2002 - cesnet

More documents

Recommendations

Info

The security audit of machines in the CESNET Dejvice network is carried outregularly every 14 days. The audit is divided into the following stages:1. Audit using virtually all “Denial of Service” tests available (approximately760 machines in two separate groups)2. Audit using only the safe “noDOS” tests (25 machines).Administrators are notified by letter that another security audit took place. Theletter looks approximately like this:From: AuditAdmin Date: Wed, 24 Jul 2002 18:52:33 +0200To: (...)Subject: AUDIT 24.7.2002 - noDOSHello,the https://spider.ten.cz/app/nessus server containscomplete security audit results for these machines:195.113.134.aaa (noDOS # aaaaa.cesnet.cz): Security warnings found195.113.134.bbb (noDOS # bb.cesnet.cz): Security warnings found195.113.144.ccc (noDOS): No response195.113.144.ddd (noDOS): Security holes foundChanges in the audit results of the following machineshave been detected:195.113.134.bbb (noDOS # bb.cesnet.cz)195.113.144.ccc (noDOS)195.113.144.ddd (noDOS)Good luck!Yours,AuditAdmin.Researchers of this project tested NESSUS and its auxiliary programs in differentalternatives and configurations and have been using them regularly in threelocal CESNET2 networks (AV ČR Praha-Krč, CESNET Praha-Dejvice, and TUOstrava). Every project researcher runs an auditing system with a configurationaccording to his own needs and requirements of administrators of machines inthe local network.During this time, we located a large number of security holes in tested machinesthanks to NESSUS and its auxiliary programs, thus making the tasks ofnetwork administrators easier to accomplish. Network administrators now havea system available that regularly and automatically provides them with reportson security issues newly detected in tested machines, usually also includingrecommendations for removing these problems.For now, the IDS SNORT system is running only in the networks of AV ČR Praha-Krč and TU Ostrava. It is successfully used when monitoring the communicationto and from a network, for which the suspicion exists that the network is beingattacked from outside or inside, is needed. The program proved useful – e.g.,196 High-speed National Research Network and its New Applications 2002
in the network of AV ČR Praha-Krč, the program helped detect spreading ofnetwork viruses in shared directories of computers with the Windows OS. Thesystem has been tested with a Fast Ethernet adapter so far. In the next year, wewould like to test its performance with a gigabit adapter.The LaBrea system was successfully implemented at all three research workplacesof this project. The graph provided in Figure 19.1 shows how many externalattacks the system detected in a single small sub-network of the CESNETnetwork in Dejvice at the end of November 2002 and how many threads it managedto capture:Figure 19.1: Graph of attacks detected by the LaBrea systemThe LaBrea Report program installed in the Dejvice network sends results generatedby the LaBrea system to responsible persons once a week and notifiesthem about the probable existence of compromised machines in their network.The typical letter looks approximately like this (shortened version):To: (...)From: IDS Subject: [IDS021206.0042] Please check your network integrityDate: Mon, 6 Dec 2002 10:36:08 +0100Dear Administrator,I have detected security hole probes coming from your IPor domain space. This means someone is probing the Internetlooking for security holes and this is a strong indicator thatsomeone or something is misusing your computing facilities.The person(s) doing this may be the owner(s) of account(s) atHigh-speed National Research Network and its New Applications 2002197
Page 1 and 2:
2002High-speed NationalResearch Net
Page 3 and 4:
Table of Contents1 Introduction 92
Page 5 and 6:
6.4.3 Support of Special Events. .
Page 7 and 8:
14.3 Cisco ICM Software . . . . . .
Page 9 and 10:
1 IntroductionThe report presented
Page 11 and 12:
2 Brief SummaryThe research plan ti
Page 13 and 14:
men. We designed the basic concept
Page 15 and 16:
2.4 Other ProjectsThe objective of
Page 17 and 18:
3 Operation of CESNET2During 2002,
Page 19 and 20:
Canarie622 MbpsESNET622 MbpsGÉANT/
Page 21 and 22:
central network core routers with t
Page 23 and 24:
The existing logical topology of mu
Page 25 and 26:
The logical core topology anticipat
Page 27 and 28:
Within the informative part, we req
Page 29 and 30:
3.6 Statistical Traffic Analysis3.6
Page 31 and 32:
Figure 3.8: Influence of time step
Page 33 and 34:
Praha-Plzeň, 2.5 GbpsPraha-Ústí
Page 35 and 36:
CESNET2-GÉANT, 1.2 Gbps (october)C
Page 37 and 38:
Part IStrategic Projects
Page 39 and 40:
4 Optical Networks and theirDevelop
Page 41 and 42:
US (TeraGrid with backbone 4 × 10
Page 43 and 44:
ApplicationMiddlewareHigh bandwidth
Page 45 and 46:
4.2.2 User InterfaceSubscribers (me
Page 47 and 48:
ers will move and that other types
Page 49 and 50:
