Desarrollo de un 'sniffer' para la generación de listas blancas para Snort

El objetivo de nuestro proyecto es el de contribuir con una nueva herramienta en el campo de la "Detección y Prevención" de ataques a la seguridad de Sistemas de Información en el entorno industrial. Para esto, el software sobre el que he estado trabajando, realizará un estudio estadístico de las tramas que transmiten información y señales de control entre dispositivos electrónicos que conforman segmentos de red en sistemas de entorno industrial. El "sniffer" que aquí presento, va algo mas allá con respecto a los analizadores de paquetes que ya conocemos (Ethereal, Wireshark...). Es capaz de extraer los campos de interés que caracterizan un conexión entre dichos dispositivos, almacenar estos datos en estructuras de almacenamiento dínámicas para datos adaptadas para este propósito, llegando a realizar una completa descripción del tráfico observado; para. Para posteriormente, con dicha información, realizar "listas blancas" (comportamiento permitido), las cuales serán utlizadas por el Detector de Intrusiones de software libre conocido como Snort. Además, nuestra herramienta, será capaz de interactuar con el sistema de ficheros de Snort. Utilizando las alternativas que los Sistemas Operativos Linux nos brindan a través de script. Somos de este modo capaces de automatizar el intercambio de archivos tanto de información como de configuración entre componentes software, facilitando en definitiva la labor de un admisnistrador de red

IP and ATM integration: A New paradigm in multi-service internetworking

ATM is a widespread technology adopted by many to support advanced data communication, in particular efficient Internet services provision. The expected challenges of multimedia communication together with the increasing massive utilization of IP-based applications urgently require redesign of networking solutions in terms of both new functionalities and enhanced performance. However, the networking context is affected by so many changes, and to some extent chaotic growth, that any approach based on a structured and complex top-down architecture is unlikely to be applicable. Instead, an approach based on finding out the best match between realistic service requirements and the pragmatic, intelligent use of technical opportunities made available by the product market seems more appropriate. By following this approach, innovations and improvements can be introduced at different times, not necessarily complying with each other according to a coherent overall design. With the aim of pursuing feasible innovations in the different networking aspects, we look at both IP and ATM internetworking in order to investigating a few of the most crucial topics/ issues related to the IP and ATM integration perspective. This research would also address various means of internetworking the Internet Protocol (IP) and Asynchronous Transfer Mode (ATM) with an objective of identifying the best possible means of delivering Quality of Service (QoS) requirements for multi-service applications, exploiting the meritorious features that IP and ATM have to offer. Although IP and ATM often have been viewed as competitors, their complementary strengths and limitations from a natural alliance that combines the best aspects of both the technologies. For instance, one limitation of ATM networks has been the relatively large gap between the speed of the network paths and the control operations needed to configure those data paths to meet changing user needs. IP\u27s greatest strength, on the other hand, is the inherent flexibility and its capacity to adapt rapidly to changing conditions. These complementary strengths and limitations make it natural to combine IP with ATM to obtain the best that each has to offer. Over time many models and architectures have evolved for IP/ATM internetworking and they have impacted the fundamental thinking in internetworking IP and ATM. These technologies, architectures, models and implementations will be reviewed in greater detail in addressing possible issues in integrating these architectures s in a multi-service, enterprise network. The objective being to make recommendations as to the best means of interworking the two in exploiting the salient features of one another to provide a faster, reliable, scalable, robust, QoS aware network in the most economical manner. How IP will be carried over ATM when a commercial worldwide ATM network is deployed is not addressed and the details of such a network still remain in a state of flux to specify anything concrete. Our research findings culminated with a strong recommendation that the best model to adopt, in light of the impending integrated service requirements of future multi-service environments, is an ATM core with IP at the edges to realize the best of both technologies in delivering QoS guarantees in a seamless manner to any node in the enterprise

A Look Back at "Security Problems in the TCP/IP Protocol Suite"

About fifteen years ago, I wrote a paper on security problems in the TCP/IP protocol suite. In particular, I focused on protocol-level issues, rather than implementation flaws. It is instructive to look back at that paper, to see where my focus and my predictions were accurate, where I was wrong, and where dangers have yet to happen. This is a reprint of the original paper, with added commentary

