312 research outputs found

    Internet Accounting

    Get PDF
    This article provides an introduction to Internet accounting and discusses the status of related work within the IETF and IRTF, as well as certain research projects. Internet accounting is different from accounting in POTS. To understand Internet accounting, it is important to answer questions like "what is being paid for" and "who is being paid". With respect to the question "what is being paid for" a distinction can be made between transport accounting and content accounting. Transport accounting is interesting since techniques like DiffServ enable the provision of different quality of service classes; each class will be charged differently to avoid all users selecting the same top-level class. The interest in content accounting finds its roots in the fast growth of commercial offerings over the Internet; examples of such offerings include remote video and software distribution. The question "who is being paid" has two possible answers: the network provider or the owner of the content. The case in which the network provider issues the bill is called provider-based accounting. Since this case will become more and more important, this article introduces a new architecture for provider-based accounting

    Secure Network Access via LDAP

    Get PDF
    Networks need the ability to be access by secure accounts and users. The goal of this project is to configure and expand on LDAP configurations with considerations for AAA via TACACS+ and Radius for network equipment. This will provide adequate security for any given network in terms of access and prevent lose of access to devices which happens all to often with locally configured accounts on devices

    Eri valmistajien tietoverkkokytkimien yhteensopivuus Savonia-ammattikorkeakoulun verkossa

    Get PDF
    Opinnäytetyön tavoitteena oli testata ja arvioida toisen tason Dell Networking N2048P -kytkimen yhteensopivuutta ja toimivuutta Savonia-ammattikorkeakoulun tietoverkossa. Kytkintä arvioitiin tutustumalla kytkimen teknisiin ominaisuuksiin ja yhteensopivuuteen Ciscon Inc:n valmistamien tietoverkkolaitteiden kanssa, joista Savonian-ammattikorkeakoulun tietoverkko koostuu. Työn avulla selvitettiin, tulisiko Savonian-ammattikorkeakoulun käyttää Dell N2048P -tietoverkkokytkimiä tietoverkossaan. Opinnäytetyössä keskityttiin tietoverkkokytkimiin ja niiden ominaisuuksiin. Tietoverkkokytkimet jakautuivat toisen tason ja kolmannen tason kytkimiin. Opinnäytetyössä tutustuttiin muutamiin kytkimien käyttämiin standardeihin, joita ovat VLAN, Trunking, Spanning-Tree, EtherChannel ja DHCP. Kytkimien pinottavuus ja PoE-porttien ominaisuudet olivat tärkeitä teknisiä ominaisuuksia. Dell ja Cisco -tietoverkkokytkimien välillä testattiin kytkimien yhteensopivuutta testaavia kytkentöjä, kuten VLAN, Trunking, Spanning-Tree, EtherChannel ja DHCP -kytkentöjä. Kytkentöjä tuloksia tarkastelemalla arvioitiin kytkimen yhteensopivuutta Savonia-ammattikorkeakoulun tietoverkkoon. Kytkentöjä testattiin kytkemällä Dell N2048P -kytkin Savonia-ammattikorkeakoulun Cisco-laboratoriossa käytettäviin tietoverkkokytkimiin. Opinnäytetyö oli onnistunut ja testatusta kytkimestä saaduilla tuloksilla pystyttiin arvioimaan kytkimen toimivuutta Savonia-ammattikorkeakoulun tietoverkossa. Kytkennät olivat onnistuneita ja Dell N2048P -kytkintä pystyttiin käyttämään yhdessä Ciscon tietoverkkolaitteiden kanssa, mutta pinottavuudessa laitteiden välillä olevien yhteensopivuusongelmien vuoksi Dell N2048P -kytkintä ei voida käyttää tehokkaasti tietoverkossa. Mittaustulosten mukaan Dell N2048P ei ole kannattava investointi Savonia-ammattikorkeakoululle.The aim of the thesis was to test and create an estimate of the compatibility and functionality of Dell Networking N2048P Layer 2 switches in Savonia University of Applied Sciences network. A review was conducted of the tech-nical characteristics and compatibility with Cisco Inc manufactured network devices, which are used in the Savonia University of Applied Sciences network. The thesis was done to estimate if Savonia University of Applied Sciences should use Dell N2048P network switches on their network. The thesis focused on the network switches and their features. The data network switches are divided into layer 2 and Layer 3 switches. Few standards of the switches were inspected in the thesis, such as VLAN, Trunking, Span-ning-Tree, Etherchannel and DHCP. Stacking of the switches and PoE-port capabilities were important technical fea-tures. The compatibility of switches between Dell and Cisco Networking switches was tested using configurations, such as VLAN, Trunking, Spanning-Tree, Etherchannel and DHCP. The review of the compatibility in the Savonia University of Applied Sciences network was created by surveying the configurations between devices. Configurations were carried out by connecting the Dell N2048P switch with the network devices used in the Savonia University of Applied Sciences Cisco laboratory. The thesis was successful and the results of the tested switch were used to create a summary of the switch. Con-nections were successful and the Dell N2048P switch could be used with the Cisco network device, but due to com-patibility issues with stacking between devices, the Dell N2048P switch cannot be used effectively in the network. The result of the summary is that Dell N2048P is not a worthwhile investment for the Savonia University of Applied Sciences

