self-organization. It also has the advantage of easy interoperability networking and the ability to form multi-linked ad-hoc networks. It has a decentralized topology, is cheap and highly scalable. Furthermore, its ease in deployment and easy maintenance are other inherent networking qualities. These aforementioned qualities of the wireless mesh network bring advantages to transmission capability of heterogeneous networks. However, transmissions in wireless mesh network create comparative performance based challenges such as congestion, load-balancing, scalability over increasing networks and coverage capacity. Consequently, these challenges and problems in the routing and switching of packets in the wireless mesh network routing protocols led to a proposal on the resolution of these failures with a combination algorithm and a management based security for the network and its transmitted packets. There are equally contentious services like reliability of the network and quality of service for real-time multimedia traffic flows with other challenges such as path computation and selection in the wireless mesh network.
This thesis is therefore a cumulative proposal to the resolution of the outlined challenges and open research areas posed by using wireless mesh network routing protocol. It advances the resolution of these challenges in the mesh environment using a hybrid optimization â traffic engineering, to increase the effectiveness and the reliability of the network. It also proffers a cumulative resolution of the diverse contributions on wireless mesh network routing protocol and transmission. Adaptation and optimization are carried out on the wireless mesh network designed network using traffic engineering mechanism and technique. The research examines the patterns of mesh packet transmission and evaluates the challenges and failures in the mesh network packet transmission. It develops a solution based algorithm for resolutions and proposes the traffic engineering based solution.. These resultant performances and analysis are usually tested and compared over wireless mesh IEEE802.11n or other older proposed documented solution.
This thesis used a carefully designed campus mesh network to show a comparative evaluation of an optimal performance of the mesh nodes and routers over a normal IEE802.11n based wireless domain network to show differentiation by optimization using the created algorithms. Furthermore, the indexes of performance being the metric are used to measure the utility and the reliability, including capacity and throughput at the destination during traffic engineered transmission. In addition, the security of these transmitted data and packets are optimized under a traffic engineered technique. Finally, this thesis offers an understanding to the security contribution using traffic engineering resolution to create a management algorithm for processing and computation of the wireless mesh networks security needs. The results of this thesis confirmed, completed and extended the existing predictions with real measurement
Designing and optimization of VOIP PBX infrastructure
In the recent decade, communication has stirred from the old wired medium such as public
switched telephone network (PSTN) to the Internet. Present, Voice over Internet Protocol (VoIP) Technology used for communication on internet by means of packet switching technique. Several years ago, an internet protocol (IP) based organism was launched, which is known as Private Branch Exchange "PBX", as a substitute of common PSTN systems. For free communication, probably you must have to be pleased with starting of domestic calls.
Although, fairly in few cases, VoIP services can considerably condense our periodical phone
bills. For instance, if someone makes frequent global phone calls, VoIP talk service is the
actual savings treat which cannot achieve by using regular switched phone. VoIP talk services strength help to trim down your phone bills if you deal with a lot of long-distance (international) and as well as domestic phone calls. However, with the VoIP success, threats and challenges also stay behind. In this dissertation, by penetration testing one will know that how to find network vulnerabilities how to attack them to exploit the network for unhealthy activities and also will know about some security techniques to secure a network. And the results will be achieved by penetration testing will indicate of proven of artefact and would be helpful to enhance the level of network security to build a more secure network in future
Performance evaluation of HIP-based network security solutions
Abstract. Host Identity Protocol (HIP) is a networking technology that systematically separates the identifier and locator roles of IP addresses and introduces a Host Identity (HI) name space based on a public key security infrastructure. This modification offers a series of benefits such as mobility, multi-homing, end-to-end security, signaling, control/data plane separation, firewall security, e.t.c. Although HIP has not yet been sufficiently applied in mainstream communication networks, industry experts foresee its potential as an integral part of next generation networks.
HIP can be used in various HIP-aware applications as well as in traditional IP-address-based applications and networking technologies, taking middle boxes into account. One of such applications is in Virtual Private LAN Service (VPLS), VPLS is a widely used method of providing Ethernet-based Virtual Private Network that supports the connection of geographically separated sites into a single bridged domain over an IP/MPLS network. The popularity of VPLS among commercial and defense organizations underscores the need for robust security features to protect both data and control information.
