ITSS 2003/08/25-30 2003/09/01-06 LAN LAN IP ARP (

ITSS 2003/08/25-30 2003/09/01-06 LAN LAN IP ARP ( ) IP

OSPF ( ) DNS DHCP ( ) SNMP tcpdump ( ) BGP

/ / 1 ; 2 ; 3 ;

2 tcp_wrapper http://csrc/nist.gov/tools/tools.htm (1) /etc/inetd.conf Before; #service ftp telnet shell login socket protocol wait? stream tcp nowait stream tcp

nowait stream tcp nowait stream tcp nowait User root root root root program /usr/sbin/ftpd /usr/sbin/telnetd

/usr/sbin/rshd /usr/sbin/logind arguments ftpd telnetd rshd logind After; #service ftp telnet shell login

socket protocol wait? stream tcp nowait stream tcp nowait stream tcp nowait stream tcp nowait User root root root

root program /usr/sbin/tcps /usr/sbin/tcpd /usr/sbin/tcpd /usr/sbin/tcpdd arguments ftpd telnetd rshd logind (2) reread

- pid-of-inetd-process 3. (1) /etc/hosts.allow fingerd rshd,rlogind telnetd,ftpd : ophelia hamlet laertes : LOCAL EXCEPT hamlet : LOCAL, .expcons.com, 192.1. (2) /etc/host.deny

ALL (/usr/sbin/safe_finger -l @%h | /usr/sbin/mail -s %d-%h root) & ALL : ALL 1. 2. ( ) 3. 4. Secure 5. (xinetd TCP wrappers)) 6. (IPs)ec) (1) (2) (3) IPs)ec 7. Firewall

4 Levels of Firewall Configurations Internet Intranet (1) Simple gateway Choke Internet Intranet Proxy Proxy

(2) Belt and Suspender 4 Levels of Firewall Configurations Internet Intranet Proxy (3) TIP Internet Intranet (4) Disconnect

1. FW ( ) Source routing 2. s)ocket{s)rc_IP, s)rc_port, ds)rt_IP, ds)t_port} ( ) - ftp (a) WWW, anonymous)-ftp, IRC (b) NIS, NFS, PRC, TFTP, SNMP (c)

SMTP, NNTP, HTTP, FTP 3. ; Proxy Proxy e.g., SOCKS ftp://ftp.nec.com/pub/security/socks.cstc/socks.cstc.4.2.tar.gz www.B.com DNS www.B.com : A2.1.1.3 SOCKS

DNS Internet SOCKS Router mail.A.com : A1.1.1.3 www.A.com : A1.1.1.4 ftp.A.com : A1.1.1.5 A1.1.1.1 Application Gateway s)ocks).A.com A1.1.1.2

Mail.A.com www.A.com A1.1.1.4 A1.1.1.3 DNS s)ocks).A.com : A1.1.1.2 Intranet ftp.A.com A1.1.1.5 Firewall System Configuration Internet

External Router Proxy Proxy Proxy ( ) Proxy

Intranet DoS DoS (Denial of Service) NAT /

IP 10.0.0.0 10.255.255.255 172.16.0.0 172.31.255.255 192.168.0.0 192.168.255.255 , NAT(Network Address Translation) IP

IP IP NAT IP Intern Intern et et IP 133.27.x.x

IP 10.0.0.1

IP 10.0.0.2 10.0.0.25 10.0.0.154 NAT /

WWW IRC SSH FTP Passive

FTP) FTP IM NAT BGP AS Hierarchy The Internet EGP

(Exterior Gateway Protocol) IGP (Interior Gateway Protocol) Private Peering IX (Internet eXchange) AS (Autonomous System) AS Autonomous System

AS AS http://www.nic.ad.jp/jpnic/ipaddress/as-numbers.txt BGP Border Gateway Protocol AS EGP Loop Free AS

Path Vector Algorithm D A C A A C AS A C AS

C 1 A C 2 AS 3 B Loop? D A C

4 B A C AS D B A C A C A C Internal BGP peer Internal BGP Peer eBGP

eBGP External BGP Peer R iBGP R IGP AS BGP

ISP(AS) ISP BGP

Multi Exit Discriminator Local Preference AS Path Prepend MCC

D S: I/F IFa D: L4 s)witch

1 swi't switches | switching | switched -2 -1 -2 -2 -3 -4 L2 MAC Ethernet frame L3 IP IP packet L4 IP packet L7 IP

packet URL L4 QoS (Quality of Service) Internet Internet L4 Internet Internet

VRRP VRRP Increasing Reliability and Failover with Virtual Router Redundancy Protocol simitaka VRRP single point of failure 2

