Application of Content Computing in Honeyfarm Introduction Overview of CDN (content delivery network) Overview of honeypot and honeyfarm New redirection.

Slides:

Advertisements

Similar presentations

Dynamic Replica Placement for Scalable Content Delivery Yan Chen, Randy H. Katz, John D. Kubiatowicz {yanchen, randy, EECS Department.

Advertisements

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

1 Content Delivery Networks iBAND2 May 24, 1999 Dave Farber CTO Sandpiper Networks, Inc.

Chapter 12 Network Security.

Cis e-commerce -- lecture #6: Content Distribution Networks and P2P (based on notes from Dr Peter McBurney © )

CSE 190: Internet E-Commerce Lecture 16: Performance.

Web Servers How do our requests for resources on the Internet get handled? Can they be located anywhere? Global?

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

SERVER LOAD BALANCING Presented By : Priya Palanivelu.

Anycast Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays 1:30pm-2:50pm.

Application-Layer Anycasting: A Server Selection Architecture and Use in a Replicated Web Service IEEE/ACM Transactions on Networking Vol.8, No. 4, August.

Data Security in Local Networks using Distributed Firewalls

1 Web Content Delivery Reading: Section and COS 461: Computer Networks Spring 2007 (MW 1:30-2:50 in Friend 004) Ioannis Avramopoulos Instructor:

Web Caching and CDNs March 3, Content Distribution Motivation –Network path from server to client is slow/congested –Web server is overloaded Web.

Caching and Content Distribution Networks. Web Caching r As an example, we use the web to illustrate caching and other related issues browser Web Proxy.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

1 Enabling Secure Internet Access with ISA Server.

Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

1 Content Distribution Networks. 2 Replication Issues Request distribution: how to transparently distribute requests for content among replication servers.

Content Distribution March 8, : Application Layer1.

Active Network Applications Tom Anderson University of Washington.

Introduction to Honeypot, Botnet, and Security Measurement

Barracuda Load Balancer Server Availability and Scalability.

1 The SpaceWire Internet Tunnel and the Advantages It Provides For Spacecraft Integration Stuart Mills, Steve Parkes Space Technology Centre University.

Redirection and Load Balancing

{ Content Distribution Networks ECE544 Dhananjay Makwana Principal Software Engineer, Semandex Networks 5/2/14ECE544.

Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.

1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.

HoneyD (Part 2) Small Business NIDS This presentation demonstrates the ability for Small Businesses to emulate virtual operating systems and conduct.

Honeypots. Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.

Communications and Networks Chapter 8. 2 Introduction We live in a truly connected society. Increased connectivity potentially means increased productivity,

1 /160 © NOKIA 2001 MobileIPv6_Workshop2001.PPT / / Tutorial Mobile IPv6 Kan Zhigang Nokia Research Center Beijing, P.R.China

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

P RESENTED B Y - Subhomita Gupta Roll no: 10 T OPICS TO BE DISCUSS ARE : Introduction to Firewalls  History Working of Firewalls Needs Advantages and.

OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

A Virtual Honeypot Framework Author: Niels Provos Published in: CITI Report 03-1 Presenter: Tao Li.

Module 11: Implementing ISA Server 2004 Enterprise Edition.

How to create DNS rule that allow internal network clients DNS access Right click on Firewall Policy ->New- >Access Rule Right click on Firewall.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

1 Installing and Maintaining ISA Server Planning an ISA Server Deployment Understand the current network infrastructure. Review company security.

PROP: A Scalable and Reliable P2P Assisted Proxy Streaming System Computer Science Department College of William and Mary Lei Guo, Songqing Chen, and Xiaodong.

DYNAMIC LOAD BALANCING ON WEB-SERVER SYSTEMS by Valeria Cardellini Michele Colajanni Philip S. Yu.

Web Caching and Replication Presented by Bhushan Sonawane.

Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor.

Implementing ISA Server Caching

Setup and Management for the CacheRaQ. Confidential, Page 2 Cache Installation Outline – Setup & Wizard – Cache Configurations –ICP.

ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.

Content Distribution Network, Proxy CDN: Distributed Environment

CS 6401 Overlay Networks Outline Overlay networks overview Routing overlays Resilient Overlay Networks Content Distribution Networks.

Understand Network Isolation Part 2 LESSON 3.3_B Security Fundamentals.

Introduction to Active Directory

Content Delivery Networks: Status and Trends Speaker: Shao-Fen Chou Advisor: Dr. Ho-Ting Wu 5/8/

3/5/2016Faculty : Trần Thị Ngọc Hoa1 From Proxy Server To ISA 2006  Overview  History  Functions  Caching Process  Caching Types  How does it work.

