2002 - cesnet

More documents

Recommendations

Info

HTTPS server. After the identity verification, every authorized person can accessall results of the audit of all machines that the person administers.Results are displayed in two forms:• only the latest audit results• comparison of the latest and reference audit results (reference data areusually represented by the previous session results).In addition, a brief unencrypted notification about the delivery of new auditresults to the HTTPS server is sent to administrators by e-mail, including a briefsummary of results for every machine tested.19.2 Intrusion Detection System – IDSThe second part of the project was the installation of a system for detecting theunauthorized access to the network (Intrusion Detection System). The selectedSNORT program, which can be freely distributed thanks to the GNU licence,is operating in the networks of Czech Academy of Sciences in Praha-Krč andTechnical University of Ostrava. The program is used particularly when a suspicionof attacks to other systems exists and for detecting network viruses and/orviruses spreading through e-mail.19.3 LaBreaLaBrea is a program inspired by the asphalt deposit in LaBrea (Los Angeles,California, USA), which has been working as a trap for victims passing by fortens of thousands of years.The LaBrea system can detect attempts to access nonexistent machines in alocal network – such attempts are usually caused by network viruses or hackerssearching for security holes. The LaBrea server responds to these queriesinstead of the nonexistent machines and establishes a connection with the attacker,while only a minimum data volume is transferred (typically 0.34 Bpswhen communicating with Windows NT systems). This connection lasts untilthe program or attacker realizes that “nothing is happening” and closes theconnection. This may take a very long time and, during this whole period, theattacker (or this attacker’s thread) cannot cause harm anywhere else.The LaBrea program has many other positive features. Network administratorswill welcome, among other things, that the program installation is quite simpleand requires virtually no attendance. The LaBrea program is generally assessedas a very efficient method for fighting network viruses (CodeRed, Nimda, etc.).194 High-speed National Research Network and its New Applications 2002
Moreover, the program was complemented with the LBbe and LBrep (LaBreaBackEnd and LaBrea Report) programs by the Dejvice project team members.LaBrea BackEnd will process the output file of the LaBrea program and createa number of files containing information on attacks to the protected network.The number of these files is minimized so that reports on all attacks, for whichthe same group of network or domain administrators is responsible, are providedin one letter. The number of these files can be also reduced by specifyingcommand line parameters. The number of queries to Whois servers performedwhen searching for information on responsible administrators is minimized aswell. The LaBrea Report program sends files created by LaBrea BackEnd toappropriate administrators and notifies them about the probable existence ofcompromised machines in their network.19.4 ResultsWe offer three alternatives of the security audit: using PTS, classic FE/BE, andnew FE/WBE.PTS provides the easiest way to run the NESSUS program with the possibility tochoose the configuration file used for every machine tested. The program itselfsends the audit results to appropriate administrators by e-mail.FrontEnd (FE) performs the inspection of machines in the IP address rangesspecified by a network administrator. The program creates a list of all machinesthat are to be audited, determines their statuses by their response type (Broadcast,Loss, OK, TimeOut, WrongResponse), records the reference status, reportsdifferences from the reference status (including potential changes in the reversedomain), and creates a list of machines that will be tested by NESSUS as well asa configuration file usable for BE or WBE. The program offers the possibility towork in the interactive or batch mode, select working directories (with differentconfigurations of tested network), and write out detailed debug reports.BackEnd (BE) maintains the secure distribution of the audit results. The programcreates a standalone file for every administrator containing the audit results forall administrators’ machines tested (every machine can have several differentadministrators). These encrypted files are then sent by the Rep program.Decode (DEC) is designed for decoding the audit results sent by the Rep program.WebBackEnd (WBE) distributes the audit results in a secured form in a way similarto that of BackEnd. However, this program uses a method that is substantiallyeasier for end users – the results are published on the https://spider.cesnet.cz/server.High-speed National Research Network and its New Applications 2002195
Page 1 and 2:
2002High-speed NationalResearch Net
Page 3 and 4:
Table of Contents1 Introduction 92
Page 5 and 6:
6.4.3 Support of Special Events. .
Page 7 and 8:
14.3 Cisco ICM Software . . . . . .
Page 9 and 10:
1 IntroductionThe report presented
Page 11 and 12:
2 Brief SummaryThe research plan ti
Page 13 and 14:
men. We designed the basic concept
Page 15 and 16:
2.4 Other ProjectsThe objective of
Page 17 and 18:
3 Operation of CESNET2During 2002,
Page 19 and 20:
Canarie622 MbpsESNET622 MbpsGÉANT/
Page 21 and 22:
central network core routers with t
Page 23 and 24:
The existing logical topology of mu
