Documente Academic
Documente Profesional
Documente Cultură
➲ History
➲ Current State
➲ Current Efforts
History
➲ For a long time network security implied cryptography to the
R&D community (50-90).
➲ Internet arrived with Web-browser and email – and the
venerated Firewall and Virus Scanner appeared ( circa
1995).
● The first Internet virus is Morris Worm in 1988.
● FW in late 80’s (accredited to Steve Bellovin).
● Trusted Information Systems (TIS) Firewall Toolkit (FWTK) 10/1/1993.
● Checkpoint FW-1 in 1994.
● McAfee Pro-scan 1990.
➲ IPSec and SSL standardized (circa 1998).
➲ Then Spam Filters, IDS and IPS.
➲ AES standardized (2001), 3DES (1999), DES (1977).
➲ WiFi WEP debacle prompted 802.11i (circa 2004) .
➲ SHA-1 broken ? (2005).
The Current Issues
1. Triggers Intercept ACL on router, default ACL determines initial network access
2. Router triggers posture validation with CTA (EAPoUDP)
3. CTA sends posture credentials to router (EAPoUDP)
4. Router sends posture credentials to AAA (RADIUS)
5. If necessary, AAA request posture validation (HCAP - Host Credential Authorization Protocol (HTTPSbased))
6. AAA validates posture (Healthy, Checkup, Quarantine, Remediate)
7. AAA sends Access-Accept with ACLs/URL redirect as per policy to router.
8. Host granted/denied/redirected/restricted access.
Access Control - Cisco NAC
D A B C
SecY Protection
SCA SCB SCC
CAABC
➲ Knuth-Morris-Pratt
➲ Boyer-Moore uses huresritcs to speed up.
● O(k(m+n))
➲ Commentz-Walter
➲ Wu-Manbar
➲ Aho-Corasick creats an NFA( then a DFA)
out all the search patterns.
● O(n)
● State explosion
COTS IP Packet Processor
Architecture (IXP 2400 circa 2003)
➲ 4 GE ports
➲ Throughput
● 4 Gbps for all frame sizes
● 12 mpps for 64 byte frames
● 0.4 mpps for 1518 byte frames
➲ Latency :
● 100% throughput 45 usec for 1518 byte frames.
● 75% throughput 34 usec for 1518 byte frames.
● 50% throughput 26 usec for 1518 byte frames.
● 25% throughput 17.4 usec for 1518 byte frames.
IXP2400 Internal Architecture
72
Stripe/byte align
MEv2 MEv2 1
DDRAM
1 2
3 Rbuf
64 @ 128B
S 32b
P
I
3
or
MEv2 MEv2 C
G 4 3 S
PCI
XScale A 4 Tbuf I
X 32b
64b Core S
2
64 @ 128B
(64b) K
32K IC
66 MHz E
32K DC T MEv2 MEv2
Hash
5 6 64/48/128
Scratch
16KB
QDR QDR CSRs
MEv2 MEv2 -Fast_wr -UART
SRAM SRAM
8 7 -Timers -GPIO
1 2
-BootROM/Slow Port
E/D Q E/D Q
18 18 18 18
String Matching - MIPS Issue
SPADE smb
rules
Signature based
Software content
String Matching Uses 1
(SNORT)
➲ Profiled Items
● Top Applications
● Top Sources & Destinations
● Top Conversations
➲ Protocol Analysis
● TCP state reconstruction
● UDP/ICMP state reconstruction
● Application protocols – FTP, Telnet, HTTP, Sun RPC,
MSRPC, NFS, SMB/CIFS, P2P – Kazza, etc.
● Tunneled – IPIP, HTTP
Profiling - Issues