共查询到20条相似文献,搜索用时 15 毫秒
1.
To provide a secure traversal service, firewalls need more than static packet filtering and application-level proxies. SOCKS (Secure sOCKets) is an application-independent transport-level proxy that offers user-level authentification and data encryption. An extended SOCKS UDP (user datagram protocol) binding model with appropriate socket calls is proposed to provide complete support for UDP-based multimedia streaming applications 相似文献
2.
一般通过在受保护主机上安全防火墙和入侵检测机制,或者在网络设备上设置访问控制技术来实现网络安全防护。该文主要讨论了主动式网络安全监控系统,在分析主动式网络监控系统设计基础上,针对企业网非法接入防范子系统采用的SNMP协议进行相关分析。 相似文献
3.
一般通过在受保护主机上安全防火墙和入侵检测机制,或者在网络设备上设置访问控制技术来实现网络安全防护。该文主要讨论了主动式网络安全监控系统,在分析主动式网络监控系统设计基础上.针对企业网非法接入防范子系统采用的SNMP协议进行相关分析。 相似文献
4.
In multi-party collaborative environments, a group of users can share multiple media streams via IP multicasting. However,
despite of the efficiency of IP multicast, it is not widely available and alternative application-layer multicast approaches
are introduced. Application-layer multicast is advantageous, however, it incurs additional processing delays. In this paper,
we present a new hybrid-style application-layer multicast solution that satisfies both network efficiency and easy deployment.
We achieve this goal by connecting multicast islands through UDP tunnels employing UMTP (UDP multicast tunneling protocol).
We also design a MPROBE protocol to remove multicast loop among multicast island in real Internet. We verify the feasibility
of the proposed solution by implementing a prototype tool, AG Connector, that works on Access Grid multi-party collaborative
environment.
相似文献
Thomas D. UramEmail: |
5.
《Information Security Journal: A Global Perspective》2013,22(1-3):83-93
ABSTRACTFirewalls are one of the most widely used security devices to protect a communications network. They help secure it by blocking unwanted traffic from entering or leaving the protected network. Several commercial vendors have extended their firewall capabilities to support SCADA protocols or designed SCADA-specific firewalls. Although open-source firewalls are used successfully in IT networks, their use in SCADA networks has not been properly investigated. In this research we investigate the major open-source firewalls for their use in SCADA networks and identify Linux iptables’ potential as an effective SCADA firewall. Iptables is a powerful open-source firewall solution available as part of most Linux distributions in use today. In general, use of iptables as a network-level firewall for SCADA systems has been limited to basic port and host filtering, without further inspection of control messages. We propose and demonstrate a novel methodology to use iptables as an effective firewall for SCADA systems. This is achieved by utilizing advanced iptables features that allow for dynamic inspection of packet data. It is noteworthy to mention that the proposed solution does not require any modification to the netfilter/iptables framework, making it possible to turn a Linux system into an effective SCADA firewall. The approach has been tested by defining filtering rules for the Modbus TCP protocol and validating its ability to defend against various attacks on the protocol. 相似文献
6.
Application-layer tunnels nowadays represent a significant security threat for any network protected by firewalls and Application Layer Gateways. The encapsulation of protocols subject to security policies such as peer-to-peer, e-mail, chat and others into protocols that are deemed as safe or necessary, such as HTTP, SSH or even DNS, can bypass any network-boundary security policy, even those based on stateful packet inspection.In this paper we propose a statistical classification mechanism that could represent an important step towards new techniques for securing network boundaries. The mechanism, called Tunnel Hunter, relies on the statistical characterization at the IP-layer of the traffic that is allowed by a given security policy, such as HTTP or SSH. The statistical profiles of the allowed usages of those protocols can then be dynamically checked against traffic flows crossing the network boundaries, identifying with great accuracy when a flow is being used to tunnel another protocol. Results from experiments conducted on a live network suggest that the technique can be very effective, even when the application-layer protocol used as a tunnel is encrypted, such as in the case of SSH. 相似文献
7.
Xiaohua Tian Yu Cheng Bin Liu 《Multimedia, IEEE Transactions on》2009,11(6):1160-1169
This paper develops an efficient and scalable multicast scheme for high-quality multimedia distribution. The traditional IP multicast, a pure network-layer solution, is bandwidth efficient in data delivery but not scalable in managing the multicast tree. The more recent overlay multicast establishes the data-dissemination structure at the application layer; however, it induces redundant traffic at the network layer. We propose an application-oriented multicast (AOM) protocol, which exploits the application-network cross-layer design. With AOM, each packet carries explicit destinations information, instead of an implicit group address, to facilitate the multicast data delivery; each router leverages the unicast IP routing table to determine necessary multicast copies and next-hop interfaces. In our design, all the multicast membership and addressing information traversing the network is encoded with bloom filters for low storage and bandwidth overhead. We theoretically prove that the AOM service model is loop-free and incurs no redundant traffic. The false positive performance of the bloom filter implementation is also analyzed. Moreover, we show that the AOM protocol is a generic design, applicable for both intra-domain and inter-domain scenarios with either symmetric or asymmetric routing. 相似文献
8.
9.
IP组播是IP领域的最新技术,它为网络实时多媒体传输和批量数据传输提供了解决方法。设计并实现了一个基于IP组播的纯软件的网络多媒体教学系统,该系统能保证传输流的服务质量,能有效地拓展会话节点的规模。 相似文献
10.
传统防火墙通过保护网络入口点防止未授权的访问,这并不适用于CORBA在Internet上使用的IIOP协议,因此OMG提出CORBA防火墙安全性,旨在提供控制IIOP透过防火墙通信的标准方式,允许外部有控制地访问CORBA对象。文章介绍了CORBA分布式系统及防火墙,CORBA防火墙相对于传统防火墙的特殊问题,详细阐述了CORBA系统中的解决方案,对TCP防火墙、SOCKS防火墙,GIOP代理防火墙的运行机制进行了分析。 相似文献
11.
