Research of the IP-Telephony for the Czech Armed Forces
This presentation is the property of its rightful owner.
Sponsored Links
1 / 13

Research of the IP-Telephony for the Czech Armed Forces Lt . Bc . Zburníková Lucie PowerPoint PPT Presentation


  • 51 Views
  • Uploaded on
  • Presentation posted in: General

Research of the IP-Telephony for the Czech Armed Forces Lt . Bc . Zburníková Lucie. Main points of presentation. characteristic of IP-telephony aims of the scientific work DoS attacks prevention and response overall summary. Aims of the scientific work.

Download Presentation

Research of the IP-Telephony for the Czech Armed Forces Lt . Bc . Zburníková Lucie

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Research of the ip telephony for the czech armed forces lt bc zburn kov lucie

Research of the IP-Telephony for the Czech Armed Forces

Lt. Bc. Zburníková Lucie


Main points of presentation

Main points of presentation

  • characteristic of IP-telephony

  • aims of the scientific work

  • DoS attacks

  • prevention and response

  • overall summary


Aims of the scientific work

Aims of the scientific work

  • to create a possible network diagram

  • to categorize the DoS attacks

  • to make the total and actual list of them

  • to propose the form of detection and counteraction against them


Network diagram

Network diagram


Categories and types of denial of service attacks

Categories and types of Denial of Service attacks

  • Direct Denial of Service attacks:

    Single-tier attacks

    Dual-tier attacks

    Triple-tier ‘distributed’ attacks

  • Indirect Denial of Service attacks:

    The LoveBug virus

    Code Red and Nimda worms


Direct denial of service attacks

Direct Denial of Service attacks

  • Single-tier DoS Attacks (1990-1997)

    Examples: Ping of Death, SYN floods, other malformed packet attacks

  • Dual-tier DoS Attacks (late 1997)‏

    Example: Smurf

  • Triple-tier DDoS Attacks (1998-2000)‏

    Examples: TFN2K, Stacheldraht, Mstream


Compare of the attacks

Compare of the attacks

  • Older attacks are ineffective or of low danger.

  • The attempts that use new vulnerabilities of systems have low lifetime.

  • Flood attacks are simple, but dangerous.

  • DDoS flood attacks cause serious problems which can shift of any server.

  • Some new attempts can combine number of different simple attacks and can use DDos.


Prevention and response

Prevention and Response

  • Intrusion detection system (IDS)

    • network intrusion detection system

    • protocol-based intrusion detection system (Example: Snort)‏

    • application protocol-based intrusion detection system

    • host-based intrusion detection system

    • hybrid intrusion detection system (Example: Prelude)‏

  • Intrusion prevention system

  • (Self)defence against DoS attacks


Research of the ip telephony for the czech armed forces lt bc zburn kov lucie

Network-based vs. host-based system

+

-

  • It's able to verify if attack was succesful or not.

  • The functionality isn't affected by transmission or using the encryption.

  • It's able to prevent the attack.

  • It uses server as a source.

  • The possibility of usage depends on OS.

  • The extensibility - requires installation of one agent / server.

Host-Based

  • It protects all terminal station on the monitoring net.

  • It has no influence on function of the terminal stations / servers.

  • It's able to detect DoS attacks.

  • There are more difficult implement. in the environment of the switching LAN.

  • Monitoring above 1Gb/s is the problem for now.

  • Generally it can't for-actively stop the attack.

Network-Based


Research of the ip telephony for the czech armed forces lt bc zburn kov lucie

Solution Set

Switch

Sensor

Catalyst 6500

IDS Module

Router

Sensor

3700

7xxx

1700

2600

3600

Firewall

Sensor

501

506E

515E

525

535

Network

Sensor

4210

4235

4250

Host

Sensor

Web Server Edition

Standard Edition

Web UI

Embedded Mgr

Secure

Command Line

CiscoWorks VMS

Mgmt

IDS on platforms of Cisco


General defence

General defence

  • The systems for detection (and prevention) unauthorized intersection get past accessories for security nets by the firewalls.

  • We obtain high level of defence in the face of unauthorized activities by the combination of net IDS and IDS for servers.

  • The correct function of IDS has to be supported by regular plotting the adventitious information and upgrade of the system.


Overall summary

Overall summary

  • VoIP telephony has a great potential to bring considerable advantages into telecommunications in comparison with standard technologies.

  • The main advantage is cost reduction especially in the case of long distance calls.

  • It offers quality phone services including secure voice and development prevention and response.


Research of the ip telephony for the czech armed forces lt bc zburn kov lucie

Thank you for your attention


  • Login