Spelling suggestions: "subject:"ipscs""
61 |
Softwarová podpora výuky kryptografických protokolů / Software support of teaching of cryptography protocolsMarek, Tomáš January 2009 (has links)
Document contains informations about authentication, encryption, data integrity and data authenticity. Next part includes description of well know cryptography protocols, their functions and also their weaknesses. All of these acquired informations were used in concept and final software support for teaching of cryptography protocols, which is able to run on clasic web-browser. Thats why the application was designed as web PHP pages using JavaScript and AJAX, which ensures plaform and OS architecture independency. Besides the descripted and ilustrated part of application there are also interactive parts and animations. The last period contains description of education software and its functions. Source code can be found on the appended CD.
|
62 |
Návrh nových laboratorních úloh pro prostředí GNS3 / Design of new laboratory exercises for GNS3 environmentBarniak, Martin January 2015 (has links)
Diploma thesis deals with four laboratory tasks in simulation environment GNS3. Designed tasks are primarily focused on comparison of IPv4 and IPv6 protocols. In the first task the subject is concerned about OSPFv2 and OSPFv3 routing protocols. Next themes are transit techniques like NAT-PT and tunneling like GRE and 6to4. The second task is focused on configuration of routing protocols like EIGRP and EIGRPv6. Next sections are concerned about DHCP and ICMP protocols within IPv4 and IPv6 protocol suits. The third task is primarily focused on security relations of protocol suite IPv6. It contains OSPFv3 authentication, access lists and Cisco stateful IOS firewall. Content of the fourth task is protocol MPLS. First part of this task is concerned about basic configuration of this protocol and second part is focused on MPLS within IPv6 environment. All tasks contain test questions and individual part task.
|
63 |
IP Security für LinuxParthey, Mirko 19 January 2001 (has links)
Die Nutzung des Internet für sicherheitskritische Anwendungen erfordert kryptographische Schutzmechanismen. IP Security (IPsec) definiert dafür geeignete Protokolle. Diese Arbeit gibt einen Überblick über IPsec. Eine IPsec-Implementierung für Linux (FreeS/WAN) wird auf Erweiterbarkeit und Praxistauglichkeit untersucht. / Using the Internet in security-critical areas requires cryptographic protection, for which IP Security (IPsec) defines suitable protocols. This paper gives an overview of IPsec. A Linux implementation of IPsec is examined under the aspects of extendability and usability.
|
64 |
Optimal Consumer-Centric Delay-Efficient Security Management in Multi-Agent Networks: A Game and Mechanism Design Theoretic ApproachSchlake, Farimehr 01 May 2012 (has links)
The main aspiration behind the contributions of this research work is the achievement of simultaneuos delay-efficiency, autonomy, and security through innovative protocol design to address complex real-life problems. To achieve this, we take a holistic approach. We apply theoretical mathematical modeling implementing implications of social-economic behavioral characteristics to propose a cross-layer network security protocol. We further complement this approach by a layer-specific focus with implementations at two lower OSI layers.
For the cross-layer design, we suggest the use of game and mechanism design theories. We design a network-wide consumer-centric and delay-efficient security protocol, DSIC-S. It induces a Dominant Strategy Incentive Compatible equilibrium among all rational and selfish nodes. We prove it is network-wide socially desirable and Pareto optimal. We address resource management and delay-efficiency through synergy of several design aspects. We propose a scenario-based security model with different levels. Furthermore, we design a valuation system to integrate the caused delay in selection of security algorithms at each node without consumer's knowledge of the actual delays. We achieve this by incorporating the consumer's valuation system, in the calculation of the credit transfers through the Vickrey-Clarke-Groves (VCG) payments with Clarke's pivotal rule. As the utmost significant contribution of this work, we solve the revelation theorem's problem of misrepresentation of agents' private information in mechanism design theory through the proposed design. We design an incentive model and incorporate the valuations in the incentives. The simulations validate the theoretical results. They prove the significance of this model and among others show the correlation of the credit transfers to actual delays and security valuations.
In the layer-specific approach for the network-layer, we implement the DSIC-S protocol to extend current IPsec and IKEv2 protocols. IPsec-O and IKEv2-O inherit the strong properties of DSIC-S through the proposed extensions.
