Lectures notes for 2010 - KTH
Lectures notes for 2010 - KTH Lectures notes for 2010 - KTH
MBONE through firewalls http://www.cs.virginia.edu/~mngroup/projects/firewalls/ Their firewall features: • Source host checking (allowing only certain hosts to transmit through the firewall, or denying specific hosts) • Destination port checking • Packet contents (unwrapping encapsulated IP) • Regulating bandwidth allocated to a specific multicast group’s traffic Their Mbone gateway is based on a modified multicast routing daemon. hole MBONE Intranet join join join SOCKS+Mrouted-gw Figure 8: Firewall and internet gateway Maguire MBONE through firewalls 12: 18 of 30 maguire@kth.se 2010.03.21 Internetworking/Internetteknik
Secure Mailer (aka Postfix) Wietse Venema’s attempt to provide an alternative to the widely-used Sendmail program 70% of all mail sent via the Internet is sent via Sendmail “Security. Postfix uses multiple layers of defense to protect the local system against intruders. Almost every Postfix daemon can run in a chroot jail with fixed low privileges. There is no direct path from the network to the security-sensitive local delivery programs - an intruder has to break through several other programs first. Postfix does not even trust the contents of its own queue files, or the contents of its own IPC messages. Postfix avoids placing sender-provided information into shell environment variables. Last but not least, no Postfix program is set-uid.” [18] Maguire Secure Mailer (aka Postfix) 12: 19 of 30 maguire@kth.se 2010.03.21 Internetworking/Internetteknik
- Page 717 and 718: Alternative 3 Initially X is locate
- Page 719 and 720: Alternative 4 continued Initially X
- Page 721 and 722: What happens in the case of wireles
- Page 723 and 724: Wireless WANs BS-a cell a BS-a cell
- Page 725 and 726: Mobile IP Standardization Effort
- Page 727 and 728: A Mobile-IP(V6) Scenario Home Agent
- Page 729 and 730: Tunneling IP Datagrams Both home ag
- Page 731 and 732: Why Agent Discovery? Agent Discover
- Page 733 and 734: Registration Message Format 0 8 16
- Page 735 and 736: FA Requirements (v4) • Each FA mu
- Page 737 and 738: Optimization Problem Home site Inte
- Page 739 and 740: Mobile IP Problems and Development
- Page 741 and 742: Wireless IP Network Architecture Ho
- Page 743 and 744: HAWAII extension is similar to Cell
- Page 745 and 746: Hierarchical FA and Regional Tunnel
- Page 747 and 748: Hierarchical FA and Regional Tunnel
- Page 749 and 750: This lecture we have discussed: •
- Page 751 and 752: IK1550 Internetworking/Internettekn
- Page 753 and 754: Private networks Private Networks a
- Page 755 and 756: Security Protocols, APIs, etc. •
- Page 757 and 758: IPSec IPSec in three parts: • enc
- Page 759 and 760: AH header For authentication purpos
- Page 761 and 762: Where can you run IPSec? Mode Where
- Page 763 and 764: Linux firewall For example, for the
- Page 765 and 766: Proxy Access Through A Firewall ext
- Page 767: Newping http://ftp.cerias.purdue.ed
- Page 771 and 772: • TCP Wrappers - allows monitorin
- Page 773 and 774: Network Address Translation exterio
- Page 775 and 776: Network Security Exercises You will
- Page 777 and 778: This lecture we have discussed: •
- Page 779 and 780: [13] Swedish Defense Material Admin
- Page 781 and 782: IK1550 Internetworking/Internettekn
- Page 783 and 784: Generations of technology versus ge
- Page 785 and 786: Dissemination not conversation On s
- Page 787 and 788: Are interplanetary and intergalacti
- Page 789 and 790: Trends: Shifting from traditional t
- Page 791 and 792: Visualizing these laws 100 25000 80
- Page 793 and 794: Exponential growth As Ray Kurzweil
- Page 795 and 796: Is this only true for books? Chris
- Page 797 and 798: Too cheap to meter "It is not too m
- Page 799 and 800: What Would Google Do? Jeff Jarvis
- Page 801 and 802: Service Differentiation Integrated
- Page 803 and 804: Mobile ad hoc Networks (MANETs) Ad
- Page 805 and 806: PC interfaces Standard I/O ports of
- Page 807 and 808: IP Storage Area Networks (SANs) Usi
- Page 809 and 810: • Internet SCSI (iSCSI) JBOD == J
- Page 811 and 812: “Beowulf-class” machines Using
- Page 813 and 814: Internet2 http://www.internet2.org/
- Page 815 and 816: Speed through Silicon FPGAs used in
- Page 817 and 818: Active Networks • Network nodes c
Secure Mailer (aka Postfix)<br />
Wietse Venema’s attempt to provide an alternative to the widely-used Sendmail<br />
program<br />
70% of all mail sent via the Internet is sent via Sendmail<br />
“Security. Postfix uses multiple layers of defense to protect the local<br />
system against intruders. Almost every Postfix daemon can run in a<br />
chroot jail with fixed low privileges. There is no direct path from the<br />
network to the security-sensitive local delivery programs - an intruder<br />
has to break through several other programs first. Postfix does not<br />
even trust the contents of its own queue files, or the contents of its<br />
own IPC messages. Postfix avoids placing sender-provided<br />
in<strong>for</strong>mation into shell environment variables. Last but not least, no<br />
Postfix program is set-uid.” [18]<br />
Maguire Secure Mailer (aka Postfix) 12: 19 of 30<br />
maguire@kth.se <strong>2010</strong>.03.21 Internetworking/Internetteknik