Saturday, May 31, 2008

MIH 802.21 standard: Current Progress and Future Outlook

Current Progress and Future Outlook
The MIH 802.21 standard is still a work in progress. With the newly elected chair as of May 2005, Vivek Gupta, the working group hopes to make progress at a faster rate. The team is actively communicating with one another via email (email archives can be found here: http://www.ieee802.org/21/email21/) and scheduled meetings. The next coming teleconference meeting for the team is April 20, 2006. The following subsections describe the milestones achieved and expectations for the 802.21 standard.

Accomplished Milestones
The milestones accomplished [1] are listed with the least recently achievement on top and ending with the most recent.
2003 — IEEE working group chair people discuss need for standard support “media-independent handover services.”
March 2004 — 802.21 working group launches to address potential standards for MIHS.
September 2004 — Call for proposals for the new standard. Initial work items defined.
November 2004 — Proposals received by 802.21 group. Submissions closed.
January 2005 — Debate and discussion regarding submitted proposals and how to reach compromise.
May 2005 — 802.21 working group complete first draft for standard.
Shortly after finalizing the documentation for design of the 802.21 standard, implementation will begin. The working group will then work closely with companies to get the 802.21 standard established.
5.2 Expectations and Future Outlook
Standards take from 1-3 years to complete. It may take up to 3 years for the 802.21 standard to be complete, but the “typical time frame for IEEE standards more complex than 802.21” is three years [2].
The expectations for this standard, listed below, are quoted from Wikipedia [7]:
• Allow roaming between 802.11 networks and 3g cellular networks.
• Allow users to engage in ad hoc teleconferencing.
• Apply to both wired and wireless networks.
• Allow for use by multiple vendors and users.
• Compatibility and conformance with other IEEE 802 standards.
• Include definitions for managed objects that are compatible with management standards like SNMP.
• Although security algorithms and security protocols will not be defined in the standard authentication, authorization, and network detection and selection will be supported by the protocol.
As with all other projects, it takes time and effort to design and implement a complete, accurate and well-thought system. Many companies are keeping an eye on 802.21 because they want to be able to implement this technology within their existing client devices. It would of no surprise when 802.21 becomes a standard acquired by every company and end user.

Similar Technology
Unlicensed Mobile Access (UMA) is a similar technology of Media Independent Handover (IEEE 802.21). Basically, UMA is a private version of 802.21. It has the same concept of 802.21, which is to provide roaming and handover services between same and different types of network through different handover mechanisms.

UMA (Unlicensed Mobile Access) Overview
UMA technology allows users to access to GSM and GPRS mobile services over unlicensed spectrum technologies such as 802.11 and Bluetooth. With providers who have deployed UMA technology, subscribers can smoothly roam and handover between cellular networks and public and private unlicensed wireless network using dual-mode mobile handsets. As subscribers transition between networks, they can still experience a consistent mobile service of voice, data and and IMS/SIP (IP Multimedia Subsystem/Session Initiation Protocol) applications through their handsets.
A number of leading companies within wireless industry have joined the developing open specifications of UMA. They are actively working with 3GPP standard organization to develop and maintain these specifications and use them as a formal standard of development. These specifications are open to vendors and carriers of wireless communications systems and applications to develop and deploy UMA related solutions.
All these help to promote the widespread of UMA technology. The following is a list of companies which are participating in UMA development.
Alcatel
British Telecom
Cingular
Ericsson
Kineto Wireless

Motorola
Nokia
Nortel Network
O2
Research In Motion

Rogers Wireless
Siemens
Sony Ericsson
T-Mobile US

How UMA Works
UMA technology works as follows on a mobile subscriber: When a subscriber goes within range of an unlicensed wireless network, his/her UMA-enabled dual-mode handset will check whether the network allows it to connect. If it does, the handset will contact the UMA Network Controller (UNC) over the broadband IP access network to be authorized to access the mobile voice and data services via that network. If the access is approved, all mobile voice and data services would be routed to the handset via that unlicensed wireless network instead of the cellular radio access network (RAN) and the current location of the subscriber will be updated. When the subscriber moves out of range of that unlicensed wireless network, the UNC and handset facilitate will roam back to the cellular radio access network and all the voice and data services will be via the cellular network again. The transitions between networks are totally transparent to the subscriber.

UMA Technology Highlights and Architecture
Highlights of UMA Technology [8]:
• To deliver smooth and consistent voice and data services over unlicensed wireless networks.
• To provides the same identity for mobile services over unlicensed wireless networks and cellular radio access networks.
• To transit (roam and handover) smoothly between unlicensed wireless networks and radio access networks.
• To be independent of underlying unlicensed wireless network type (e.g. 802.11, Bluetooth)
• To use the same security as current GSM mobile networks.
• Capable to operations of cellular radio access networks.
• Transparent to current existing network device (e.g. router, access point, modem)
• To utilize standard broadband IP access networks (e.g. DSL, Cable. T1/E1, Broadband wireless, FTTH, …)
• To ensure the low cost of existing or future mobile core network infrastructure.