IP VRRP by RFC VRID1: X VRID1: gateway1 IP address A

gateway2 IP address B addressA gateway host addressA MAC GW=A

host1 GW=A GW=A host2 host3 VRID = 1 GW=A host4

VRRP Initialize, Master, Backup VPN IP tunneling IP-in-IP encapsulation IP

IPv6 over IPv4 Virtual Private Network(VPN) IPv6 over IPv4 IPv4 routing network IPv6 IPv6 packet IPv4 payload IPv6 Hdr encapsulation payload

IPv6 Hdr IPv4 Hdr IPv6 over IPv4 tunneling IPv6 packet IPv4 header IPv4 packet IPv4 header decapsulate header IPv6 IPv6 packet IPv4 IPv4 Internet Internet

sfc.wide.ad.jp so-net.ne.jp IPv6 over IPv4 IPv6 IPv6 v6 host v6 host IETF

Internet Engineering Task Force 1986 RFC IETF IETF

IETF Working Group IETF IESG Internet IPv6

routing dhc ospf isis security sasl ipsec WG

Internet(IPv6,DHC,MIP) Routing(ospf,isis) Security(IPsec,TLS) WG(Working Group) IPv6(Internet) IPsec(Security) OSPF(Routing) RFC IESG

IESG(Internet Engineering Stearing Group) WG RFC(Request For Comment) IETF Standard Track POP,SMTP,FTP,etc URL

WG RFC ARPA/DARPA

RFC Standard Track RFC Proposed Standard Draft Standard Standard

RFC Informational Ex. , Experimental Historic

Ex.POP2,RIP BGP3 Internet Draft

Internet Draft RFC Proposed Std.Draft Std.Draft Std. Draft Std.Draft Std.Standard IESG

RFC Internet Draft Experimental Standard Track Proposed Standard

Draft Standard Informational

Standard Historic RFC IETF RFC RFC Internet Draft

rough consensus and running code We reject kings, presidents, and voting. We believe in rough consensus and running code. -Dave Clark (1992)

Recently Viewed Presentations

  • Industrial Safety - Ning

    Industrial Safety - Ning

    INDUSTRIAL HAZARDS AND SAFETY Prof. Dr. Basavaraj K. Nanjwade M. Pharm., Ph. D Department of Pharmaceutics KLE University College of Pharmacy BELGAUM-590010, Karnataka, India
  • Tutorial con Rational Rose - San Jose State University

    Tutorial con Rational Rose - San Jose State University

    Rational Rose Tutorial Making use of UML Elements Objectives Get to know Rational Rose Get Familiar with general functions of Rational Rose for Modeling Create a Class Diagram with Rational Rose 1st Part: Guided 2nd Part: Student Lab Objective: Graphic...
  • Májbetegségek - SotePedia

    Májbetegségek - SotePedia

    Májbetegségek Hepatitis: a diagnózis fő elemei prodroma: anorexia (étvágytalanság), nausea (hányinger), hányás (vomitus), gyengeségérzet, „még a cigaretta sem ízlik" láz, nagyobb, tömött tapintatú máj, sárgaság fvs. normális, vagy alacsony, májenzim emelkedés már a korai szakban Aszpartat aminotranszferáz (AST,ASAT,SGOT, GOT) ,...
  • Acculturation and Gambling Among Hispanics

    Acculturation and Gambling Among Hispanics

    Few studies have examined gambling among Hispanics and for the most part they have focused on epidemiology. Most studies show increased prevalence of gambling problems among Hispanics relative to Non-Hispanic Caucasians. Help seeking for gambling problems among Hispanics is lower...
  • PowerPoint Presentation

    PowerPoint Presentation

    Area 4 ZC of llocos Norte- Past President Dr Purisima A. Bueno on 21 June 2018; ZC of Tuguegarao - Balbina Flojo Fermin on 12 June 2018 Area 5 ZC Makati Ayala - Wilhelmina Tanchion 8 June 2019; ZC Muntinlupa...
  • COMSEC/CRYPTO Briefing - CDSE

    COMSEC/CRYPTO Briefing - CDSE

    OVERVIEW What is COMSEC/CRYPTO? Devices/CRYPTO Access Safeguarding Reproduction Destruction Reporting Requirements * WHAT IS COMSEC? COMSEC (Communications Security) - Broad term used to describe the measures and controls taken to deny unauthorized persons information derived from ...
  • INP MPLS Planning 2005 Laveraging existing network for

    INP MPLS Planning 2005 Laveraging existing network for

    Procurement Process (Feb 2005) Upgrade Router Equinix to MPLS (Mar 2005) Equinix as PoI of Global VPN Business Telepark (Singtel) as INP PoP in Singapore INP Router Hkg Integration & upgrade to MPLS ( Mar 2005) Upgrade Router Batam Logical...
  • Credit ~ The Basics Homework (Passport Page 32)

    Credit ~ The Basics Homework (Passport Page 32)

    It could take a full year of perfect payments to get your score back up to a 700! Your payment history is the largest percentage of your credit score. That is why it is important to pay your bills on...