    Tietoverkkojen valvonnan yhdenmukaistaminen

    Get PDF
    As the modern society is increasingly dependant on computer networks especially as the Internet of Things gaining popularity, a need to monitor computer networks along with associated devices increases. Additionally, the amount of cyber attacks is increasing and certain malware such as Mirai target especially network devices. In order to effectively monitor computer networks and devices, effective solutions are required for collecting and storing the information. This thesis designs and implements a novel network monitoring system. The presented system is capable of utilizing state-of-the-art network monitoring protocols and harmonizing the collected information using a common data model. This design allows effective queries and further processing on the collected information. The presented system is evaluated by comparing the system against the requirements imposed on the system, by assessing the amount of harmonized information using several protocols and by assessing the suitability of the chosen data model. Additionally, the protocol overheads of the used network monitoring protocols are evaluated. The presented system was found to fulfil the imposed requirements. Approximately 21% of the information provided by the chosen network monitoring protocols could be harmonized into the chosen data model format. The result is sufficient for effective querying and combining the information, as well as for processing the information further. The result can be improved by extending the data model and improving the information processing. Additionally, the chosen data model was shown to be suitable for the use case presented in this thesis.Yhteiskunnan ollessa jatkuvasti verkottuneempi erityisesti Esineiden Internetin kasvattaessa suosiotaan, tarve seurata sekä verkon että siihen liitettyjen laitteiden tilaa ja mahdollisia poikkeustilanteita kasvaa. Lisäksi tietoverkkohyökkäysten määrä on kasvamassa ja erinäiset haittaohjelmat kuten Mirai, ovat suunnattu erityisesti verkkolaitteita kohtaan. Jotta verkkoa ja sen laitteiden tilaa voidaan seurata, tarvitaan tehokkaita ratkaisuja tiedon keräämiseen sekä säilöntään. Tässä diplomityössä suunnitellaan ja toteutetaan verkonvalvontajärjestelmä, joka mahdollistaa moninaisten verkonvalvontaprotokollien hyödyntämisen tiedonkeräykseen. Lisäksi järjestelmä säilöö kerätyn tiedon käyttäen yhtenäistä tietomallia. Yhtenäisen tietomallin käyttö mahdollistaa tiedon tehokkaan jatkojalostamisen sekä haut tietosisältöihin. Diplomityössä esiteltävän järjestelmän ominaisuuksia arvioidaan tarkastelemalla, minkälaisia osuuksia eri verkonvalvontaprotokollien tarjoamasta informaatiosta voidaan yhdenmukaistaa tietomalliin, onko valittu tietomalli soveltuva verkonvalvontaan sekä varmistetaan esiteltävän järjestelmän täyttävän sille asetetut vaatimukset. Lisäksi työssä arvioidaan käytettävien verkonvalvontaprotokollien siirtämisen kiinteitä kustannuksia kuten otsakkeita. Työssä esitellyn järjestelmän todettiin täyttävän sille asetetut vaatimukset. Eri verkonvalvontaprotokollien tarjoamasta informaatiosta keskimäärin 21% voitiin harmonisoida tietomalliin. Saavutettu osuus on riittävä, jotta eri laitteista saatavaa informaatiota voidaan yhdistellä ja hakea tehokkaasti. Lukemaa voidaan jatkossa parantaa laajentamalla tietomallia sekä kehittämällä kerätyn informaation prosessointia. Lisäksi valittu tietomalli todettiin soveltuvaksi tämän diplomityön käyttötarkoitukseen