Architecture of UMA Technology
Advantage and Disadvantage of UMA technology
Advantages [9]:
• Allows providers or carriers to increase coverage using low cost Wifi access point instead of expensive base stations.
• Subscribers have perfect coverage at home.
• Subscribers can have once single number for both home and cellular phone services.
• Subscribers have only one bill for both internet and cell phone plans.
Disadvantages [9]:
• It is hard to determine the current geographic location of a handset over the internet. As a result, a subscriber in U.S. might buy a UMA handset and give it to his relatives in England so they can enjoy cheap calls.
• Battery life is quite limited because handsets must have two radios on board and both radio must keep scanning for networks all the time.
6.3 Comparison of UMA and 802.21
Since UMA and 802.21 are similar technologies, at some level, we should be able to predict the future outlook of 802.21 based on the current progress of UMA. Some companies already have products of UMA technology. One of the goals of UMA is that every subscriber could have only one number for both home and cellular services. Therefore, we can assume that for 802.21, we may be able to use one account to access the ADSL/Cable internet services at home and Wifi/Hot Spot wireless internet services outdoor. Moreover, we may have only one bill for cable TV, cellular phone and internet services in near future since 802.21 provides handover between wired and wireless network. Can you imagine that one day, while we are having a video conference, we can just unplug our laptop from our home network, go out to our cars, to the airport and still have the video conference going on?
7.0 Conclusion
Media Independent Handover simplifies our life with networks. After studying MIH in a certain depth, we can see that it is a really powerful tool that can connect all the different networks together to act like one. Nowadays, network is already a part of our daily life. Cellular phones, Internet, e-mail, instant messages, etc, are all related to networks. MIH breaks the walls between networks and let us take a shortcut without going on the old, long and winding way. That definitely simplifies things a lot, and that is what technology should be.

Media Independent Handover Function and Protocol

MIHF provides asynchronous and synchronous services through SAPs for lower layers and upper layers. For a system with multiple network interfaces of arbitrary type, we can use the Event service, Command service and Information service provided by MIH to manage, determine, and control the state of the underlying interfaces.
These services helps the L3MP and other protocols in maintaining service continuity, service adaptation to varying quality of service, battery life conservation, and network discovery and link selection. In a system containing heterogeneous network interfaces of 802 types and cellular 3GPP, 3GPP2 types, the Media Independent Handover Function can help the L3MP to implement effective procedures to couple services across heterogeneous network interfaces.
The MIH Function provides the exchanging functionality of information between the network and host entities of the same media type. However, if information exchange mechanism is already exists in a given type of media (such as some cellular media types), the MIH Function will use of the existing mechanism whenever possible.

Media Independent Event Service
The event service will typically be used to facilitate handover detection within the L3MP. Events defined include Link Up, Link Down, Link Parameters Change, Link Going Down, L2SDU Transmission Status, Link Event Rollback, Pre trigger (L2 Handoff Imminent), etc.

Media Independent Command Service
The command service refers to the commands sent from the higher layers to the lower layers in the reference model. It includes the commands from upper layer to MIH (e.g. upper layer mobility protocol to MIH, or policy engine to MIH, etc), and from MIH to lower layer (e.g. MIH to MAC, or MIH to PHY). Commands can also be sent from a local MIH entity to a peer MIH entity. These commands mainly carry the upper layer decisions to the lower layers on local device entity or at remote entity, and thus control the behavior of lower layers.

Media Independent Information Service
Media Independent Information Service (MIIS) provides a framework and corresponding mechanisms by which a MIHF (Media Independent Handover Function) entity can discover and obtain network information existing within a geographical area to facilitate the handovers. MIIS primarily provides a set of information elements (IEs), the information structure and its representation and a query/response type of mechanism for information transfer. This contrasts with the asynchronous push model of information transfer for the event service. The information may be stored within the MIH functional (MIHF) entity or maybe present in some information server from where the MIH in the station can access it. The definition of the information server and the mechanism to access it are out of scope.

Media Independent Handover Protocol
The Media Independent Handover protocol defines frame formats for exchanging messages between peer MIH Function entities. These messages are based on the primitives which are part of Media Independent Event service, Media Independent Command service and Media Independent Information service. IEEE 802.21 supports Media Independent Handover Function in mobile terminal, and network. The MIHF Protocol allows peer MIH Function entities to interact with each other.
The Media Independent Handover Protocol provides the following services:
 MIH capability discovery: MIHF in mobile terminal or MIHF in the network discovers which entity supports MIHF. Thereafter the peer MIH Functions negotiate/discover an optimum transport for communication. The MIH Function entities also discover list of supported events and commands. The MIH Function can also query the information schema for list of supported information elements.
 MIH remote registration: Remote MIHF in different entities can register with each other to receive Media Independent Handover Messages including remote MIES. No registration is required for command services.
 MIH message exchange: MIHF can exchange MIH messages using MIH payload and MIH protocol over a suitable transport. As part of message exchange the peer MIH Function entities can use the MIES, MICS and MIIS for effective handovers.

MIH Protocol Transport
The table below shows the various transport options for different media types.

No Media Type Preferred
Transport L2 Transport L3 Transport
1 Ethernet L2 Data Frames IP based
2 802.11 L2 Data Frames, Management Frames IP based
3 802.16 L2 Data Frames, Management Frames IP based
4 3GPP L3 Requires protocol stack changes IP based
5 3GPP2 L3 Requires protocol stack changes IP based
Table 1: MIH Protocol Transport [5].