Page 25 and 26:
The logical core topology anticipat
Page 27 and 28:
Within the informative part, we req
Page 29 and 30:
3.6 Statistical Traffic Analysis3.6
Page 31 and 32:
Figure 3.8: Influence of time step
Page 33 and 34:
Praha-Plzeň, 2.5 GbpsPraha-Ústí
Page 35 and 36:
CESNET2-GÉANT, 1.2 Gbps (october)C
Page 37 and 38:
Part IStrategic Projects
Page 39 and 40:
4 Optical Networks and theirDevelop
Page 41 and 42:
US (TeraGrid with backbone 4 × 10
Page 43 and 44:
ApplicationMiddlewareHigh bandwidth
Page 45 and 46:
4.2.2 User InterfaceSubscribers (me
Page 47 and 48:
ers will move and that other types
Page 49 and 50:
GermanyCheb10 G34 MPlzeňGÉANT 622
Page 51 and 52:
It is also possible to implement th
Page 53 and 54:
Chemical Technology and PASNET, we
Page 55 and 56:
Manufacturerwww.accton.comwww.actio
Page 57 and 58:
particularly based on the fact that
Page 59 and 60:
0101 NRZlaserMach-ZendermodulatorED
Page 61 and 62:
Cisco ONS 15201boosterfiber 130 kmC
Page 63 and 64:
5 IP version 6Further expansion of
Page 65 and 66:
5.2.1 IPv6 Network TopologyFor the
Page 67 and 68:
Missing in this list are especially
Page 69 and 70:
5.2.7 Connecting End Site NetworksI
Page 71 and 72:
5.4 IPv6 User Services and Applicat
Page 73 and 74:
sible reprogramming of functions, a
Page 75 and 76:
IPBIpb_0HFEHfe_1SORSor_0LUPLup_0RQR
Page 77 and 78:
As regards our router on the PC pla
Page 79 and 80:
the activities of our project. In 2
Page 81 and 82:
6 Multimedia Transmissions6.1 Objec
Page 83 and 84:
scaling is considerably restricted;
Page 85 and 86:
Figure 6.1: Modified program for sh
Page 87 and 88:
6.3.5 Direct Support for Pilot Grou
Page 89 and 90:
programs which control the integrat
Page 91 and 92:
Figure 6.4: Example of broadcast fr
Page 93 and 94:
Figure 6.5: Set of tuners and serve
Page 95 and 96:
and transfer the solution to an ope
Page 97 and 98:
The actual computing capacity of Me
Page 99 and 100:
7.1.2 Information ServicesMetaCentr
Page 101 and 102:
Figure 7.1: Grid nodes for SC2002an
Page 103 and 104:
(December 2002). This was one of th
Page 105 and 106:
the use of 158 processors). When we
Page 107 and 108:
8 Voice Services in CESNET2The proj
Page 109 and 110:
Figure 8.1: Number of phone calls i
Page 111 and 112:
VoGWs of members involved in the pr
Page 113 and 114:
connection and compare the features
Page 115 and 116:
• Extensive possibilities for the
Page 117 and 118:
H.323 WorldSIP PhoneMS Messengerand
Page 119 and 120:
ation with students at the Strahov
Page 121 and 122:
9 Quality of Service in HighspeedNe
Page 123 and 124:
In addition, Juniper routers make u
Page 125 and 126:
We tried to divide the capacity of
Page 127 and 128:
low with respect to the capacity of
Page 129 and 130:
Figure 9.10: Loss rate on Prague-Po
Page 131 and 132:
sendingapplicationTCP senderseqackp
Page 133 and 134:
Figure 9.13: Example of a course of
Page 135 and 136:
Part IIInternational Projects
Page 137 and 138:
10 GÉANTSince 1996, CESNET has bee
Page 139 and 140:
Figure 10.2: Utilization of individ
Page 141 and 142:
11 DataGridSince 2001, our research
Page 143 and 144: Therefore, we organized a meeting w
Page 145 and 146: 12 SCAMPISCAMPI (Scaleable Monitori
Page 147 and 148: 12.3.1 WP0 - Requirement AnalysisTh
Page 149 and 150: 1 6 12 18 24 30requirements analysi
Page 151 and 152: Part IIIOther Projects
Page 153 and 154: 13 Online Education Infrastructurea
Page 155 and 156: 13.1.2 Construction of a Teleinform
Page 157 and 158: with high-capacity disk memories co
Page 159 and 160: If the collaboration of individual
Page 161 and 162: ten, whereas items in the hyperlink
Page 163 and 164: Besides that, we processed some lec
Page 165 and 166: CallManager was designed using open
Page 167 and 168: tre, when we were forced to handle
Page 169 and 170: 15 Intelligent NetFlow AnalyserThe
Page 171 and 172: In the second half-year, we complet
Page 173 and 174: 15.4 ConclusionDuring 2002, our tea
Page 175 and 176: • data space consolidation (easy
Page 177 and 178: ecord size [kB] 256 512 1024 2048 4
Page 179 and 180: Figure 16.3: Nishan-Linux measureme
Page 181 and 182: 16.3.1 No SecurityThe initiator is
Page 183 and 184: vices. These features mainly involv
Page 185 and 186: Figure 17.1: www.cesnet.cz• We ha
Page 187 and 188: The meeting was broadcast live via
Page 189 and 190: Most of the problems connected with
Page 191 and 192: Standard manipulator (privileged us
Page 193: 19 Security of Local CESNET2Network
Page 197 and 198: in the network of AV ČR Praha-Krč
Page 199 and 200: 19.5 Future Plans, Expected Further
Page 201 and 202: InternetNTPEthernetKPCPPSLabelPPSLa
Page 203 and 204: generated by the NTP server. Its ou
Page 205 and 206: 21 Platforms for Streaming andVideo
Page 207 and 208: streaming serverAAA (LDAPS) server1
Page 209 and 210: 21.5 Video Content CollaborationPla
Page 211 and 212: First of all, we had to define an a
Page 213 and 214: international-scale broadcast will
Page 215 and 216: Part IVConclusion and Annexes
Page 217 and 218: 23 ConclusionThe current developmen
Page 219 and 220: AList of connected institutionsA.1
Page 221 and 222: institutionconnection [Mbps]Institu
Page 223 and 224: Karásek Miroslav, Ing., DrSc. Czec
Page 225 and 226: Voral Pavel, Ing.Voříšek Martin,
Page 227 and 228: Burčík J.: Optické přepínání
Page 229 and 230: Veselá S.: Aktivity sdružení CES
Page 231 and 232: Krsek M.: Platformy pro streaming m
Page 233 and 234: Zatloukal K., Křivánek V.: Videok
Page 235 and 236: Satrapa P.: Scavenger: Za Internet
show all

2002 - cesnet

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?