RASD Rapid Adaptive Secure DNS Matthew Weaver Jeremy Witmer Dr. Chow, Advising CS 622 – Fall 2007.

Slides:

Advertisements

Similar presentations

The following 10 questions test your knowledge of Internet-based client management in Configuration Manager Configuration Manager 2007 Internet-Based.

Advertisements

CSE 222a Final Project - UCSD Spring 2007 p2p DNS addressing Presented By- Anup Tapadia Alexander Loukissas Justin Wu.

DNSSEC & Validation Tiger Team DHS Federal Network Security (FNS) & Information Security and Identity Management Committee (ISIMC) Earl Crane Department.

Netscape Application Server Application Server for Business-Critical Applications Presented By : Khalid Ahmed DS Fall 98.

PEER-TO-PEER Is a type of network in which each workstation has equivalent capabilities and responsibilities. This differs from client/server architectures,

Module 5: Configuring Access to Internal Resources.

ECE 4450:427/527 - Computer Networks Spring 2015 Dr. Nghi Tran Department of Electrical & Computer Engineering Lecture 8: Application Layer Dr. Nghi Tran.

Naming Computer Engineering Department Distributed Systems Course Asst. Prof. Dr. Ahmet Sayar Kocaeli University - Fall 2014.

Secure Group communication for First Responders [SGFR] By Ganesh Godavari.

Component-oriented approaches to context-aware systems – Monday 14 June The Contextor Infrastructure for Context-Aware Computing Gaëtan Rey, Joëlle.

PSMC Proxy Server-based Multipath Connection CS 526 Advanced Networking - Richard White.

ChowSCID1 Secure Collective Internet Defense (SCID) C. Edward Chow Yu Cai Dave Wilkinson Sarah Jelinek Part of this project is sponsored by a grant from.

ChowSCOLD1 Secure Collective Defense Network (SCOLD) C. Edward Chow Yu Cai Dave Wilkinson Sarah Jelinek Part of this project is sponsored by a grant from.

RASD Rapid Adaptive Secure DNS Matthew Weaver Jeremy Witmer Dr. Chow, Advising CS 622 – Fall 2007.

October 2003 Iosif Legrand Iosif Legrand California Institute of Technology.

DNS and DNSSec Eustace Asanghanwa Andrew Bates Shane Jahnke Brian Wilke.

Secure Collective Internet Defense (SCID) Yu Cai 05/30/2003

Enhanced Secure Dynamic DNS Update with Indirect Route David Wilkinson, C. Edward Chow, Yu Cai 06/11/2004 University of Colorado at Colorado Springs IEEE.

ChowSCOLD1 Secure Collective Internet Defense (SCOLD) C. Edward Chow Yu Cai Dave Wilkinson Sarah Jelinek Part of this project is sponsored by a grant from.

DNS: Revising the Current Protocol Matt Gustafson Matt Weaver CS522 Computer Communications University of Colorado, Colorado Springs.

2 Systems Architecture, Fifth Edition Chapter Goals Describe client/server and multi-tier application architecture and discuss their advantages compared.

Chapter 9: Moving to Design

DNS Security Extensions (DNSSEC) Ryan Dearing. Topics History What is DNS? DNS Stats Security DNSSEC DNSSEC Validation Deployment.

CPSC 441: DNS1 Instructor: Anirban Mahanti Office: ICT Class Location: ICT 121 Lectures: MWF 12:00 – 12:50 Notes derived.

Content Networking - CON Content Overlay Network Vishal Kumar Singh Eilon Yardeni April, 28 th 2005.

1 Secure DNS Solutions Rooster. 2 Introduction What does security mean for DNS? What security problems exist for DNS, what is being done about them, and.

DNS Security Brad Pokorny The University of Minnesota Informal Security Seminar 4/18/03.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols Network Fundamentals – Chapter.