MIH General Packet Format
MIH messages can be transported over L2 using data frames or media specific management frames. MIH messages can also be sent over L3 using a suitable L3 transport protocol.


The description for each of the fields in the MIH general packet format is detailed in Table 2.
Name of the Field Size Description
Protocol Version 1 octet Version of the MIH protocol. Default: 0x01
MIH Service ID 1 octet MIH Service Identifier
1:Event Service
2:Command Service
3: Information Service
MIH Opcode 1 octet Operation to be performed
1: Request
2: Response
3: Indication
Transaction ID 1 octet Transaction Identifier used to match requests and responses wherever applicable.
Fr 1 bit Fragmentation flag.
1: Specifies current packet has more than 1 fragment
0: Current packet is not fragmented
Fragment No 7 bit Fragment Number of this packet
Message Length 2 octets Total length of whole message in bytes (header + payload)
MIH Function Identifier Length (MIHFL) 4 octets Length of each of Source and Destination MIH Identifier fields
Source MIH Function Identifier MIHFL octets This is the Source MIHF identifier. This can be the L2 hardware address of the interface at the source node. This can also be IP based for L3 transports. This can also be something generated.
Destination MIH Function Identifier MIHFL octets This is the Destination MIHF identifier. This can be the L2 hardware address of the interface at the destination node. This can also be IP based for L3 transports. This can also be something generated during MIHF discovery and connectivity phase.
MIH Message ID 4 octet Actual MIH Message identifier for the service identified above.
e.g. Link_Going_Down Event Indication for Event Service
MIH Message Data Variable MIH Service specific data of variable length
Table 2: Description for each field in the MIH Packet [5].

Media Independent Handover (802.21) Reference Model

Media Independent Handover Reference Model (MIH) is a new layer that resides between the Network Layer (Layer 3 of OSI model) and lower layers: MAC and PHY (IEEE interfaces) or RRC and LAC ( 3GPP or 3GPP2). It provides asynchronous and synchronous services through Service Access Points (SAPs) for lower layers and upper layers. MIH Function (MIHF) helps Layer 3 Mobility Protocol in maintaining service continuity between different interfaces, adaptation to reach Quality of Service (QoS), link selection and network discovery.

The communication between MIHF on the network side is depends on MIHF location and type of scenario. When MIHF is in the access network such as Access Point (AP), Layer 2 or Layer 3 transport can be used over access. When network decides where and when to handover, the source MIHF can send messages to destination MIHF to inform destination MIHF to begin “preparation”. The preparation includes checking availability of appropriate resources including acceptable QoS levels at new PoA, procuring an IP address for the mobile station, etc. Another possible scenario is where the MIHF in an AP communicates with MIHF in an Access Router (AR). This type of communication includes events such as Link Up, Link Down, etc.
The IEEE 802.21 standard supports the Media Independent Event service, Media Independent Command service and Media Independent Information service. A management protocol is required for the exchange of information between MIH entities within a terminal and a network.

MIH Reference Model for Ethernet (802.3)
For 802.3 there are no peer management facilities in CSMA/CD. Thus, if the MIH services are supported over wired ethernet networks, in order to carry the payload over normal ethernet data frames, a L2 protocol with a new ethertype is necessary. The MIH ethertype is encoded in the SNAP header. At the same time 802 networks don’t support data frames in unauthenticated state. Hence the MIH Protocol cannot be used in this case. Only management frames can be used to transport information in the unauthenticated state.
The IEEE 802.21 standard should define the packet format and payloads in media independent manner in standard TLV format. Thereafter these packets can be encapsulated in a L2 MIH Protocol using MIH ethertype when the payload needs to be sent over normal data frames as in case of ethernet. In other cases the TLV based messages and payload can be directly encapsulated in media specific management frames.

MIH Reference Model for Wi-Fi (802.11)
The above figure shows the MIH functions for 802.11 stations and network PoA (APs). The MIH_MAC_SAP is the MIH interface to the data plane and can encapsulate MIH protocol packets in data packets. However since 802.11 does not currently support Class 1 data frames, traffic can be sent over the data plane only when the client is connected with the AP. The MIH_MGMT_SAP provides interface with the management plane (MLME) and allows MIH protocol packets to be stored in management frames.
The MIH_SAP shows the interface of MIH Function with other higher layer entities such as Transport, Handover policy, L3 Mobility protocol, etc. The MIH Function may interface with the OS or the system using the MIH_ME_SAP.

MIH Reference Model for WiMAX (802.16)
In 802.16 based system, the MIH_MGMT_SAP provides the MIH functionality over management plane and help with transporting MIH protocol messages across peer MIHFs. The MIH_SAP shows the interface of MIHF with other higher layer such as Transport, Handover policy, L3 Mobility protocol, etc. The MIH Function may interface with the OS or the system using the MIH_ME_SAP.

