Presentation is loading. Please wait.

Presentation is loading. Please wait.

ATM Firewall Routers with Black Lists Hwajung LEE The George Washington University School of Engineering and Applied Science Electrical Engineering and.

Published byMateo Derrick Modified over 10 years ago

Similar presentations

Presentation on theme: "ATM Firewall Routers with Black Lists Hwajung LEE The George Washington University School of Engineering and Applied Science Electrical Engineering and."— Presentation transcript:

1 ATM Firewall Routers with Black Lists Hwajung LEE The George Washington University School of Engineering and Applied Science Electrical Engineering and Computer Science Computer and Communications Security

2 2 Overview of Firewalls HOST Router HOST Firewall Overview of Firewalls

3 3

4 4 Overview of ATM

5 5 ATM (Asynchronous Transfer Mode) ATM cells –Fixed-size packets Cell Switching (Connection-Oriented) –cf. Circuit Switching, Packet Switching 5Byte Header48 Byte Payload

6 6 ATM Routing Physical Layer Router Application Layer AAL ATM Physical Layer Host A Application Layer AAL ATM Physical Layer Host B ATM AAL

7 7 ATM Firewall Routers with Black Lists ATM (Asynchronous Transfer Mode) Basic Concepts –High Speed : 155.52Mbps, 622Mbps –If firewalls protect a host or domain, firewalls can be a bottleneck. => Each Router shares firewall loads

8 8 ATM Firewall Routers with Black Lists Basic Concepts : ATM Signalling (ITU-T Q.2931) Connection SETUP * With Source Address, Destination Address Communicate Connection RELEASE

9 9 ATM Firewall Routers with Black Lists Basic Concepts : ATM Addressing –CCITT (now ITU-T) E.164 NDC : National destination code N(s)N : National (significant) number SA : Sub-address SN : Subscriber number E.164 => Hierarchical Topology NDC S N SA N(s)N

10 10 ATM Firewall Routers with Black Lists Logical ATM Topology based on CCITT(now ITU-T) E.164 Firewall Routers Host HOST A HOST B FR 2 FR 3 FR 1 Domain C Domain D

11 11 ATM Firewall Routers with Black Lists Black List Cells (based on Q.2931) Black List CAMs (Content Addressable Memory) Black List Destination AddressSource Address (Message Type) Source AddressDestination Address Why CAM? For speed up.

12 12 ATM Firewall Routers with Black Lists Black List Cells Black List CAMs Black List Destination AddressSource Address Destination Address

13 13 ATM Firewall Routers with Black Lists Scenario 1 –Protected Host A, Unauthorized Host B Scenario2 –Protected Host A, Unauthorized Domain C Scenario 3 –Protected Domain D, Unauthorized Domain C

14 14 ATM Firewall Routers with Black Lists Scenario 1 : Protected Host A, Unauthorized Host B 1. Host A sends a Black List Cell to FR 1 2. FR 1 saves it to its Black List CAM 3. Host B requests a Call SETUP to Host A 4. FR 1 receives it & Searches its Black List CAM If exists -> Discards the Call SETUP Message & Sends an Alarm Signals to Host A Else -> Passes the Call SETUP Message

15 15 ATM Firewall Routers with Black Lists Scenario 2 : Protected Host A, Unauthorized Domain C 1. Host A sends a Black List Cell to FR 2 2. FR 2 saves it to its Black List CAM 3. Host in Domain C requests a Call SETUP to Host A 4. FR 1 receives it & Searches its Black List CAM If exists -> Discards the Call SETUP Message & Sends an Alarm Signal to Host A Else -> Passes the Call SETUP Message

16 16 ATM Firewall Routers with Black Lists Scenario 2 : Protected Host A, Unauthorized Domain C 5. FR 2 receives it & Searches its Black List CAM If exists -> Discards the Call SETUP Message & Sends an Alarm Signal to Host A Else -> Passes the Call SETUP Message

17 17 ATM Firewall Routers with Black Lists Scenario 3 : Protected Domain A, Unauthorized Domain C 1. Host A sends a Black List Cell to FR 2 2. FR 2 saves it to its Black List CAM 3. Host in Domain C requests a Call SETUP to Host in Domain A 4. FR 1 receives it & Searches its Black List CAM If exists -> Discards the Call SETUP Message & Sends an Alarm Signal to Host A Else -> Passes the Call SETUP Message

18 18 ATM Firewall Routers with Black Lists Scenario 2 : Protected Host A, Unauthorized Domain C 5. FR 2 receives it & Searches its Black List CAM If exists -> Discards the Call SETUP Message & Sends an Alarm Signal to Host A Else -> Passes the Call SETUP Message