Implementation of IEC 61850 in Solar Applications

IEC 61850 has become one of the core technologies in the substation automation due its high-speed reliable operation Ethernet-based communication with a high security. Its reliability and performance makes a significant contribution to a fail-safe substation operation. IEC 61850 also allows both vertical and horizontal communications in the substation automation. Main characteristic of IEC 61850 is the use of GOOSE messages. All communication services run parallel via one LAN connection and the same GOOSE message can be broadcasted to several IEDs in once. This results in less wiring and faster data exchange between applications. Moreover, one of the core features of IEC 61850 is the interoperability between IEDs from different vendors. The separation of communication and data model allows to reliably retaining engineering data for a long time even if when upgrading or changing the system. IEC publishes updated documentations every while and add new parts to the standard due to the rabidly increase of IEC 61850 applications demand. As the market of solar applications has been increasing last few years, hence, the needs of new technologies to be implemented in solar applications is increasing as well. This thesis beside several other current researches nowadays is investigating the implementation of IEC 61850 in solar applications. The thesis outlines the current needs of solar applications by collecting statistical data using two surveys then concludes the implementation requirement. In the end of the research, IEC 61850 Data sets and current used parameters by Vacon were compared, and simulation example of photovoltaic array is given to conclude the benefits of using IEC 61850 in solar systems.fi=Opinnäytetyö kokotekstinä PDF-muodossa.|en=Thesis fulltext in PDF format.|sv=Lärdomsprov tillgängligt som fulltext i PDF-format

A survey of Virtual Private LAN Services (VPLS): Past, present and future

Virtual Private LAN services (VPLS) is a Layer 2 Virtual Private Network (L2VPN) service that has gained immense popularity due to a number of its features, such as protocol independence, multipoint-to-multipoint mesh connectivity, robust security, low operational cost (in terms of optimal resource utilization), and high scalability. In addition to the traditional VPLS architectures, novel VPLS solutions have been designed leveraging new emerging paradigms, such as Software Defined Networking (SDN) and Network Function Virtualization (NFV), to keep up with the increasing demand. These emerging solutions help in enhancing scalability, strengthening security, and optimizing resource utilization. This paper aims to conduct an in-depth survey of various VPLS architectures and highlight different characteristics through insightful comparisons. Moreover, the article discusses numerous technical aspects such as security, scalability, compatibility, tunnel management, operational issues, and complexity, along with the lessons learned. Finally, the paper outlines future research directions related to VPLS. To the best of our knowledge, this paper is the first to furnish a detailed survey of VPLS.University College DublinAcademy of Finlan

THE APPLICATION OF REAL-TIME SOFTWARE IN THE IMPLEMENTATION OF LOW-COST SATELLITE RETURN LINKS

Digital Signal Processors (DSPs) have evolved to a level where it is feasible for digital modems with relatively low data rates to be implemented entirely with software algorithms. With current technology it is still necessary for analogue processing between the RF input and a low frequency IF but, as DSP technology advances, it will become possible to shift the interface between analogue and digital domains ever closer towards the RF input. The software radio concept is a long-term goal which aims to realise software-based digital modems which are completely flexible in terms of operating frequency, bandwidth, modulation format and source coding. The ideal software radio cannot be realised until DSP, Analogue to Digital (A/D) and Digital to Analogue (D/A) technology has advanced sufficiently. Until these advances have been made, it is often necessary to sacrifice optimum performance in order to achieve real-time operation. This Thesis investigates practical real-time algorithms for carrier frequency synchronisation, symbol timing synchronisation, modulation, demodulation and FEC. Included in this work are novel software-based transceivers for continuous-mode transmission, burst-mode transmission, frequency modulation, phase modulation and orthogonal frequency division multiplexing (OFDM). Ideal applications for this work combine the requirement for flexible baseband signal processing and a relatively low data rate. Suitable applications for this work were identified in low-cost satellite return links, and specifically in asymmetric satellite Internet delivery systems. These systems employ a high-speed (>>2Mbps) DVB channel from service provider to customer and a low-cost, low-speed (32-128 kbps) return channel. This Thesis also discusses asymmetric satellite Internet delivery systems, practical considerations for their implementation and the techniques that are required to map TCP/IP traffic to low-cost satellite return links