MIH Reference Model for 3rd Generation Mobile System (3GPP)
A potential realization of MIH functions for 3GPP enabled Mobile Stations is illustrated above. The MIH_RRC_SAP defines the MIH interface to the 3GPP Radio Resource Control (RRC) layer. The MIH_MGMT_SAP defines the MIH interface to the 3GPP GPRS Mobility Management or Global System (GMM) for Mobile Communication (GSM). Most of the MIH services may utilize the information that is already defined in the RRC layer and GMM/SM. The desired information from MIH Event Services, Command Services and Information Services will be provided to MIH_RRC_SAP and MIH_MGMT_SAP which will be further defined by 3GPP SDO. In the case of MIH in the Mobile Stations, the PHY and MAC SAPs communicate to the RRC as defined in the 3GPP standards. No new interfaces and primitives need to be defined for these SAPs.

Spanning Across Different Media
This figure shows how the MIH Function spans across different media specific technologies and provides a common abstraction of handover services to higher layers.

IEEE 802.21 Media Independent Handover [1]

The emerging IEEE 802.21 standard, Media Independent Handover, has the ability to seamlessly handover networks for both wired and wireless networks, which is addresses a prevalent problem when roaming. Interoperability between homogenous network types of 802 and non 802 networks is also a key feature of the 802.21 standard. This report consists of the understanding of 802.21 services and its functionality, specifically at the Data Link and Network Layers of the OSI Networking Model. Currently at the stage of proposal, the 802.21 working group hopes to finalize the standard’s document and begin implementation shortly thereafter. Future outlook of this standard is good when comparing with the existing proprietary UMA (Unlicensed Mobile Access), which is a similar technology, but fails to offer interoperability. The expectations for this standard are, but are not limited to: ability to roam between 802.11 and 3G networks, allowance for use by multiple vendors and users, application for both wired and wireless networks, and ability to engage in a teleconference.


Introduction
Wireless networking has provided us the ability to freely utilize our mobile devices (i.e. computer notebook, cellular phones, PDA, GPS) wherever and whenever a wireless access point is available. With the multitude of existing wireless standards (Wi-Fi, GSM, etc), a smooth transition from one network to another is utterly impossible with the current technology. Existing IEEE 802 standards go through a series of failures before acquiring the correct network access. For instance, as soon as a user unplugs the Ethernet cable from his or her computer, an error appears indicating that the user is no longer connected to a LAN network. If the computer has wireless capability (i.e. 802.11b), then the user may be able to connect to a wireless network, but network discovery would take some time to establish. An interruption of service is inevitable, thus, a network handover standard is necessary. This emerging standard is the IEEE 802.21, which working efforts debuted in March 2004 and implementation is still in progress [4].
IEEE 802.21 is a developing standard which enables handover and interoperability between heterogeneous network types including both 802 and non 802 networks [6]. The standard provides information to allow handing over to and from cellular and wireline, GSM, GPRS, WiFi, WiMAX, Personal Area Network (PAN), Bluetooth and 802.11 networks through different handover mechanisms [1].

Background
Initiated in March 2004, the working group for the 802.21 standard was chaired by Ajay Rajkumar from Lucent Technologies. The members involved include over 50 companies. These companies are the “largest vendors of end-to-end network infrastructure, device companies, chipset developers, and even service providers” [1]. One of the contributing companies, Intel Corporation, expressed enthusiasm towards providing users with the ability to move from a hotspot to a cellular connection without noticing. Envisioned is the idea of a future that unites network connectivity across a wide range of networks. Figure 1 shows a prototype mobile phone that has four different wireless networks: Bluetooth, GPS, GPRS, and Wi-Fi. With the implementation of 802.21, this device is expected to intellectually select available networks, with an ease of transition and without any interruption, when roaming [3].

standards: Bluetooth, GPS, GPRS, and Wi-Fi [3].

Objective
The objective is to enable an innovative fast Layer 2 and Layer 3 handoff algorithm between networks (for both wired and wireless networks). Network discovery and selection are factors that affect the quality of service during a handover decision. With this technology, end-user devices will have the ability to “automatically choose the best available network connection type and to seamlessly hand off sessions among networks during roaming without user involvement” [2]. 802.21 is expected to unite the multitude of existing networks.

Organization
The next immediate section describes the proposed 802.21 standard in detail. The specifics include the four Media Independent Handover services provided, packet format and information, and functionality in Layers 2 and 3 (Data Link and Network, respectively) of the OSI Networking Model. We will discuss the current progress, including accomplished milestones towards completing the 802.21. In addition to this standard’s expectations, we will also mention its future outlook. The report concludes with comparison of 802.21 and existing similar technologies.

Saturday, May 17, 2008

Routing Information Protocol (RIP)

The Routing Information Protocol (RIP) was one of the most commonly used interior gateway protocol (IGP) routing protocols on internal networks (and to a lesser extent, networks connected to the Internet), which helps routers dynamically adapt to changes of network connections by communicating information about which networks each router can reach and how far away those networks are. The Routing Information Protocol, or RIP, as it is more commonly called, is one of the most enduring of all routing protocols. RIP is also one of the more easily confused protocols because a variety of RIP-like routing protocols proliferated, some of which even used the same name! RIP and the myriad RIP-like protocols were based on the same set of algorithms that use distance vectors to mathematically compare routes to identify the best path to any given destination address. The most popular of the TCP/IP interior routing protocols is the Routing Information Protocol (RIP). The simplicity of the name matches the simplicity of the protocol—RIP is one of the easiest to configure and least resource-demanding of all the routing protocols. Its popularity is due both to this simplicity and its long history. In fact, support for RIP has been built into operating systems for as long as TCP/IP itself has existed. These algorithms emerged from academic research that dates back to 1957.