GermanyCheb10 G34 MPlzeňGÉANT 622
Page 51 and 52:
It is also possible to implement th
Page 53 and 54:
Chemical Technology and PASNET, we
Page 55 and 56:
Manufacturerwww.accton.comwww.actio
Page 57 and 58:
particularly based on the fact that
Page 59 and 60:
0101 NRZlaserMach-ZendermodulatorED
Page 61 and 62:
Cisco ONS 15201boosterfiber 130 kmC
Page 63 and 64:
5 IP version 6Further expansion of
Page 65 and 66:
5.2.1 IPv6 Network TopologyFor the
Page 67 and 68:
Missing in this list are especially
Page 69 and 70:
5.2.7 Connecting End Site NetworksI
Page 71 and 72:
5.4 IPv6 User Services and Applicat
Page 73 and 74:
sible reprogramming of functions, a
Page 75 and 76:
IPBIpb_0HFEHfe_1SORSor_0LUPLup_0RQR
Page 77 and 78:
As regards our router on the PC pla
Page 79 and 80:
the activities of our project. In 2
Page 81 and 82:
6 Multimedia Transmissions6.1 Objec
Page 83 and 84:
scaling is considerably restricted;
Page 85 and 86:
Figure 6.1: Modified program for sh
Page 87 and 88:
6.3.5 Direct Support for Pilot Grou
Page 89 and 90:
programs which control the integrat
Page 91 and 92:
Figure 6.4: Example of broadcast fr
Page 93 and 94:
Figure 6.5: Set of tuners and serve
Page 95 and 96:
and transfer the solution to an ope
Page 97 and 98:
The actual computing capacity of Me
Page 99 and 100:
7.1.2 Information ServicesMetaCentr
Page 101 and 102:
Figure 7.1: Grid nodes for SC2002an
Page 103 and 104:
(December 2002). This was one of th
Page 105 and 106:
the use of 158 processors). When we
Page 107 and 108:
8 Voice Services in CESNET2The proj
Page 109 and 110:
Figure 8.1: Number of phone calls i
Page 111 and 112:
VoGWs of members involved in the pr
Page 113 and 114:
connection and compare the features
Page 115 and 116:
• Extensive possibilities for the
Page 117 and 118:
H.323 WorldSIP PhoneMS Messengerand
Page 119 and 120:
ation with students at the Strahov
Page 121 and 122:
9 Quality of Service in HighspeedNe
Page 123 and 124:
In addition, Juniper routers make u
Page 125 and 126:
We tried to divide the capacity of
Page 127 and 128:
low with respect to the capacity of
Page 129 and 130:
Figure 9.10: Loss rate on Prague-Po
Page 131 and 132:
sendingapplicationTCP senderseqackp
Page 133 and 134:
Figure 9.13: Example of a course of
Page 135 and 136:
Part IIInternational Projects
Page 137 and 138:
10 GÉANTSince 1996, CESNET has bee
Page 139 and 140:
Figure 10.2: Utilization of individ
Page 141 and 142:
11 DataGridSince 2001, our research
Page 143 and 144:
Therefore, we organized a meeting w
Page 145 and 146: 12 SCAMPISCAMPI (Scaleable Monitori
Page 147 and 148: 12.3.1 WP0 - Requirement AnalysisTh
Page 149 and 150: 1 6 12 18 24 30requirements analysi
Page 151 and 152: Part IIIOther Projects
Page 153 and 154: 13 Online Education Infrastructurea
Page 155 and 156: 13.1.2 Construction of a Teleinform
Page 157 and 158: with high-capacity disk memories co
Page 159 and 160: If the collaboration of individual
Page 161 and 162: ten, whereas items in the hyperlink
Page 163 and 164: Besides that, we processed some lec
Page 165 and 166: CallManager was designed using open
Page 167 and 168: tre, when we were forced to handle
Page 169 and 170: 15 Intelligent NetFlow AnalyserThe
Page 171 and 172: In the second half-year, we complet
Page 173 and 174: 15.4 ConclusionDuring 2002, our tea
Page 175 and 176: • data space consolidation (easy
Page 177 and 178: ecord size [kB] 256 512 1024 2048 4
Page 179 and 180: Figure 16.3: Nishan-Linux measureme
Page 181 and 182: 16.3.1 No SecurityThe initiator is
Page 183 and 184: vices. These features mainly involv
Page 185 and 186: Figure 17.1: www.cesnet.cz• We ha
Page 187 and 188: The meeting was broadcast live via
Page 189 and 190: Most of the problems connected with
Page 191 and 192: Standard manipulator (privileged us
Page 193 and 194: 19 Security of Local CESNET2Network
Page 195: Moreover, the program was complemen
Page 199 and 200: 19.5 Future Plans, Expected Further
Page 201 and 202: InternetNTPEthernetKPCPPSLabelPPSLa
Page 203 and 204: generated by the NTP server. Its ou
Page 205 and 206: 21 Platforms for Streaming andVideo
Page 207 and 208: streaming serverAAA (LDAPS) server1
Page 209 and 210: 21.5 Video Content CollaborationPla
Page 211 and 212: First of all, we had to define an a
Page 213 and 214: international-scale broadcast will
Page 215 and 216: Part IVConclusion and Annexes
Page 217 and 218: 23 ConclusionThe current developmen
Page 219 and 220: AList of connected institutionsA.1
Page 221 and 222: institutionconnection [Mbps]Institu
Page 223 and 224: Karásek Miroslav, Ing., DrSc. Czec
Page 225 and 226: Voral Pavel, Ing.Voříšek Martin,
Page 227 and 228: Burčík J.: Optické přepínání
Page 229 and 230: Veselá S.: Aktivity sdružení CES
Page 231 and 232: Krsek M.: Platformy pro streaming m
Page 233 and 234: Zatloukal K., Křivánek V.: Videok
Page 235 and 236: Satrapa P.: Scavenger: Za Internet
show all

2002 - cesnet

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?