ChowSCOLD1 Secure Collective Internet Defense (SCOLD) C. Edward Chow Yu Cai Dave Wilkinson Sarah Jelinek Part of this project is sponsored by a grant from.

Slides:

Advertisements

Similar presentations

(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.

Advertisements

© 2004 SafeNet, Inc. All rights reserved. Mobike Protocol Design draft-ietf-mobike-design-00.txt Tero Kivinen

Barracuda Link Balancer Link Reliability and Bandwidth Optimization.

On Proxy Server based Multipath Connections (PSMC) PhD Proposal Yu Cai 12/2003 University of Colorado at Colorado Springs.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—5-1 WAN Connections Enabling the Internet Connection.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Module 1: Microsoft Windows 2000 Networking Services Infrastructure Overview.

Distributed Denial of Service Attacks: Characterization and Defense Will Lefevers CS522 UCCS.

Firewall Configuration Strategies

WS-Denial_of_Service Dariusz Grabka M.Sc. Candidate University of Guelph February 13 th 2007.

COS 420 Day 18. Agenda Assignment 4 Posted Chap Due April 6 Group project program requirements Submitted but Needs lots of work Individual Project.

Dynamic Process Allocation in Apache Server Yu Cai.

Design and Implementation of Alternative Route Against DDOS Jing Yang and Su Li.

Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.

Explore the use of multiple gateways for intrusion detection defense Sunil Bhave & Sonali Patankar CS526 Fall 2002.

On Proxy Server based Multipath Connections (PSMC) PhD Proposal Yu Cai 10/2003 University of Colorado at Colorado Springs.

1 TPAC 10/10/2003 chow C. Edward Chow Department of Computer Science University of Colorado at Colorado Springs C. Edward Chow Department of Computer Science.

Security Awareness: Applying Practical Security in Your World

PSMC Proxy Server-based Multipath Connection CS 526 Advanced Networking - Richard White.

ChowSCID1 Secure Collective Internet Defense (SCID) C. Edward Chow Yu Cai Dave Wilkinson Sarah Jelinek Part of this project is sponsored by a grant from.

ChowSCOLD1 Secure Collective Defense Network (SCOLD) C. Edward Chow Yu Cai Dave Wilkinson Sarah Jelinek Part of this project is sponsored by a grant from.

1 Computer System Evolution Central Data Processing System: - with directly attached peripherals (card reader, magnetic tapes, line printer). Local Area.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

Lesson 20 – OTHER WINDOWS 2000 SERVER SERVICES. DHCP server DNS RAS and RRAS Internet Information Server Cluster services Windows terminal services OVERVIEW.

Secure Collective Internet Defense (SCID) Yu Cai 05/30/2003

Enhanced Secure Dynamic DNS Update with Indirect Route David Wilkinson, C. Edward Chow, Yu Cai 06/11/2004 University of Colorado at Colorado Springs IEEE.

1 Cybersecurity Symposium 9/19/2003 chow C. Edward Chow Yu Cai Dave Wilkinson Department of Computer Science University of Colorado at Colorado Springs.

1 DACAManet Proposer’s Workshop UCCS-Raytheon Terry Boult C. Edward Chow Department of Computer Science University of Colorado at Colorado Springs Leland.

Autonomous Anti-DDoS Network V2.0 (A2D2-2) Sarah Jelinek University Of Colorado, Colo. Spgs. Spring Semester 2003, CS691 Project.

Deployment of the VoIP Servers BY: Syed khaja Najmuddin Ahmed Anil Kumar Marikukala.

Windows Server 2008 Chapter 8 Last Update

DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.

1 Content Distribution Networks. 2 Replication Issues Request distribution: how to transparently distribute requests for content among replication servers.

Network Services Lesson 6. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Setting up common networking services Understanding.

Wireless Ad Hoc VoIP Thesis by: Patrick Stuedi & Gustavo Alonso Presentation by: Anil Kumar Marukala & Syed Khaja Najmuddin Ahmed.

Active Network Applications Tom Anderson University of Washington.

1 The SpaceWire Internet Tunnel and the Advantages It Provides For Spacecraft Integration Stuart Mills, Steve Parkes Space Technology Centre University.

Dynamic Network Emulation Security Analysis for Application Layer Protocols.

Module 8: Configuring Virtual Private Network Access for Remote Clients and Networks.

© MMII JW RyderCS 428 Computer Networking1 Private Network Interconnection  VPN - Virtual Private Networks  NAT - Network Address Translation  Describe.

1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.

1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.

CHAPTER 3 PLANNING INTERNET CONNECTIVITY. D ETERMINING INTERNET CONNECTIVITY REQUIREMENTS Factors to be considered in internet access strategy: Sufficient.

Private Network Interconnection Chapter 20. Introduction Privacy in an internet is a major concern –Contents of datagrams that travel across the Internet.

1 ITS-ZeeWave Meeting 2/26/2004 UCCS Chow C. Edward Chow Department of Computer Science University of Colorado at Colorado Springs C. Edward Chow Department.

1 Chapter 3: Multiprotocol Network Design Designs That Include Multiple Protocols IPX Design Concepts AppleTalk Design Concepts SNA Design Concepts.