IPv6 – Integração, Transição e Segurança

Ao longo dos anos a Internet tornou-se uma ferramenta fundamental para a sociedade e, nos dias de hoje, é praticamente inevitável não usufruir de algumas facilidades proporcionadas pela rede mundial. Devido à sua massificação nos últimos anos, os endereços de IP disponíveis esgotaram-se, pelo que tornou-se necessário a elaboração de uma nova versão do protocolo comunicação, utilizado para suportar todas as comunicações na Internet, o Internet Protocol, versão 6 (IPv6). Apesar da ampla utilização da Internet, a maioria dos seus utilizadores está completamente alheia às questões de segurança, estando por isso exposta a uma diversidade de perigos. O aumento da segurança é também uma das principais missões do IPv6, tendo-se introduzido alguns mecanismos de segurança relevantes. Este trabalho tem como objetivo estudar o IPv6, focando-se especialmente em questões relacionadas com os mecanismos de transição do IPv4 para IPv6 e em aspetos de segurança. Proporcionando uma abordagem teórica ao protocolo e aos conceitos de segurança, este documento apresenta também uma perspetiva mais técnica da implementação do IPv6, pretendendo ser um manual de apoio aos responsáveis pela implementação da versão 6 do IP. Os três métodos de transição, que permitem a atualização do IPv4 para IPv6, são analisados de forma a apoiar a equipa na tomada de decisão sobre qual (ou quais) os métodos de transição a utilizar. Uma parte substancial do trabalho foi dedicada à seleção e estudo de vulnerabilidades que se encontram presentes no IPv6, a forma como são exploradas por parte do atacante, a forma como podem ser classificadas e os processos que diminuem o risco de exposição a essas mesmas vulnerabilidades. Um conjunto de boas práticas na administração da segurança de redes é também apresentada, para melhorar a garantia de que problemas conhecidos não possam ser explorados por utilizadores mal intencionados.The Internet is a quite important tool, and nowadays it is almost impossible to go about our ordinary lives without using some of its functionalities. However, due to its widespread use, the available IP addresses are becoming scarce. This fact triggered the design of a new version of the Internet Protocol (IP), named IPv6. Despite the Internet’s pervasiveness, most of its users remain unaware of its security issues, becoming exposed to an array of dangers. Importantly, one of IPv6’s objectives is to address these by including a set of important security features. The objective of this dissertation is to explore the transition from the IPv4 to IPv6 and to address relevant security aspects related to the implementation of IPv6. We carry out a theoretical overview of the IPv6 protocol concerning its implementation and security related aspects, providing a reference guide aimed at network administrators. In this line, we also analyze the three IPv4 to IPv6 transition methods, to support the networks administrator’s decision and ease the transition process. Focusing on network security, we built a catalogue of known vulnerabilities of IPv6, present information about how they can be explored, look into solutions to mitigate them, along with the proposal of several good security practices

Air Traffic Management Abbreviation Compendium

As in all fields of work, an unmanageable number of abbreviations are used today in aviation for terms, definitions, commands, standards and technical descriptions. This applies in general to the areas of aeronautical communication, navigation and surveillance, cockpit and air traffic control working positions, passenger and cargo transport, and all other areas of flight planning, organization and guidance. In addition, many abbreviations are used more than once or have different meanings in different languages. In order to obtain an overview of the most common abbreviations used in air traffic management, organizations like EUROCONTROL, FAA, DWD and DLR have published lists of abbreviations in the past, which have also been enclosed in this document. In addition, abbreviations from some larger international projects related to aviation have been included to provide users with a directory as complete as possible. This means that the second edition of the Air Traffic Management Abbreviation Compendium includes now around 16,500 abbreviations and acronyms from the field of aviation