Today's open standard version of RIP, sometimes referred to as IP RIP, is formally defined in two documents: Request For Comments (RFC) 1058 and Internet Standard (STD) 56. As IP-based networks became both more numerous and greater in size, it became apparent to the Internet Engineering Task Force (IETF) that RIP needed to be updated. Consequently, the IETF released RFC 1388 in January 1993, which was then superceded in November 1994 by RFC 1723, which describes RIP 2 (the second version of RIP). These RFCs described an extension of RIP's capabilities but did not attempt to obsolete the previous version of RIP. RIP 2 enabled RIP messages to carry more information, which permitted the use of a simple authentication mechanism to secure table updates. More importantly, RIP 2 supported subnet masks, a critical feature that was not available in RIP.

In this section I describe the characteristics and operation of the TCP/IP Routing Information Protocol (RIP). There are three versions of RIP: RIP versions 1 and 2 for IP version 4 and RIPng (next generation) for IP version 6. The basic operation of the protocol is mostly the same for all three versions, but there are also some notable differences between them, especially in terms of the format of messages sent.

For this reason, I have divided my description of RIP into two subsections. In the first, I describe the fundamental attributes of RIP and its operation in general terms for all three versions. In the second, I take a closer look at each version, showing the message format used for each and discussing version-specific features as well.

RIP is a dynamic, distance vector routing protocol based around the Berkely BSD application routed and was developed for smaller IP based networks. RIP uses UDP port 520 for route updates. RIP calculates the best route based on hop count. Like all distance vector routing protocols, RIP takes some time to converge. While RIP requires less CPU power and RAM than some other routing protocols, RIP does have some limitations:

Metric: Hop Count
Since RIP calculates the best route to a destination based solely on how many hops it is to the destination network, RIP tends to be inefficient in network using more than one LAN protocol, such as Fast Ethernet and serial or Token Ring. This is because RIP prefers paths with the shortest hop count. The path with the shortest hop count might be over the slowest link in the network.

Hop Count Limit
RIP cannot handle more than 15 hops. Anything more than 15 hops away is considered unreachable by RIP. This fact is used by RIP to prevent routing loops.

Classful Routing Only
RIP is a classful routing protocol. RIP cannot handle classless routing. RIP v1 advertises all networks it knows as classful networks, so it is impossible to subnet a network properly via VLSM if you are running RIP v1, which
However, it must be pointed out that RIP is the only routing protocol that all routing devices and software support, so in a mixed equipment environment, RIP may be your only option for dynamic routing. This is changing with the widespread use of OSPF.




Description:

Protocol suite: TCP/IP.
Type: Application layer, interior gateway protocol, distance vector.
Multicast addresses: 224.0.0.9.
Port: 520 (UDP).
MIME subtype:
SNMP MIBs: iso.org.dod.internet.mgmt.mib-2.rip-2 (1.3.6.1.2.1.23).
Working groups: rip, Routing Information Protocol.
Links:

RIP version 1 (RIPv1) is a simple distance vector protocol. It has been enhanced with various techniques, including Split Horizon and Poison Reverse in order to enable it to perform better in somewhat complicated networks.

The longest path cannot exceed 15 hops.
RIP uses static metrics to compare routes.
The maximum datagram size is 512 bytes not including the IP or UDP headers.

RIP version 2 (RIPv2) added several new features.

External route tags.
Subnet masks.
Next hop router addresses.
Authentication.
Multicast support.
RFC 2453, section 3.2:

The protocol is limited to networks whose longest path is 15 hops. The designers believe that the basic protocol design is inappropriate for larger networks. Note that this statement of the limit assumes that a cost of 1 is used for each network. This is the way RIP is normally configured. If the system administrator chooses to use larger costs, the upper bound of 15 can easily become a problem.

The protocol depends upon "counting to infinity" to resolve certain unusual situations. If the system of networks has several hundred networks, and a routing loop was formed involving all of them, the resolution of the loop would require either much time (if the frequency of routing updates were limited) or bandwidth (if updates were sent whenever changes were detected). Such a loop would consume a large amount of network bandwidth before the loop was corrected. We believe that in realistic cases, this will not be a problem except on slow lines. Even then, the problem will be fairly unusual, since various precautions are taken that should prevent these problems in most cases.

This protocol uses fixed "metrics" to compare alternative routes. It is not appropriate for situations where routes need to be chosen based on real-time parameters such a measured delay, reliability, or load. The obvious extensions to allow metrics of this type are likely to introduce instabilities of a sort that the protocol is not designed to handle.

Wednesday, May 7, 2008

Intrusion Detection System (IDS) / Intrusion Prevention System (IPS)

Types of Intrusion Detection Systems
An Intrusion Detection System (IDS) is a program that analyzes what happens or has
happened during an execution and tries to find indications that the computer has been
misused. An IDS detects and records evidence of intrusion activity that passes through the firewall, whether ultimately successful or not. When an attack occurs, IDS software helps you determine what happened and how to prevent the breach from recurring. Some IDSs can instruct other parts of the network infrastructure to shut down attacks in progress. However, IDSs are reactive--they report what has happened--and can only detect activity on the links they monitor. And IDS is not a "set it and forget it" technology, either. Firewalls and intrusion detection systems (IDS) are essential parts of a small or medium-size business's (SMB) network and its security. With the number of attacks on SMBs on the rise, a robust system is equally important for an SMB as it is for a large enterprise. And despite the challenges of recent Web and application-level attacks, a strong perimeter defense of firewalls -- as old-fashioned as it may sound -- is still necessary to protect your SMB.

