584 research outputs found

    Evaluating and improving firewalls for ip-telephony environments

    Get PDF
    Firewalls are a well established security mechanism for providing access control and auditing at the borders between different administrative network domains. Their basic architecture, techniques and operation modes did not change fundamentally during the last years. On the other side new challenges emerge rapidly when new innovative application domains have to be supported. IP-Telephony applications are considered to have a huge economic potential in the near future. For their widespread acceptance and thereby their economic success they must cope with established security policies. Existing firewalls face immense problems here, if they - as it still happens quite often - try to handle the new challenges in a way they did with "traditional applications". As we will show in this paper, IP-Telephony applications differ from those in many aspects, which makes such an approach quite inadequate. After identifying and characterizing the problems we therefore describe and evaluate a more appropriate approach. The feasibility of our architecture will be shown. It forms the basis of a prototype implementation, that we are currently working on

    IP-Telefonie und Firewalls, Probleme und Lösungen

    Get PDF
    Im Rahmen einer umfassenden Security-Policy stellen Firewall -Systeme eine wichtige Maßnahme zum Schutz eines privaten Netzes vor Angriffen aus dem Internet dar. Durch die Einführung neuer Applikationstypen, zu denen auch IP-Telefonie Applikationen gehören, ergeben sich neue Anforderungen denen ein Firewall-System gerecht werden muß. Diesen neuen Anforderungen werden existierende Firewall-Systeme nicht gerecht, weshalb IP-Telefonie Applikationen von Firewalls zur Zeit nicht zufriedenstellend unterstützt werden können. In diesem Beitrag werden wir zeigen, welche speziellen Probleme sich bei der Integration von IP-Telefonie Unterstützung in eine Firewall ergeben. Dazu werden wir ausgewählte, von einer Firewall zu unterstützenden Telefonieszenarien, erläutern, sowie ausgewählte vorhandene Firewall-Lösungen und ihre existierenden Beschränkungen beschreiben. Nachdem die Probleme identifiziert und klassifiziert sind, werden wir die daraus resultierenden Anforderungen, denen eine IP-Telefonie fähige Firewall gerecht werden muß, herleiten. Abschließend werden wir eine mögliche technische Umsetzung dieser Anforderungen, sowie den entsprechenden realisierten Prototypen beschreiben

    Sampling cluster endurance for peer-to-peer based content distribution networks

    Get PDF
    Several types of Content Distribution Networks are being deployed over the Internet today, based on different architectures to meet their requirements (e.g., scalability, efficiency and resiliency). Peer-to-peer (P2P) based Content Distribution Networks are promising approaches that have several advantages. Structured P2P networks, for instance, take a proactive approach and provide efficient routing mechanisms. Nevertheless, their maintenance can increase considerably in highly dynamic P2P environments. In order to address this issue, a two-tier architecture called Omicron that combines a structured overlay network with a clustering mechanism is suggested in a hybrid scheme. In this paper, we examine several sampling algorithms utilized in the aforementioned hybrid network that collect local information in order to apply a selective join procedure. Additionally, we apply the sampling algorithms on Chord in order to evaluate sampling as a general information gathering mechanism. The algorithms are based mostly on random walks inside the overlay networks. The aim of the selective join procedure is to provide a well balanced and stable overlay infrastructure that can easily overcome the unreliable behavior of the autonomous peers that constitute the network. The sampling algorithms are evaluated using simulation experiments as well as probabilistic analysis where several properties related to the graph structure are reveale

    Information Exchange for Connection Dispatching

    Get PDF
    Travellers in public transport today expect current, precise and individual information. Existing systems have different approaches to provide this information. Most of them use proprietary exchange formats as existing standardized interfaces do not fulfil all needs. The German standardization project IP-KOM-OeV develops an interface that fulfils focuses on a service which allows to inform the traveller about his connections but also to inform the transportation companies about the travellers’ planned connections. The latter can have a direct impact on the operations when the connection demands are taken into consideration for the connection dispatching. We will present the results of the standardization project regarding the connection service and show how this service can be used by transportation companies to improve connection dispatching

    P4-CoDel:Experiences on Programmable Data Plane Hardware

    Get PDF
    Fixed buffer sizing in computer networks, especially the Internet, is a compromise between latency and bandwidth. A decision in favor of high bandwidth, implying larger buffers, subordinates the latency as a consequence of constantly filled buffers. This phenomenon is called Bufferbloat. Active Queue Management (AQM) algorithms such as CoDel or PIE, designed for the use on software based hosts, offer a flow agnostic remedy to Bufferbloat by controlling the queue filling and hence the latency through subtle packet drops. In previous work, we have shown that the data plane programming language P4 is powerful enough to implement the CoDel algorithm. While legacy software algorithms can be easily compiled onto almost any processing architecture, this is not generally true for AQM on programmable data plane hardware, i.e., programmable packet processors. In this work, we highlight corresponding challenges, demonstrate how to tackle them, and provide techniques enabling the implementation of such AQM algorithms on different high speed P4-programmable data plane hardware targets. In addition, we provide measurement results created on different P4-programmable data plane targets. The resulting latency measurements reveal the feasibility and the constraints to be considered to perform Active Queue Management within these devices. Finally, we release the source code and instructions to reproduce the results in this paper as open source to the research community
    • …