TeraPaths TeraPaths: Establishing End-to-End QoS Paths through L2 and L3 WAN Connections Presented by Presented by Dimitrios Katramatos, BNL Dimitrios.

Server Performance, Scaling, Reliability and Configuration Norman White.

Denial of Service Sharmistha Roy Adversarial challenges in Web Based Services.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Implementing IP Addressing Services Accessing the WAN – Chapter 7.

Demo Story Synthesizer. –Heterogeneity: 2 x multicast, 2xvideo conferencing Video conferencing. –Components: video gateway, transcoder/handheld Streaming.

DotSlash – or how to deal with 15 minutes of fame Weibin Zhao Henning Schulzrinne Columbia University CATT/WICAT Annual Research Review November 14, 2003.

1 Chapter Overview Creating Web Sites and FTP Sites Creating Virtual Directories Managing Site Security Troubleshooting IIS.

Outline of the Talk UCCS CS Programs/Network Security Lab Brief Overview of Distributed Denial of Services (DDoS) Intrusion Tolerance with Multipath Routing.

SERVERS. General Design Issues  Server Definition  Type of server organizing  Contacting to a server Iterative Concurrent Globally assign end points.

Network Processing Systems Design

C. Edward Chow Department of Computer Science

CONNECTING TO THE INTERNET

Network Load Balancing

VIRTUAL SERVERS Presented By: Ravi Joshi IV Year (IT)

Working at a Small-to-Medium Business or ISP – Chapter 7

How do You attend the meetings?

Working at a Small-to-Medium Business or ISP – Chapter 7

Network Virtualization

Working at a Small-to-Medium Business or ISP – Chapter 7

DotSlash: An Automated Web Hotspot Rescue System

Internet Connection Sharing

Single path routing in most of the servers

Presentation transcript:

ChowSCOLD1 Secure Collective Internet Defense (SCOLD) C. Edward Chow Yu Cai Dave Wilkinson Sarah Jelinek Part of this project is sponsored by a grant from NISSC; and a seed grant from EAS RDC.

ChowSCOLD2 Goals of SCOLD Project The goal of the project is to investigate techniques for enhancing Internet security and protecting the Internet Infrastructure through collective defense. SCOLD explores the use of alternate gateways and a collection of proxy servers for intrusion tolerance. SCOLD pushes back intrusion attacks using an enhanced IDIP (Intrusion Detection and Isolation Protocol) and SLP (Service Location Protocol).

ChowSCOLD3 How to use Alternate Routes When Under DDoS Attack

ChowSCOLD4 SCOLD Approach Redirect Through Proxy Servers

ChowSCOLD5 Timeline and Deliverables Phase 1. 6/2/2003-7/9/2003 (feasibility study)  Extend Bind9 DNS with Secure DNS update/query including indirect routing entries  Develop indirect routing with IP tunnel  NISSC Midterm Report. Phase 2. 7/10/2003-8/9/2003 (SCID 0.1 development)  Develop SCID protocol among SCID coordinator, proxy server, DNS server, and target.  Integrate proxy server with A2D2 for intrusion detection.  Enhance A2D2 IDS with IDIP protocol for intrusion push back. Phase 3. 8/10/2003-9/9/2003  Create test scripts and benchmark to evaluate SCID version 0.1 system;  Suggest improvements to SCID version 0.2 system.  NISSC Final Report.

ChowSCOLD6 Status Extended Bind9 DNS with DNS update with new indirect routing entry/query Developing client side indirect routing with IP tunnel Modified client resolve library to create IP tunnel when receives new indirect routing entry from DNS server. Created protocol for SCOLD coordinator to issue the indirect routing requests to target DNS, proxy server, alternate way, and target server. Perform initial performance evaluation Setting up two SCOLD prototype test beds. One with virtual machines using vmware. One with real machines connected by small switch. Looking for sites to participate in real Internet WAN tests!

ChowSCOLD7 Secure DNS Update

ChowSCOLD8 SCOLD Indirect Routing Using Daemons

ChowSCOLD9 Indirect Routing With Modified Client Resolve Library

ChowSCOLD10 How about using NAT?

ChowSCOLD11 Pro and Con of Using NAT Advantages: –No changes in Client DNS server and Client Disadvantages: –IP spoofing (Client use reverse DNS lookup will find IP address belong to different organization) –Proxy server have limited IP addresses and may force to use IP masquerade (Client needs to use different port)

ChowSCOLD12 Pro and Con of Using SCOLD Advantages: –Allow the use of multiple routes Use them simultaneously increase aggregate bandwidth Select one of them and fall back to other for reliability and security Avoid bottleneck. Disadvantages: –Require redesign of DNS and routing, modify the client resolve library.

ChowSCOLD13 SCOLD Testbed

ChowSCOLD14 Performance of SCOLD Systems

ChowSCOLD15 Performance of Enhanced Resolve Library

ChowSCOLD16 Summary

ChowSCOLD17 Need your help to test SCOLD Requirement for a full SCOLD service node (capable of issuing reroute requests): –Three Linux Redhat 9 machines. Two served as gateways with connections to two different Internet subnets or ISPs. One runs target DNS server, web server, and SCOLD coordinator.