    IP-based virtual private networks and proportional quality of service differentiation

    Get PDF
    IP-based virtual private networks (VPNs) have the potential of delivering cost-effective, secure, and private network-like services. Having surveyed current enabling techniques, an overall picture of IP VPN implementations is presented. In order to provision the equivalent quality of service (QoS) of legacy connection-oriented layer 2 VPNs (e.g., Frame Relay and ATM), IP VPNs have to overcome the intrinsically best effort characteristics of the Internet. Subsequently, a hierarchical QoS guarantee framework for IP VPNs is proposed, stitching together development progresses from recent research and engineering work. To differentiate IP VPN QoS, the proportional QoS differentiation model, whose QoS specification granularity compromises that of IntServ and Diffserv, emerges as a potential solution. The investigation of its claimed capability of providing the predictable and controllable QoS differentiation is then conducted. With respect to the loss rate differentiation, the packet shortage phenomenon shown in two classical proportional loss rate (PLR) dropping schemes is studied. On the pursuit of a feasible solution, the potential of compromising the system resource, that is, the buffer, is ruled out; instead, an enhanced debt-aware mechanism is suggested to relieve the negative effects of packet shortage. Simulation results show that debt-aware partially curbs the biased loss rate ratios, and improves the queueing delay performance as well. With respect to the delay differentiation, the dynamic behavior of the average delay difference between successive classes is first analyzed, aiming to gain insights of system dynamics. Then, two classical delay differentiation mechanisms, that is,proportional average delay (PAD) and waiting time priority (WTP), are simulated and discussed. Based on observations on their differentiation performances over both short and long time periods, a combined delay differentiation (CDD) scheme is introduced. Simulations are utilized to validate this method. Both loss and delay differentiations are based on a series of differentiation parameters. Though previous work on the selection of delay differentiation parameters has been presented, that of loss differentiation parameters mostly relied on network operators\u27 experience. A quantitative guideline, based on the principles of queueing and optimization, is then proposed to compute loss differentiation parameters. Aside from analysis, the new approach is substantiated by numerical results

    Secure Configuration and Management of Linux Systems using a Network Service Orchestrator.

    Get PDF
    Manual management of the configuration of network devices and computing devices (hosts) is an error-prone task. Centralized automation of these tasks can lower the costs of management, but can also introduce unknown or unanticipated security risks. Misconfiguration (deliberate (by outsiders) or inadvertent (by insiders)) can expose a system to significant risks. Centralized network management has seen significant progress in recent years, resulting in model-driven approaches that are clearly superior to previous "craft" methods. Host management has seen less development. The tools available have developed in separate task-specific ways. This thesis explores two aspects of the configuration management problem for hosts: (1) implementing host management using the model-driven (network) management tools; (2) establishing the relative security of traditional methods and the above proposal for model driven host management. It is shown that the model-driven approach is feasible, and the security of the model driven approach is significantly higher than that of existing approaches

    A Survey of Different Dos Attacks on Wireless Network

    Get PDF
    Wireless technologies like Wireless LAN (WLAN) 802.11 picking up ubiquity in all associations, undertakings and colleges because of its profitability, cost sparing when contrasted with wired system and usability by enabling the system clients to move physically while keeping up an association with the wireless system. Wireless systems are main stream among the Laptop client group today in light of the portability and usability. Individuals working through remote association must know about the surroundings because of the different sorts of assaults made by the interlopers. Remote systems are extremely defenseless against (Denial of Service) DoS attacks. DoS attacks are an endeavor to make a machine or system asset inaccessible to its clients. It can happen in numerous layers of OSI demonstrate and can happen in different frame Network clients can ensure their frameworks with Wi-Fi Protected Access (WPA) security conventions and Wired Equivalent Privacy (WEP), however DoS attack still can't be averted utilizing these conventions. These attacks bring about debasement of the system quality or finish loss of accessibility of the system inside the association. This survey paper makes a review on various kinds of DoS attacks and their countermeasures on the framework systems which depend on the Access Points (AP). The fundamental assaults called Deauthentication and Disassociation Flooding. DoS assaults are considered there avoidance/discovery arrangements. Keywords- Access Points, DoS, Wireless Security, 802.11, Disassociation, Deauthentication, Flooding attack