After investigating the different approaches to HIP, a real world testbed is implemented. Two experiment scenarios were evaluated, one is performed on two open source Linux-based HIP implementations (HIPL and OpenHIP) and the other on two sets of enterprise equipment from two different companies (Tempered Networks and Byres Security). To account for a heterogeneous mix of network types, the Open source HIP implementations were evaluated on different network environments, namely Local Area Network (LAN), Wireless LAN (WLAN), and Wide Area Network (WAN). Each scenario is tested and evaluated for performance in terms of throughput, latency, and jitter.
The measurement results confirmed the assumption that no single solution is optimal in all considered aspects and scenarios. For instance, in the open source implementations, the performance penalty of security on TCP throughput for WLAN scenario is less in HIPL than in OpenHIP, while for WAN scenario the reverse is the case. A similar outcome is observed for the UDP throughput. However, on latency, HIPL showed lower latency for all three network test scenarios. For the legacy equipment experiment, the penalty of security on TCP throughput is about 19% compared with the non-secure scenario while latency is increased by about 87%. This work therefore provides viable information for researchers and decision makers on the optimal solution to securing their VPNs based on the application scenarios and the potential performance penalties that come with each approach.HIP-pohjaisten tietoliikenneverkkojen turvallisuusratkaisujen suorituskyvyn arviointi. TiivistelmÀ. Koneen identiteettiprotokolla (HIP, Host Identity Protocol) on tietoliikenneverkkoteknologia, joka kÀyttÀÀ erillistÀ kerrosta kuljetusprotokollan ja Internet-protokollan (IP) vÀlissÀ TCP/IP-protokollapinossa. HIP erottaa systemaattisesti IP-osoitteen verkko- ja laite-osat, sekÀ kÀyttÀÀ koneen identiteetti (HI) -osaa perustuen julkisen avainnuksen turvallisuusrakenteeseen. TÀmÀn hyötyjÀ ovat esimerkiksi mobiliteetti, moniliittyminen, pÀÀstÀ pÀÀhÀn (end-to-end) turvallisuus, kontrolli-informaation ja datan erottelu, kohtaaminen, osoitteenmuutos sekÀ palomuurin turvallisuus. Teollisuudessa HIP-protokolla nÀhdÀÀn osana seuraavan sukupolven tietoliikenneverkkoja, vaikka se ei vielÀ olekaan yleistynyt laajaan kaupalliseen kÀyttöön.
HIPâprotokollaa voidaan kĂ€yttÀÀ paitsi erilaisissa HIP-tietoisissa, myös perinteisissĂ€ IP-osoitteeseen perustuvissa sovelluksissa ja verkkoteknologioissa. ErĂ€s tĂ€llainen sovellus on virtuaalinen LAN-erillisverkko (VPLS), joka on laajasti kĂ€ytössĂ€ oleva menetelmĂ€ Ethernet-pohjaisen, erillisten yksikköjen ja yhden sillan vĂ€listĂ€ yhteyttĂ€ tukevan, virtuaalisen erillisverkon luomiseen IP/MPLS-verkon yli. VPLS:n yleisyys sekĂ€ kaupallisissa- ettĂ€ puolustusorganisaatioissa korostaa vastustuskykyisten turvallisuusominaisuuksien tarpeellisuutta tiedon ja kontrolliinformaation suojauksessa.
TÀssÀ työssÀ tutkitaan aluksi HIP-protokollan erilaisia lÀhestymistapoja. Teoreettisen tarkastelun jÀlkeen kÀytÀnnön testejÀ suoritetaan itse rakennetulla testipenkillÀ. Tarkasteltavat skenaariot ovat verrata Linux-pohjaisia avoimen lÀhdekoodin HIP-implementaatioita (HIPL ja OpenHIP) sekÀ verrata kahden eri valmistajan laitteita (Tempered Networks ja Byres Security). HIP-implementaatiot arvioidaan eri verkkoympÀristöissÀ, jota ovat LAN, WLAN sekÀ WAN. Kaikki testatut tapaukset arvioidaan tiedonsiirtonopeuden, sen vaihtelun (jitter) sekÀ latenssin perusteella.