SOCKS5的身份证机构 总被引:1,自引:0,他引:1
SOCKS5是一种身份认证型防火墙协议,为在TCP和UDP领域里的客户机/服务器程序方便而安全地利用网络服务提供了强身份认证机制。讨论了该协议,分析其工作流程及所采用的技术特色,并对其优缺点进行概括。 相似文献
12.
An Evaluation of VoIP Traversal of Firewalls and NATs within an Enterprise Environment 总被引:1,自引:0,他引:1
Recent advances in PBX architecture and multimedia communication protocols are pushing the current boundaries of IP telephony in enterprise networks. Two key barriers to this evolution are firewalls and NATs. While these devices play a pivotal role in protecting and managing network resources they also inhibit the sending and receiving of voice and video over the data network. Many different solutions for firewall and NAT traversal either currently exist or are being proposed by standard bodies, vendors and research institutions. Each initiative addresses different issues relating to security and interoperability within existing network infrastructures. This paper will examine all proposed solutions and determine which solution will enable IP telephony traversal of firewalls and NATs most advantageously in an enterprise network. 相似文献
13.
De-Nian Yang Wanjiun Liao 《Parallel and Distributed Systems, IEEE Transactions on》2007,18(11):1503-1515
In this paper, we propose a new multicast delivery mechanism for bandwidth-demanding applications in IP networks. Our mechanism, referred to as multiple-destination overlay multicast (MOM), combines the advantages of IP multicast and overlay multicast. We formulate the MOM routing problem as an optimization problem. We then design an algorithm based on Lagrangian relaxation on our formulation and propose a distributed protocol based on the algorithm. For network operators, MOM consumes less network bandwidth than both IP multicast and overlay multicast. For users, MOM uses less interface bandwidth than overlay multicast. 相似文献
14.
Emanuel Pacheco Freire Artur Ziviani Ronaldo Moreira Salles 《Journal of Network and Systems Management》2009,17(1-2):53-72
Skype is a Voice over IP (VoIP) Internet application that is gaining huge popularity in recent years. A key point to Skype popularity is its capability to dynamically adapt itself to operate behind firewalls or network proxies. A common way adopted by Skype to delude these network devices is to use port 80, normally expected to comprise HTTP traffic. In this paper, we propose metrics and investigate statistical tests intended to clearly distinguish Skype flows from HTTP traffic. We validate our study using real-world experimental datasets gathered at a commercial Internet Service Provider (ISP). Our experimental results suggest that the proposed methodology may be seen as a promising building block towards a system to detect general protocol anomalies in HTTP traffic. 相似文献
15.
目前有许多对传输层和应用层协议进行性能增强的技术,但由于网络层安全协议对其负载实施保护后,其相关信息就不便获取。已有的多层IPSec协议在提供网络层安全的同时还可以使用这些性能增强技术,缺陷是效率降低和结构复杂化。分析了多层IPSec协议自身存在的一些问题并且提出了优化的方法,通过实验证明了其优化效果明显。 相似文献
16.
TCP/IP协议本身存在许多安全缺陷,使网络通信受到IP地址欺骗、ARP欺骗、ICMP攻击、TCP SYN Flood、DNS攻击等。本文深入研究了TCP/IP协议中存在的安全隐患,并针对这些漏洞给出了相应的防范和改进措施。 相似文献
17.
组播协议在OPNET中的建模与仿真 总被引:3,自引:0,他引:3
该文以IP组播技术为重点,结合网络仿真软件OPENT Modeler,分析该软件环境下IP组播网络的建模机制,包括参考标准、组的管理、支持的应用、组播路由协议的选择,节点加入组播组与发送源发送组播数据的流程。以校园网视频会议和FTP传输应用为例,构建网络仿真模型,一方面比较单播与组播方式下的网络性能,分析了视频流量的发送情况、视频会议分组的端到端延时,FTP传输的响应时间,骨干网络点到点链路吞吐量;另一方面比较了组播方式采用共享树机制和由共享树切换到最短路径树在网络性能上的改进,包括分组延迟的降低、汇合点路由器上拥塞发生的减少等。同时,也对无线移动通信网络环境下的组播技术提出更多需要考虑的因素。 相似文献
18.
The increasing amount of over-the-top (OTT) live streams and the lack of global network layer multicast support poses challenges for a scalable and efficient streaming over the Internet. Content Delivery Networks (CDNs) help by delivering the streams to the edge of almost every Internet Service Provider (ISP) network of the world but usually also end there. From there on, the streams are to be delivered to the clients using IP unicast, although an IP multicast functionality would be desirable to reduce the load on CDN nodes, transit links, and the ISP infrastructure. IP multicast is usually not available due to missing control and management features of the protocol. Alternatively, Peer-to-Peer (P2P) mechanisms can be applied to extend the overlay multicast functionality of the CDN towards the clients. Unfortunately, P2P only improves the situation for the CDN but makes it more challenging for the ISP as even more unicast flows are generated between clients inside and outside the ISP network. To tackle this problem, a Software-Defined Networking-based cross-layer approach, called Software-Defined Multicast (SDM), is proposed in this paper, enabling ISPs to offer network layer multicast support for OTT and overlay-based live streaming as a service. SDM is specifically tailored towards the needs of P2P-based video stream delivery originating from outside the ISP network and can easily be integrated with existing streaming systems. Prototypical evaluations show significantly improved network layer transmission efficiencies when compared to other overlay streaming mechanisms, down to a level as low as for IP multicast, at linearly bounded costs. 相似文献
19.