19 19 ATM Firewall Routers with Black Lists Give Authority to unauthorized Party Scenario 4 : Protected Host A, Unauthorized Host B 1. Host A sends a Permit Cell to FR 1 2. FR 1 saves it to its Black List CAM

20 20 ATM Firewall Routers with Black Lists Scenario 2 : Protected HOST A, Unauthorized Domain C Black List Destination Address Source Address ~.~.*.* (Message Type) Scenario 3 : Protected Domain D, Unauthorized Domain C Black List Destination AddressSource Address ~.~.*.* (Message Type) Black List Cells

21 21 Conclusions Advantages –Domain Protection & Host Protection –Alarm Signals –Low Overheads (Time Delays, Traffic Loads) –Strong Protection with List of Authorized User Cells, List of Authorized User CAMs

22 22 Conclusions Disadvantages –Fake Black List Cells Common problems of Network Management Signals Future Works –How to prevent Fake Black List Cells

23 23 The End Thank you.

Download ppt "ATM Firewall Routers with Black Lists Hwajung LEE The George Washington University School of Engineering and Applied Science Electrical Engineering and."

Similar presentations

TWO STEP EQUATIONS 1. SOLVE FOR X 2. DO THE ADDITION STEP FIRST

TWO STEP EQUATIONS 1. SOLVE FOR X 2. DO THE ADDITION STEP FIRST
McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 22 Simple Mail Transfer Protocol (SMTP)

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 22 Simple Mail Transfer Protocol (SMTP)
You have been given a mission and a code. Use the code to complete the mission and you will save the world from obliteration…

You have been given a mission and a code. Use the code to complete the mission and you will save the world from obliteration…
9-1 Chapter 9 - Communication Principles of Computer Architecture by M. Murdocca and V. Heuring © 1999 M. Murdocca and V. Heuring Principles of Computer.

9-1 Chapter 9 - Communication Principles of Computer Architecture by M. Murdocca and V. Heuring © 1999 M. Murdocca and V. Heuring Principles of Computer.
1 UNIT I (Contd..) High-Speed LANs. 2 Introduction Fast Ethernet and Gigabit Ethernet Fast Ethernet and Gigabit Ethernet Fibre Channel Fibre Channel High-speed.

1 UNIT I (Contd..) High-Speed LANs. 2 Introduction Fast Ethernet and Gigabit Ethernet Fast Ethernet and Gigabit Ethernet Fibre Channel Fibre Channel High-speed.
Virtual Trunk Protocol

Virtual Trunk Protocol
Advanced Piloting Cruise Plot.

Advanced Piloting Cruise Plot.
ITU IP & Telecoms Interworking Workshop, Jan 2000 1 Interworking Between Public Data Networks and the Internet A numbering perspective ITU IP and Telecoms.

ITU IP & Telecoms Interworking Workshop, Jan Interworking Between Public Data Networks and the Internet A numbering perspective ITU IP and Telecoms.
Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 5 Author: Julia Richards and R. Scott Hawley.

Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 5 Author: Julia Richards and R. Scott Hawley.
1 Copyright © 2010, Elsevier Inc. All rights Reserved Fig 2.1 Chapter 2.

1 Copyright © 2010, Elsevier Inc. All rights Reserved Fig 2.1 Chapter 2.
By D. Fisher Geometric Transformations. Reflection, Rotation, or Translation 1.

By D. Fisher Geometric Transformations. Reflection, Rotation, or Translation 1.
Network Research Group Universiti Sains Malaysia.

Network Research Group Universiti Sains Malaysia.
1 Building a Fast, Virtualized Data Plane with Programmable Hardware Bilal Anwer Nick Feamster.

1 Building a Fast, Virtualized Data Plane with Programmable Hardware Bilal Anwer Nick Feamster.
Page 1 Approximately Maximum Bandwidth Routing for Slotted Wireless Ad Hoc Networks Approximately Maximum Bandwidth Routing for Slotted Wireless Ad Hoc.

Page 1 Approximately Maximum Bandwidth Routing for Slotted Wireless Ad Hoc Networks Approximately Maximum Bandwidth Routing for Slotted Wireless Ad Hoc.
Business Transaction Management Software for Application Coordination 1 www.choreology.com Business Processes and Coordination.

Business Transaction Management Software for Application Coordination 1 Business Processes and Coordination.
Thema: Menü Ansicht, Master, Folien-Master 1 ITU - IP Telephony Workshop June 2000 9.5.2000 Standards for IP-telephony P.A.Probst, External Relations Swisscom.

Thema: Menü Ansicht, Master, Folien-Master 1 ITU - IP Telephony Workshop June Standards for IP-telephony P.A.Probst, External Relations Swisscom.
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Title Subtitle.

Title Subtitle.
0 - 0.

0 - 0.

Similar presentations

Ads by Google