    Major: Electronics and Communication Engineering

    Get PDF
    Today, information technology is strategically important to the goals and aspirations of the business enterprises, government and high-level education institutions – university. Universities are facing new challenges with the emerging global economy characterized by the importance of providing faster communication services and improving the productivity and effectiveness of individuals. New challenges such as provides an information network that supports the demands and diversification of university issues. A new network architecture, which is a set of design principles for build a network, is one of the pillar bases. It is the cornerstone that enables the university’s faculty, researchers, students, administrators, and staff to discover, learn, reach out, and serve society. This thesis focuses on the network architecture definitions and fundamental components. Three most important characteristics of high-quality architecture are that: it’s open network architecture; it’s service-oriented characteristics and is an IP network based on packets. There are four important components in the architecture, which are: Services and Network Management, Network Control, Core Switching and Edge Access. The theoretical contribution of this study is a reference model Architecture of University Campus Network that can be followed or adapted to build a robust yet flexible network that respond next generation requirements. The results found are relevant to provide an important complete reference guide to the process of building campus network which nowadays play a very important role. Respectively, the research gives university networks a structured modular model that is reliable, robust and can easily grow

    IPv6: a new security challenge

    Get PDF
    Tese de mestrado em Segurança Informática, apresentada à Universidade de Lisboa, através da Faculdade de Ciências, 2011O Protocolo de Internet versão 6 (IPv6) foi desenvolvido com o intuito de resolver alguns dos problemas não endereçados pelo seu antecessor, o Protocolo de Internet versão 4 (IPv4), nomeadamente questões relacionadas com segurança e com o espaço de endereçamento disponível. São muitos os que na última década têm desenvolvido estudos sobre os investimentos necessários à sua adoção e sobre qual o momento certo para que o mesmo seja adotado por todos os players no mercado. Recentemente, o problema da extinção de endereçamentos públicos a ser disponibilizado pelas diversas Region Internet registry – RIRs - despertou o conjunto de entidades envolvidas para que se agilizasse o processo de migração do IPv4 para o IPv6. Ao contrário do IPv4, esta nova versão considera a segurança como um objetivo fundamental na sua implementação, nesse sentido é recomendado o uso do protocolo IPsec ao nível da camada de rede. No entanto, e devido à imaturidade do protocolo e à complexidade que este período de transição comporta, existem inúmeras implicações de segurança que devem ser consideradas neste período de migração. O objetivo principal deste trabalho é definir um conjunto de boas práticas no âmbito da segurança na implementação do IPv6 que possa ser utilizado pelos administradores de redes de dados e pelas equipas de segurança dos diversos players no mercado. Nesta fase de transição, é de todo útil e conveniente contribuir de forma eficiente na interpretação dos pontos fortes deste novo protocolo assim como nas vulnerabilidades a ele associadas.IPv6 was developed to address the exhaustion of IPv4 addresses, but has not yet seen global deployment. Recent trends are now finally changing this picture and IPv6 is expected to take off soon. Contrary to the original, this new version of the Internet Protocol has security as a design goal, for example with its mandatory support for network layer security. However, due to the immaturity of the protocol and the complexity of the transition period, there are several security implications that have to be considered when deploying IPv6. In this project, our goal is to define a set of best practices for IPv6 Security that could be used by IT staff and network administrators within an Internet Service Provider. To this end, an assessment of some of the available security techniques for IPv6 will be made by means of a set of laboratory experiments using real equipment from an Internet Service Provider in Portugal. As the transition for IPv6 seems inevitable this work can help ISPs in understanding the threats that exist in IPv6 networks and some of the prophylactic measures available, by offering recommendations to protect internal as well as customers’ networks
    corecore