Distributed IDS
A Distributed IDS (DIDS) consists of several IDS over a large network(s), all of which communicate with each other, or with a central server that facilitates advanced network monitoring. In a distributed environment, DIDS are implemented using co-operative intelligent agents distributed across the network(s)

Setting Up an IDS
Setting up firewalls is part of a day's work for networking types, and they should already have the appropriate skills without having to look for dedicated security professionals. So where do you set up an IDS? That depends on where (from which network or network segment) you expect threats to originate. The most obvious location is at the network perimeter, just inside the firewall. That's a hotspot because traffic that doesn't get through the firewall is of no interest, and any logging system that captures unfiltered Internet activity is likely to fill up quickly. Positioning an IDS inside the firewall helps you understand attacks that originate outside your network. It may not, however, cover exploits that originate from inside your network targeting your hosts, depending on your network's topology.

Managing an IDS
Intrusion detection is not for the faint at heart. But, if you are a network administrator chances are you're under increasing pressure to ensure that mission-critical systems are safe--in fact impenetrable--from malicious code, buffer overflows, stealth port scans, SMB probes, OS fingerprinting attempts, CGI attacks, and other network intruders. Designing a reliable way to detect intruders before they get in is a vital but daunting challenge. Because of this, a plethora of complex, sophisticated, and pricy software solutions are now available. In terms of raw power and features, SNORT, the most commonly used Open Source Intrusion Detection System, (IDS) has begun to eclipse many expensive proprietary IDSes. In terms of documentation or ease of use, however, SNORT can seem overwhelming. Which output plugin to use? How do you to email alerts to yourself? Most importantly, how do you sort through the immense amount of information Snort makes available to you? Many intrusion detection books are long on theory but short on specifics and practical examples. Not Managing Security with Snort and IDS Tools. This new book is a thorough, exceptionally practical guide to managing network security using Snort 2.1 (the latest release) and dozens of other high-quality open source other open source intrusion detection programs. Managing Security with Snort and IDS Tools covers reliable methods for detecting network intruders, from using simple packet sniffers to more sophisticated IDS (Intrusion Detection Systems) applications and the GUI interfaces for managing them. A comprehensive but concise guide for monitoring illegal entry attempts, this invaluable new book explains how to shut down and secure workstations, servers, firewalls, routers, sensors and other network devices. Step-by-step instructions are provided to quickly get up and running with Snort. Each chapter includes links for the programs discussed, and additional links at the end of the book give administrators access to numerous web sites for additional information and instructional material that will satisfy even the most serious security enthusiasts. Managing Security with Snort and IDS Tools maps out a proactive--and effective--approach to keeping your systems safe from attack.




Case study & Tips for administering a firewall
1. Keep all databases, or other systems with confidential customer information, tucked away inside your internal network and not in your DMZ. The same goes for any encryption keys or other mission-critical internal systems you wouldn't want exposed to the outside world.

2. Use your networking staff to administer your firewalls and IDS if you don't have a dedicated information security team. Setting up firewalls is part of a day's work for networking types, and they should already have the appropriate skills without having to look for dedicated security professionals. Set up paging on your IDS to alert networking staff members of intrusion attempts and possible incidents.

3. Establish firewall rules as a joint effort between the business and IT (or networking) staff. Make sure they work for everyone and aren't too restrictive or too open. Policies must include what types of applications and traffic are allowed into and out of your network through your firewalls.

4. Have regular audits and log reviews to tune up your perimeter defenses and see if there are patterns in the types of attempted intrusions.

Vendors that offer affordable firewalls for small or medium-sized businesses include Juniper Networks Inc., SonicWALL Inc., NetScreen and Check Point Software Technologies Ltd. They're all nimble enough for small players and can be set up as part of a dual firewall system. Cisco PIX also offers a line of firewalls for the smaller enterprise. On the IDS side, Nessus and Snort are two popular products that are lightweight enough for small networks but strong enough to have stood the test of time.

Monday, May 5, 2008

Network Security 101

As more people are logging onto the Internet everyday, Network Security becomes a larger issue. In the United States, identity theft and computer fraud are among the fastest rising crimes. It is important to protect your network and ensure the safety of all computers and users in that network.

What is a Network?

In order to fully understand network security, one must first understand what exactly a network is. A network is a group of computers that are connected. Computers can be connected in a variety of ways. Some of these ways include a USB port, phone line connection, Ethernet connection, or a wireless connection. The Internet is basically a network of networks. An Internet Service Provider (ISP) is also a network. When a computer connects to the internet, it joins the ISP’s network which is joined with a variety of other networks, which are joined with even more networks, and so on. These networks all encompass the Internet. The vast amount of computers on the Internet, and the number of ISPs and large networks makes network security a must.

