901 research outputs found
IP and ATM - a position paper
This paper gives a technical overview of different networking technologies, such as the Internet, ATM. It describes different approaches of how to run IP on top of an ATM network, and assesses their potential to be used as an integrated services network
IPv6: a new security challenge
Tese de mestrado em Segurança Informática, apresentada à Universidade de Lisboa, através da Faculdade de Ciências, 2011O Protocolo de Internet versão 6 (IPv6) foi desenvolvido com o intuito de resolver alguns dos problemas não endereçados pelo seu antecessor, o Protocolo de Internet versão 4 (IPv4), nomeadamente questões relacionadas com segurança e com o espaço de endereçamento disponível. São muitos os que na última década têm desenvolvido estudos sobre os investimentos necessários à sua adoção e sobre qual o momento certo para que o mesmo seja adotado por todos os players no mercado. Recentemente, o problema da extinção de endereçamentos públicos a ser disponibilizado pelas diversas Region Internet registry – RIRs - despertou o conjunto de entidades envolvidas para que se agilizasse o processo de migração do IPv4 para o IPv6. Ao contrário do IPv4, esta nova versão considera a segurança como um objetivo fundamental na sua implementação, nesse sentido é recomendado o uso do protocolo IPsec ao nível da camada de rede. No entanto, e devido à imaturidade do protocolo e à complexidade que este período de transição comporta, existem inúmeras implicações de segurança que devem ser consideradas neste período de migração. O objetivo principal deste trabalho é definir um conjunto de boas práticas no âmbito da segurança na implementação do IPv6 que possa ser utilizado pelos administradores de redes de dados e pelas equipas de segurança dos diversos players no mercado. Nesta fase de transição, é de todo útil e conveniente contribuir de forma eficiente na interpretação dos pontos fortes deste novo protocolo assim como nas vulnerabilidades a ele associadas.IPv6 was developed to address the exhaustion of IPv4 addresses, but has not yet seen global deployment. Recent trends are now finally changing this picture and IPv6 is expected to take off soon. Contrary to the original, this new version of the Internet Protocol has security as a design goal, for example with its mandatory support for network layer security. However, due to the immaturity of the protocol and the complexity of the transition period, there are several security implications that have to be considered when deploying IPv6. In this project, our goal is to define a set of best practices for IPv6 Security that could be used by IT staff and network administrators within an Internet Service Provider. To this end, an assessment of some of the available security techniques for IPv6 will be made by means of a set of laboratory experiments using real equipment from an Internet Service Provider in Portugal. As the transition for IPv6 seems inevitable this work can help ISPs in understanding the threats that exist in IPv6 networks and some of the prophylactic measures available, by offering recommendations to protect internal as well as customers’ networks
IPv6 Network Mobility
Network Authentication, Authorization, and Accounting has
been used since before the days of the Internet as we know it
today. Authentication asks the question, “Who or what are
you?” Authorization asks, “What are you allowed to do?” And fi nally,
accounting wants to know, “What did you do?” These fundamental
security building blocks are being used in expanded ways today. The
fi rst part of this two-part series focused on the overall concepts of
AAA, the elements involved in AAA communications, and highlevel
approaches to achieving specifi c AAA goals. It was published in
IPJ Volume 10, No. 1[0]. This second part of the series discusses the
protocols involved, specifi c applications of AAA, and considerations
for the future of AAA
Deep Dive into the IoT Backend Ecosystem
Internet of Things (IoT) devices are becoming increasingly ubiquitous, e.g.,
at home, in enterprise environments, and in production lines. To support the
advanced functionalities of IoT devices, IoT vendors as well as service and
cloud companies operate IoT backends -- the focus of this paper. We propose a
methodology to identify and locate them by (a) compiling a list of domains used
exclusively by major IoT backend providers and (b) then identifying their
server IP addresses. We rely on multiple sources, including IoT backend
provider documentation, passive DNS data, and active scanning. For analyzing
IoT traffic patterns, we rely on passive network flows from a major European
ISP.
Our analysis focuses on the top IoT backends and unveils diverse operational
strategies -- from operating their own infrastructure to utilizing the public
cloud. We find that the majority of the top IoT backend providers are located
in multiple locations and countries. Still, a handful are located only in one
country, which could raise regulatory scrutiny as the client IoT devices are
located in other regions. Indeed, our analysis shows that up to 35% of IoT
traffic is exchanged with IoT backend servers located in other continents. We
also find that at least six of the top IoT backends rely on other IoT backend
providers. We also evaluate if cascading effects among the IoT backend
providers are possible in the event of an outage, a misconfiguration, or an
attack
- …