VPN Alex Carr. Overview  Introduction  3 Main Purposes of a VPN  Equipment  Remote-Access VPN  Site-to-Site VPN  Extranet Based  Intranet Based.

Presented By Hareesh Pattipati.  Introduction  Firewall Environments  Type of Firewalls  Future of Firewalls  Conclusion.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Multicast in Information-Centric Networking March 2012.

Network Processing Systems Design

Network System Security - Task 2. Russell Johnston.

Module 3: Enabling Access to Internet Resources

CONNECTING TO THE INTERNET

F5 BIGIP V 9 Training.

VIRTUAL SERVERS Presented By: Ravi Joshi IV Year (IT)

ISMS Information Security Management System

Content Distribution Networks (CDNs)

IS4680 Security Auditing for Compliance

Firewalls Routers, Switches, Hubs VPNs

Data Security in Local Networks using Distributed Firewalls

Presentation transcript:

Application of Content Computing in Honeyfarm Introduction Overview of CDN (content delivery network) Overview of honeypot and honeyfarm New redirection mechanism in honeyfarm Possible future extension

Introduction Honeypot and honeyfarm are important security technologies. Efficient and transparent redirection mechanism is necessary for successful construction of honeyfarm. Content delivery network (CDN) can be used to implement redirection for honeyfarm.

Modifications in CDN to make it suitable for redirection in honeyfarm.

Overview of CDN CDN: –Dedicated network of servers –Deploy throughout the Internet –Fast delivery of web site contents Four components of CDN : –Surrogate servers –Routers –Request-routing infrastructure (RRI) –Accounting logs

Two primary technologies of CDN: –Intelligent wide area traffic management Direct clients’ requests to optimal site based on topological proximity. Two types of redirection: DNS redirection or URL rewriting. –Cache Saves useful contents in cache nodes. Two cache policies: least frequently used standard and least recently used standard.

Overview of honeypot and honeyfarm Honeypot –A secure resource. –A web site with imitated contents to lure hackers. –To research and explore hackers’ behaviors. Three types of honeypot: –Low-interaction honeypot. –High-interaction honeypot. –Medium-interaction honeypot.

Honeyfarm: –One type of high-interaction honeypot. –Many honeypots deployed throughout the Internet. –Emulates web sites as real as possible. –Currently uses layer 2 VPN to redirect hackers.

Requirements of redirection in honeyfarm: –Transparency. –Quick access. –Update. CDN is able to fulfill requirements of redirection in honeyfarm.

New redirection mechanism in honeyfarm Drawback of layer 2 VPN redirection: –Centralized problem creates latency. Problems of CDN redirection: –Transparency requirement may not be satisfied. –Comparison of topological proximity in RRI gives rise to a centralized problem.

Modifications of CDN to meet the redirection requirements: –Integrating RRI, local DNS server and proxy cache into one single component called redirection server. –All honeypots are organized in CDN architecture. –Redirection servers are organized in a tree structure.

Two steps in the handling of hackers: –Identification of potential hackers. –Redirection of identified hackers to the appropriate honeypot.

Identification of potential hackers: –Monitoring of unused IP addresses in the intranet. –Using rule-based intrusion detection systems (IDS). –Using firewall. –Identification of potential hackers is done in ‘mid-system’.

Workflow of redirection of hackers: –Request from hackers to mid-system to resolve domain name of genuine target is sent to redirection server. –Redirection server returns its own address to mid-system so that subsequent requests will be redirected to redirection server. –Hackers ask mid-system to send contents.

–Local redirection server asks all leaf redirection servers if requested contents have been emulated in honeyfarm. –If yes, then

–If no, hackers are kept in the mid-system by giving some limited privilege. –Local redirection server selects nearest honeypot and emulate requested contents. –When emulation completed, IP address of selected honeypot is returned. –Local redirection server gets contents from the honeypot and disguise them as if they are from the genuine target. –Emulated contents are sent to mid-system.

Advantages of the new redirection mechanism: –Transparency - the modification of the requested contents and identification of the hackers in the mid- systems can ensure transparency. –Quick access - The distribution of comparing the topological proximity and constructing the honeyfarm in a CDN architecture increase the speed for the honeyfarm to select the best honeypot for content delivery. –Update - the update approach of CDN can make sure that the information emulated in the honeyfarm can be updated in time.

Possible future extension Performance issues of the redirection mechanism. Issue of proxy cache. Combining URL rewriting and DNS-based redirection.

Thank you!

Q & A