Common Network Security Breeches

Hackers often try to hack into vulnerable networks. Hackers use a variety of different attacks to cripple a network. Whether you have a home network or a LAN, it is important to know how hackers will attack a network.

One common way for a hacker to wreak havoc is to achieve access to things that ordinary users shouldn’t have access to. In any network, administrators have the ability to make certain parts of the network “unauthorized access.” If a hacker is able to gain access to a protected area of the network, he or she can possibly affect all of the computers on the network. Some hackers attempt to break into certain networks and release viruses that affect all of the computers in the network. Some hackers can also view information that they are not supposed to see.

Destructive Attacks

There are two major categories for destructive attacks to a network. Data Diddling is the first attack. It usually is not immediately apparent that something is wrong with your computer when it has been subjected to a data fiddler. Data fiddlers will generally change numbers or files slightly, and the damage becomes apparent much later. Once a problem is discovered, it can be very difficult to trust any of your previous data because the culprit could have potentially fooled with many different documents.

The second type of data destruction is outright deletion. Some hackers will simply hack into a computer and delete essential files. This inevitably causes major problems for any business and can even lead to a computer being deemed useless. Hackers can rip operating systems apart and cause terrible problems to a network or a computer.

The Importance of Network Security

Knowing how destructive hackers can be shows you the importance of Network Security. Most networks have firewalls enabled that block hackers and viruses. Having anti-virus software on all computers in a network is a must. In a network, all of the computers are connected, so that if one computer gets a virus, all of the other computers can be adversely affected by this same virus. Any network administrator should have all of the essential files on back up disks. If a file is deleted by a hacker, but you have it on back up, then there is no issue. When files are lost forever, major problems ensue. Network security is an important thing for a business, or a home. Hackers try to make people’s lives difficult, but if you are ready for them, your network will be safe.
About the author:
For more Free Resources www.100computertips.com
Keywords: Computer Tips, Computer Help, PC Upgrade, Computer Information, Computer Terms.

From http://www.articlesbase.com/computers-articles/network-security-101-351319.html

Tips for Network Security

Network in nowadays give us possibilities communicate and do more other things possible and much faster. But not everything is so nice how we thing in first moment. There are a lot of threats which grow up every day in networking!

Here are 10 information security awareness tips for network security, which helps to do network and communication via this network safer, and also give to you confidence that everything is O.K.

1.Use strong password.

Passwords are the simplest form of security. By leaving passwords blank or simple (i.e., password or admin), unauthorized users are practically invited to view sensitive data. Passwords are more secure when they contain letters,numbers and special characters in a combination of upper-case and lower-case characters, and they should be changed periodically.

2.Educate users.

Users need to know exactly what kinds of threats they can expect using e-mail, making faceless downloads and open unknown attachments. Uneducated computer users are often those who fall victim to viruses, spyware, and phishing attacks, all of which are designed to corrupt systems or leak personal information to a third party without the user's consent. The best way hot to make this education is to do special information security awareness training which provides some companies, for example, InfoSecurityLab.

3.Make backup copies.

Indulence is one of the biggest security threats. It's considerably more difficult to completely re-create a crippled system than it is to take the time to create proper backups. Create backups often, and do not immediately overwrite them with the next set of backups. In addition, make copies and keep them off-site in case of emergency.

4.Use protection software.

Without protection software information is like a hedgehog on the motorway-everyone can get this information and "smash" it! Ideally, network protection software should include virus protection, multiple spyware scanners, and a program that runs in the background to prevent malicious software from ever being installed.

5.Do regullary updates

Every day there are created new computer viruses and malicious softwares, so, what good are all those virus and spyware scanners if they're not updated? It\'s crucial to update what are called the "virus/spyware definitions" every week. This keeps the scanners up-to-date to detect the latest malicious software.

6.Install security patches

Security holes may exist in every operating system. There is no software which is perfect. Once an imperfection or hole is found, it's usually exploited within a very short period of time. Therefore, it is imperative to install security patches as soon as possible because otherwise you let these holes open for worms, trojan horses and other viruses.

7.Don't be creduloud

Ads on the Internet have become devious and deceptive. They now appear as "urgent system messages" and warnings designed to scare users into clicking. As a rule of thumb, if a popup window contains an ad claiming to end popups, chances are it's a scam of some sort.

8.Use encryption

Encryption is a way of coding the information in a file or e-mail message so that if it is intercepted by a third party as it travels over a network it cannot be read. Encryption is especially important when dealing with banking and credit cards. Storing and transferring unencrypted data is the equivalent of posting that data for everyone to see. If you\'re not comfortable implementing encryption technology, ask IT specialist assist you.

9.Trust proffesional service

Don't try to do all yourself, you can't be professional in every area. Setting up a network, applying proper security measures, and downloading and installing software can be tricky. Large companies have IT departments. Small business owners should also ask for advice or even hire help.

10.Proper instruction.

Security measures are most effective if everyone is aware of how the system operates. Better are inform all employies how security system work and what to do if something goes wrong! These tips is not so difficult make in life, but they can really increase your network and information security. Do networking safe or not - it's up to you!

