designing manageable protocols n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Designing Manageable Protocols PowerPoint Presentation
Download Presentation
Designing Manageable Protocols

Loading in 2 Seconds...

play fullscreen
1 / 13
alma

Designing Manageable Protocols - PowerPoint PPT Presentation

79 Views
Download Presentation
Designing Manageable Protocols
An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Designing Manageable Protocols Andrew Cormack Chief Security Adviser UKERNA

  2. Why Manage Networks? • Networks have production uses • Teaching, assessment, administration, video conferencing, … • Time-critical, bandwidth-criticial, reliability-critical • Bandwidth is finite • Some things are more important than others • Different priorities in different organisations • Important things should have priority • Helps if priorities are written down!

  3. Management Tools? • Manager told – “Service X is important” • Manager sees – IP packets • Packets have • Source & destination address • Source & destination port • Initial TCP packet has a direction • How to map packets to services? • Need help from protocol design

  4. Management Requirements • Identifiable • Services give rise to recognisable network flows • Controllable • Services can be permitted on some network segments • Services can be denied from some network segments • Non-hazardous • My use of a service must not be a hazard to others • My use of a service should not be a hazard to me

  5. Management Assumptions • Least-worst assumptions • Port number identifies service • E.g. port 80 = web • IP address(es) identify location on network • Source is client; destination is server [TCP only] • Dangerous assumptions • IP address identifies person • Port <1024 means trusted

  6. I [C [H [ I [C [H ? ? 80 ? Case Studies – HTTP www.site

  7. I ?C [H x I [C [H ? ? 21 ? 20 ? Case Studies – FTP ftp.site

  8. I xC xH [ I xC xH x ? 21 ? ? ? Case Studies – passive FTP ftp.site

  9. I xC xH x I xC xH x 6697-6701 + more ? ? Variable UDP ports 4444-8888 Case Studies – P2P (Napster) 64.124.41/24

  10. Future developments • Dynamic address allocation • DHCP or NAT • Must align address allocation with managed groups • IP version 6 • Little change to manageability • Port numbers may be buried in a chain of headers • Encryption may make application layer invisible • Mobility is extreme dynamic address allocation

  11. Conclusion: Protocols need • Identifiable traffic flows • Well defined, appropriate use of reserved ports • Clarity over relationship between hosts • Direction of initiation must be apparent • Support for layered protection • Expect to meet firewalls; work with proxies • Application proxies may be only option

  12. Give managers options • YES/NO is not enough