Mittaustulokset osoittavat, ettÀ sama ratkaisu ei ole optimaalinen kaikissa tarkastelluissa tapauksissa. Esimerkiksi WLAN-verkkoa kÀytettÀessÀ turvallisuuden aiheuttama hÀviö tiedonsiirtonopeudessa on HIPL:n tapauksessa OpenHIP:iÀ pirnempi, kun taas WAN-verkon tapauksessa tilanne on toisinpÀin. Samanlaista kÀyttÀytymistÀ havaitaan myös UDP-tiedonsiirtonopeudessa. HIPL antaa kuitenkin pienimmÀn latenssin kaikissa testiskenaarioissa. Eri valmistajien laitteita vertailtaessa huomataan, ettÀ TCP-tiedonsiirtonopeus huononee 19 ja latenssi 87 prosenttia verrattuna tapaukseen, jossa turvallisuusratkaisua ei kÀytetÀ. NÀin ollen tÀmÀn työn tuottama tÀrkeÀ tieto voi auttaa alan toimijoita optimaalisen verkkoturvallisuusratkaisun löytÀmisessÀ VPN-pohjaisiin sovelluksiin
Optimization of BGP Convergence and Prefix Security in IP/MPLS Networks
Multi-Protocol Label Switching-based networks are the backbone of the operation of the Internet, that communicates through the use of the Border Gateway Protocol which connects distinct networks, referred to as Autonomous Systems, together. As the technology matures, so does the challenges caused by the extreme growth rate of the Internet. The amount of BGP prefixes required to facilitate such an increase in connectivity introduces multiple new critical issues, such as with the scalability and the security of the aforementioned Border Gateway Protocol.
Illustration of an implementation of an IP/MPLS core transmission network is formed through the introduction of the four main pillars of an Autonomous System: Multi-Protocol Label Switching, Border Gateway Protocol, Open Shortest Path First and the Resource Reservation Protocol. The symbiosis of these technologies is used to introduce the practicalities of operating an IP/MPLS-based ISP network with traffic engineering and fault-resilience at heart.
The first research objective of this thesis is to determine whether the deployment of a new BGP feature, which is referred to as BGP Prefix Independent Convergence (PIC), within AS16086 would be a worthwhile endeavour. This BGP extension aims to reduce the convergence delay of BGP Prefixes inside of an IP/MPLS Core Transmission Network, thus improving the networks resilience against faults.
Simultaneously, the second research objective was to research the available mechanisms considering the protection of BGP Prefixes, such as with the implementation of the Resource Public Key Infrastructure and the Artemis BGP Monitor for proactive and reactive security of BGP prefixes within AS16086.
The future prospective deployment of BGPsec is discussed to form an outlook to the future of IP/MPLS network design. As the trust-based nature of BGP as a protocol has become a distinct vulnerability, thus necessitating the use of various technologies to secure the communications between the Autonomous Systems that form the network to end all networks, the Internet
Wireless Efficiency Versus Net Neutrality
Symposium: Rough Consensus and Running Code: Integrating Engineering Principles into Internet Policy Debates, held at the University of Pennsylvania\u27s Center for Technology Innovation and Competition on May 6-7, 2010.
This Article first addresses congestion and congestion control in the Internet. It shows how congestion control has always depended upon altruistic behavior by end users. Equipment failures, malicious acts, or abandonment of altruistic behavior can lead to severe congestion within the Internet. Consumers benefit when network operators are able to control such congestion. One tool for controlling such congestion is giving higher priority to some applications, such as telephone calls, and giving lower priority or blocking other applications, such as file sharing. The Article then turns to wireless networks and shows that in addition to congestion issues, priority routing in wireless can make available capacity that would otherwise go unused. Wireless systems that are aware of the application being carried in each packet can deliver more value to consumers than can dumb networks that treat all packets identically. Handsets are both complements to and substitutes for the network infrastructure of wireless networks and any analysis of handset bundling should consider this complementarity. Next, the Article reviews analogous issues in electrical power and satellite communications and shows how various forms of priority are used to increase the total value delivered to consumers by these systems. Finally, the Article observes that regulations that prohibit priority routing of packets and flows on the Internet will create incentives to operate multiple networks
Hybrid SDN Evolution: A Comprehensive Survey of the State-of-the-Art
Software-Defined Networking (SDN) is an evolutionary networking paradigm
which has been adopted by large network and cloud providers, among which are
Tech Giants. However, embracing a new and futuristic paradigm as an alternative
to well-established and mature legacy networking paradigm requires a lot of
time along with considerable financial resources and technical expertise.
Consequently, many enterprises can not afford it. A compromise solution then is
a hybrid networking environment (a.k.a. Hybrid SDN (hSDN)) in which SDN
functionalities are leveraged while existing traditional network
infrastructures are acknowledged. Recently, hSDN has been seen as a viable
networking solution for a diverse range of businesses and organizations.
Accordingly, the body of literature on hSDN research has improved remarkably.
On this account, we present this paper as a comprehensive state-of-the-art
survey which expands upon hSDN from many different perspectives
- âŠ