The Basics of Network Security

A network is two or more computers linked together in order to share data. From a security standpoint, the problem with networks is that unauthorized individuals might also be able to access that data. Network security is a term that encompasses your overall system for keeping your network as impenetrable as possible, be it hardware, software, or company policies.

Whether your network consists of two computers or two hundred computers, there are certain basic security measures you should have in place. Most of these measures aren’t complicated or expensive, and they don’t require any particular expertise in networking or computer security.

One of the most basic steps for securing your network is to have anti-virus software in place. Anti-virus software periodically sweeps your computer looking for known viruses. You can also choose to run a anti-virus test at any time. Once run, the software generates a report that lists the viruses detected. You are then able to select which, if any, of the viruses detected you want quarantined and removed. It’s more important that you keep your software up to date because new viruses are created and released every day.

Next, make sure you have a firewall in place. A firewall is like a gatekeeper. It’s a hardware/software combination that allows you to decide what goes in and out of your network. You determine the “trust level” to which your firewall is set. The trust level dictates which network connections will be automatically allowed and which will require specific permission. Firewalls come with a “default” setting which is unlikely to be stringent enough to meet your security needs. For optimum security, you should always manually set the trust settings to a higher degree of scrutiny.

Firewalls and anti-virus software are essential for another very important reason: they help protect your system from adware and spyware. Adware and spyware range from annoying to very dangerous. Adware slows down your system, and generates irritating pop-up ads that interfere with your work. Spyware is much more serious. It tracks your computer usage habits, and basically opens up a door to your network that allows hackers to penetrate your system without your knowing it.

Another simple measure is to regularly download patches for your software. Computer programs are tested for vulnerabilities and possible exploits before they are distributed to the public. However, it’s impossible to detect every single vulnerability in advance. As new exploits are discovered, companies “patch” their programs and software to prevent the exploitation of that vulnerability. Without these patches, the software and programs on your computer remain vulnerable.

Network security also depends on common sense. Weak passwords can cause big problems, but are easily avoided. Never use easy-to-guess passwords like your last name, phone number, or birth date. Always use a combination of letters and numbers. Your best bet is to avoid real words altogether and use a string of numbers and letters that stand for a saying or phrase you can easily remember.

Another common sense security measure is to delete suspicious-looking email. More importantly, never open or download an attachment from an email address you don’t recognize. Doing so could be inviting a virus right into your computer. When in doubt, follow this simple rule: delete without opening.

If your business, you should also put in place security policies to govern the behavior of authorized users. Even authorized users can pose a serious security risk, sometimes without realizing it. For instance, “I love to dance, I love to sing” could be “1L2D1L2S,” with the number 1 replacing the letter I.

Here are a few elements of a solid network security policy:

• Require your employees to change their passwords every 3 months.
• Do not allow employees to post their passwords on their desk or cubicle
• Immediately terminate a departing employee’s access to your network.
• Operate on the computer network equivalent to the “need to know” basis. Only allow an employee access to the programs and data that are essential to his or her job.
• Put all of your security guidelines down in writing, and post them where all of your employees can see them.

You want your network security policy to be tight, but not completely rigid. That is, if a given security measure is proving to be unworkable or a serious inconvenience, be willing to adjust. You can often achieve the same result through different means.

Last, but certainly not least, review your network security on a regular basis. A network that’s secure today may not be secure a few months down the road. Hackers are smart and are constantly developing ways to bypass security measures. Be smarter than the hackers by staying on the cutting edge of network security technology.

Saturday, May 3, 2008

Book Inro: Network Security Tools

Writing, Hacking, and Modifying Security Tools

By Nitesh Dhanjani, Justin Clarke
First Edition April 2005
Pages: 340
ISBN 10: 0-596-00794-9 | ISBN 13: 9780596007942




Book description

This concise, high-end guide shows experienced administrators how to customize and extend popular open source security tools such as Nikto, Ettercap, and Nessus. It also addresses port scanners, packet injectors, network sniffers, and web assessment tools. Network Security Tools is the one resource you want at your side when locking down your network.

If you're an advanced security professional, then you know that the battle to protect online privacy continues to rage on. Security chat rooms, especially, are resounding with calls for vendors to take more responsibility to release products that are more secure. In fact, with all the information and code that is passed on a daily basis, it's a fight that may never end. Fortunately, there are a number of open source security tools that give you a leg up in the battle. Often a security tool does exactly what you want, right out of the box. More frequently, you need to customize the tool to fit the needs of your network structure. Network Security Tools shows experienced administrators how to modify, customize, and extend popular open source security tools such as Nikto, Ettercap, and Nessus. This concise, high-end guide discusses the common customizations and extensions for these tools, then shows you how to write even more specialized attack and penetration reviews that are suited to your unique network environment. It also explains how tools like port scanners, packet injectors, network sniffers, and web assessment tools function. Some of the topics covered include:

* Writing your own network sniffers and packet injection tools
* Writing plugins for Nessus, Ettercap, and Nikto
* Developing exploits for Metasploit
* Code analysis for web applications
* Writing kernel modules for security applications, and understanding rootkits

While many books on security are either tediously academic or overly sensational, Network Security Tools takes an even-handed and accessible approach that will let you quickly review the problem and implement new, practical solutions--without reinventing the wheel. In an age when security is critical, Network Security Tools is the resource you want at your side when locking down your network.