Furthermore, we propose yet another layer-specific protocol, the SME_Q, for the datalink layer based on ATM. We develop an extensive simulation software, SMEQSIM, to simulate ATM security negotiations. We simulate the proposed protocol in a comprehensive real-life ATM network and prove the significance of this research work. / Ph. D.
|
65 |
VIRTUAL PRIVATE NETWORKS : An Analysis of the Performance in State-of-the-Art Virtual Private Network solutions in Unreliable Network ConditionsHabibovic, Sanel January 2019 (has links)
This study aimed to identify the differences between state-of-the-art VPN solutions on different operating systems. It was done because a novel VPN protocol is in the early stages of release and a comparison of it, to other current VPN solutions is interesting. It is interesting because current VPN solutions are well established and have existed for a while and the new protocol stirs the pot in the VPN field. Therefore a contemporary comparison between them could aid system administrators when choosing which VPN to implement. To choose the right VPN solution for the occasion could increase performance for the users and save costs for organizations who wish to deploy VPNs. With the remote workforce increasing issues of network reliability also increases, due to wireless connections and networks beyond the control of companies. This demands an answer to the question how do VPN solutions differ in performance with stable and unstable networks? This work attempted to answer this question. This study is generally concerning VPN performance but mainly how the specific solutions perform under unreliable network conditions.It was achieved by researching past comparisons of VPN solutions to identify what metrics to analyze and which VPN solutions have been recommended. Then a test bed was created in a lab network to control the network when testing, so the different VPN implementations and operating systems have the same premise. To establish baseline results, performance testing was done on the network without VPNs, then the VPNs were tested under reliable network conditions and then with unreliable network conditions. The results of that were compared and analyzed. The results show a difference in the performance of the different VPNs, also there is a difference on what operating system is used and there are also differences between the VPNs with the unreliability aspects switched on. The novel VPN protocol looks promising as it has overall good results, but it is not conclusive as the current VPN solutions can be configured based on what operating system and settings are chosen. With this set-up, VPNs on Linux performed much better under unreliable network conditions when compared to setups using other operating systems. The outcome of this work is that there is a possibility that the novel VPN protocol is performing better and that certain combinations of VPN implementation and OS are better performing than others when using the default configuration. This works also pointed out how to improve the testing and what aspects to consider when comparing VPN implementations.
|
66 |
Mobile IPv4 Secure Access to Home NetworksTang, Jin 29 June 2006 (has links)
With the fast development of wireless networks and devices, Mobile
IP is expected to be used widely so that mobile users can access
the Internet anywhere, anytime without interruption. However, some
problems, such as firewall traversal and use of private IP
addresses, restrict use of Mobile IP. The objective of this thesis
is to design original schemes that can enable a mobile node at
abroad to access its home network as well as the Internet securely
and that can help Mobile IP to be used widely and commercially.
Our solutions are secure, efficient, and scalable. They can be
implemented and maintained easily. In this thesis, we mainly
consider Mobile IPv4, instead of Mobile IPv6. Three research
topics are discussed. In each topic, the challenges are
investigated and the new solutions are presented.
The first research topic solves the firewall traversal problems in
Mobile IP. A mobile node cannot access its firewall-protected home
network if it fails the authentication by the firewall. We propose
that an IPsec tunnel be established between the firewall and the
foreign agent for firewall traversal and that an IPsec transport
security association be shared by the mobile node and a
correspondent node for end-to-end security.
The second topic researches further on firewall traversal problems
and investigates the way of establishing security associations
among network entities. A new security model and a new key
distribution method are developed. With the help of the security
model and keys, the firewall and the relevant network entities set
up IPsec security associations to achieve firewall traversal.