By Karan Oberoi.  A directory service (DS) is a software application- or a set of applications - that stores and organizes information about a computer.

Understanding Active Directory

Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.

Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.

Dynamic Host Configuration Protocol (DHCP)

A Scalable Application Architecture for composing News Portals on the Internet Serpil TOK, Zeki BAYRAM. Eastern MediterraneanUniversity Famagusta Famagusta.

User-Perceived Performance Measurement on the Internet Bill Tice Thomas Hildebrandt CS 6255 November 6, 2003.

Ch-9: NAME SERVICES By Srinivasa R. Gudipati. To be discussed.. Fundamentals of Naming Services Naming Resolution The Domain Name System (DNS) Directory.

Databases and the Internet. Lecture Objectives Databases and the Internet Characteristics and Benefits of Internet Server-Side vs. Client-Side Special.

Chapter 10 Intro to Routing & Switching.  Upon completion of this chapter, you should be able to:  Explain how the functions of the application layer,

DNS: Domain Name System

Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.

An XMPP (Extensible Message and Presence Protocol) based implementation for NHIN Direct 1.

DotSlash An Automated Web Hotspot Rescue System Jonathan Bulava CSC8530 – Distributed Systems Dr. Paul Schragger.

Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.

2: Application Layer 1 Chapter 2: Application layer r 2.1 Principles of network applications r 2.2 Web and HTTP r 2.3 FTP r 2.4 Electronic Mail  SMTP,

CS480 Computer Science Seminar Introduction to Microsoft Solutions Framework (MSF)

DNS Security Pacific IT Pros Nov. 5, Topics DoS Attacks on DNS Servers DoS Attacks by DNS Servers Poisoning DNS Records Monitoring DNS Traffic Leakage.

ComNets Tutorial: Future Internet with Information Centric Networks Asanga Udugama (1), Carmelita Goerg (1) and Andreas Timm-Giel (2) (1) Communications.

On the use of Reliable Multicast for Content Distribution Vassilis Chatzigiannakis

XMPP Concrete Implementation Updates: 1. Why XMPP 2 »XMPP protocol provides capabilities that allows realization of the NHIN Direct. Simple – Built on.

1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.

1 Windows 2008 Configuring Server Roles and Services.

INTERNET AND ADHOC SERVICE DISCOVERY BY: NEHA CHAUDHARY.

Data Communications and Networks Chapter 5 – Network Services DNS, DHCP, FTP and SMTP ICT-BVF8.1- Data Communications and Network Trainer: Dr. Abbes Sebihi.

Dr. Ian Wang Cardiff University, U.K.. Ian Wang, Cardiff University Peer-to-Peer and Grids What does the Peer-to-Peer paradigm offer Grids? Scalable Decentralized.

Introduction to Microsoft Windows 2000 Integrated support for client/server and peer-to-peer networks Increased reliability, availability, and scalability.

9 Systems Analysis and Design in a Changing World, Fourth Edition.

Peer-to-Peer Programming with.NET 3.5 Dean Fiala Very Practical Software vpsw.com.

1 Installing and Maintaining ISA Server Planning an ISA Server Deployment Understand the current network infrastructure. Review company security.

World Wide Web “WWW”, "Web" or "W3". World Wide Web “WWW”, "Web" or "W3"

Scalable Grid system– VDHA_Grid: an e-Science Grid with virtual and dynamic hierarchical architecture Huang Lican College of Computer.

Computer Networks Fall, 2007 Prof Peterson. CIS 235: Networks Fall, 2007 Western State College How’s it going??

DNS DNS overview DNS operation DNS zones. DNS Overview Name to IP address lookup service based on Domain Names Some DNS servers hold name and address.

Speaker: Yi-Lei Chang Advisor: Dr. Kai-Wei Ke 2012/05/15 IPv6-based wireless sensor network 1.

ZLOT The Z Texas Implementation Component of the Library of Texas Dr. William E. Moen Principal Investigator.

MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition (70-294) Chapter 1: Overview of the Active.

Information Services July 22 nd 2010, GENI I&M Working Group Jason Zurawski - Internet2.

Netscape Application Server

IMPLEMENTING NAME RESOLUTION USING DNS

And Digital Library Services Registries

Presentation transcript:

RASD Rapid Adaptive Secure DNS Matthew Weaver Jeremy Witmer Dr. Chow, Advising CS 622 – Fall 2007

RASD - Weaver/Witmer - CS622 Overview We designed and implemented a scalable system to secure DNS traffic on a local network We designed and implemented a scalable system to secure DNS traffic on a local network

RASD - Weaver/Witmer - CS622 System Design Goals 1. Create trusted channels for name record information exchange 2. Rapid server-side push updates for cached client name records

RASD - Weaver/Witmer - CS622 Data Exchange Format DNS traffic is UDP DNS traffic is UDP Keep UDP on the client Keep UDP on the client Client/Server communication is XML over SSL Client/Server communication is XML over SSL

RASD - Weaver/Witmer - CS622 Client Software Listen and respond to local DNS queries, with caching Listen and respond to local DNS queries, with caching Listen for server-pushed name record updates Listen for server-pushed name record updates

RASD - Weaver/Witmer - CS622 Server Software Listen for client DNS queries and respond, with caching Listen for client DNS queries and respond, with caching Wait for name record updates, and push to registered clients Wait for name record updates, and push to registered clients

RASD - Weaver/Witmer - CS622 Prototype Results HostnameRASD Lookup Time (s)Windows Client Lookup Time (s) homestead.com flickr.com ncf.com stockmarketenews.com petroflexna.com pnanet.com nia.com agilent.com peyamner.com yahoo.com flbb.com blogspot.com AVERAGE

RASD - Weaver/Witmer - CS622 Prototype Results Domain NameRASD Average (s)WinClient Average (s) google.com compusa.com agilent.com amazon.com yahoo.com Average Time for 10 DNS Queries

RASD - Weaver/Witmer - CS622 Further Research Extended DNS handling Extended DNS handling RASD Server discovery RASD Server discovery Automatic Client Installation Automatic Client Installation SCOLD Environment testing SCOLD Environment testing Standardized entry caching Standardized entry caching

RASD - Weaver/Witmer - CS622 Conclusion The architecture is valid The architecture is valid The implementation needs extension and refactoring The implementation needs extension and refactoring Numerous options for further research Numerous options for further research

RASD - Weaver/Witmer - CS622 References [1] A. Friedlander, A. Mankin, WD Maughan, and S. Crocker. "DNSSEC: A Protocol Towards Securing the Internet Infrastructure". Communications of the ACM. Vol. 50, Num. 6. pp June [1] A. Friedlander, A. Mankin, WD Maughan, and S. Crocker. "DNSSEC: A Protocol Towards Securing the Internet Infrastructure". Communications of the ACM. Vol. 50, Num. 6. pp June [2] G. Ateniese and S. Mangard. "A New Approach to DNS Security (DNSSEC)". Proceedings of the 8th ACM conference on Computer and Communications Security. pp [2] G. Ateniese and S. Mangard. "A New Approach to DNS Security (DNSSEC)". Proceedings of the 8th ACM conference on Computer and Communications Security. pp [3] C.E. Chow, Y. Cai, D. Wilkinson, and G. Godavari. "Secure Collective Defense System". Global Telecommunications Conference (GLOBECOM '04). Volume 4. pp December [3] C.E. Chow, Y. Cai, D. Wilkinson, and G. Godavari. "Secure Collective Defense System". Global Telecommunications Conference (GLOBECOM '04). Volume 4. pp December [4] Website: “DNS Tester”. [4] Website: “DNS Tester”. [5] Website: “Dig DNS Query Tool“. [5] Website: “Dig DNS Query Tool“.