A mobile node from a private home network cannot communicate with
other hosts with its private home address when it is visiting a
public foreign network. A novel and useful solution is presented
in the third research topic. We suggest that the mobile node use
its Network Access Identifier (NAI) as its identification and
obtain a public home address from its home agent. In addition, a
new tunnel between the mobile node and its home agent is proposed.
|
67 |
Naming and security in a mobile, multihomed and multiple interfaces environementMigault, Daniel 26 September 2012 (has links) (PDF)
ISPs are concerned about providing and maintaining the level of security of its End User's communications. A communication is initiated by the End User with a name, and goes on by exchanging packets between two IP addresses. In this thesis, we focused our attention on two main points: (1) providing a secure Naming service, and (2) making IPsec communication resilient to IP address modification, addition or lost of an interface. We designed MOBIKE-X for that purpose and propose it as a standard at the IETF
|
68 |
Whiteboxrouter för små kontorsnätverk - En prestandajämförelseLundberg, Carl January 2018 (has links)
Inom nätverksbranchen finns en strävan att gå från proprietära lösningar till en öppen standard för hård- och mjukvara. En term för detta är Whiteboxing och det innebär att användaren ges möjlighet att plocka ihop komponenter efter behov, och själv välja vilken mjukvara som används. I sin enklaste form byggs en Whiteboxrouter av en konventionell PC med två nätverkskort och en mjukvarubaserad routingapplikation. Företaget ÅF är intresserade av att veta hur Whitebox-lösningar för routrar står sig prestandamässigt i relation till konventionella routerlösningar med Application Specific Integrated Circuit. Detta arbete har undersökt prestandan genom att mäta throughput och goodput hos en Cisco 2911-router, en Whiteboxrouter med mjukvaran pfSense, samt en Whiteboxrouter som körde pfSense virtualiserat på ESXi. Dessutom undersöktes respektive konfigurations prestanda när trafiken skickades över IPsec VPN. För mätningarna användes filöverföringar med FTP och mätprogrammet Iperf3. Målet med arbetet var att skapa ett beslutsunderlag som klargjorde eventuella prestandaskillnader och utarbetade rekommendationer för framtida val av routerlösning. Resultatet visade att vid generell paketförmedling var prestandan mellan routrarna relativt jämn, dock rekommenderas den virtualiserade Whiteboxroutern då den fick det bästa resultatet. När trafiken sedan krypterades med IPsec VPN var det stora prestandaskillnader mellan enheterna. Bäst prestanda fick Whiteboxroutern. Författaren ser en vinning med Whitebox-tekniken i stort då den medger att serverutrustning som ska utrangeras på grund av prestandakrav, istället kan fungera som nätverksutrustning (routrar och brandväggar) och fortsätta användas under en större del av den tekniska livslängden. Detta kan på sikt leda till minskad miljöpåverkan och besparingar för företaget.
|
69 |
Security in VoIP-Current Situation and Necessary DevelopmentGao, Li Li January 2006 (has links)
Nowadays, VoIP is getting more and more popular. It helps company to reduce cost, extends service to remote area, produce more service opportunities, etc. Besides these advantages, VoIP also put forward security problems. In this paper, we introduce the popular protocols in VoIP and their security mechanisms, by introducing threats to VoIP, we point out the vulnerabilities with the security mechanisms of each VoIP protocol, and give recommendation for each VoIP protocol. In the conclusion part, we evaluate the vulnerabilities of each protocol, and point out in the future, with better protocol architecture, enhanced security policies, VoIP will has a brighter future.
|
70 |
Zabezpečený peer to peer komunikační systém / Secure peer-to-peer communication systemEliáš, Luboš January 2008 (has links)
The main aim of this master's thesis is to implement a common, secure and peer-to-peer communication system. The system has ability to automatically establish and run a secure end-to-end connection. It has this ability even if a network address translator is in the way to the destination system, without need of any explicit configuration of this translator. The security procedures of this system are in a transparent manner masked from individual applications, which had to solve this challenge in their own way. A responsibility for a security is delegate to an application-independent subsystem working within the core of an operating system. The security of this subsystem is based on capturing the outbound and inbound IP packets and their authentication and encryption. The system was successfully implemented in MS Windows XP operating system, in programming language C++. Transfer rate of communication tunnel in different network bandwidth speeds was measured. Result shows, that in the case of use the system on standard PC sold nowadays is practically no decrease of the transfer rate in comparison to a common channel.
|
Page generated in 0.0466 seconds