Global ETD Search

111	Designing and implementing a small scale Internet Service Provider Brown, Johan, Gustafsson Brokås, Alexander, Hurtig, Niklas, Johansson, Tobias January 2009 (has links) <p>The objective of this thesis is to design and implement a small scaleInternet Service Provider (ISP) for the NetCenter sub department atMälardalen University. The ISP is intended to give NetCenter a networkseparate from the University’s network, providing them with a moreflexible environment for lab purposes. This will give their students anopportunity to experience a larger backbone with Internet accessibility,which has not been previously available. At the same time it will place theteachers in control of the network in the NetCenter lab premises.The network is designed with a layered approach including an Internetaccess layer, a larger core segment and a distribution layer with aseparated lab network. It also incorporates both a public and a privateserver network, housing servers running e.g. Windows Active Directory,external DNS services, monitoring tools and logging applications. TheInternet access is achieved by peering with SUNET providing a full BGPfeed.This thesis report presents methods, implementations and results involvedin successfully creating the NetCenter ISP as both a lab network and anInternet provider with a few inevitable shortcomings; the most prominentbeing an incomplete Windows Domain setup.</p> Computer science Datavetenskap
112	Securing Network Connected Applications with Proposed Security Models Konstantaras, Dimitrios, Tahir, Mustafa January 2008 (has links) <p>In today’s society, serious organizations need protection against both internal and external attacks. There are many different technologies available that organizations can incorporate into their organization in order to enhance security for their networking applications. Unfortunately, security is way to often considered as an afterthought and therefore implemented as an external part of the applications. This is usually performed by introducing general security models and technologies.</p><p>However, an already developed, well structured and considered security approach – with proper implementation of security services and mechanisms – different security models can be used to apply security</p><p>within the security perimeter of an organization. It can range from built into the application to the edge of a private network, e.g. an appliance. No matter the choice, the involved people must possess security expertise to deploy the proposed security models in this paper, that have the soul purpose to secure applications.</p><p>By using the Recommendation X.800 as a comparison framework, the proposed models will be analyzed in detail and evaluated of how they provide the security services concerned in X.800. By reasoning about what security services that ought to be implemented in order to prevent or detect diverse security attacks, the organization needs to carry out a security plan and have a common understanding of the deﬁned security policies.</p><p>An interesting ﬁnding during our work was that, using a methodology that leads to low KLOC-values results in high security, though low KLOC-values and high security go hand-in-hand.</p> Security service security mechanism security protocol security policy X.800 standard attacks application proxy firewall Virtual Private Network (VPN) plugin filter Team Software Process (TSP) IPsec Common Criteria (CC) DMZ Computer science Datavetenskap
113	Study of mechanisms ensuring service continuity for IKEv2 and IPsec protocols Palomares Velasquez, Daniel 14 November 2013 (has links) (PDF) During 2012, the global mobile traffic represented 70\% more than 2011. The arrival of the 4G technology introduced 19 times more traffic than non-4G sessions, and in 2013 the number of mobile-connected to the Internet exceeded the number of human beings on earth. This scenario introduces great pressure towards the Internet service providers (ISPs), which are called to ensure access to the network and maintain its QoS. At short/middle term, operators will relay on alternative access networks in order to maintain the same performance characteristics. Thus, the traffic of the clients might be offloaded from RANs to some other available access networks. However, the same security level is not ensured by those wireless access networks. Femtocells, WiFi or WiMAX (among other wireless technologies), must rely on some mechanism to secure the communications and avoid untrusted environments. Operators are mainly using IPsec to extend a security domain over untrusted networks. This introduces new challenges in terms of performance and connectivity for IPsec. This thesis concentrates on the study of the mechanism considering improving the IPsec protocol in terms of continuity of service. The continuity of service, also known as resilience, becomes crucial when offloading the traffic from RANs to other access networks. This is why we first concentrate our effort in defining the protocols ensuring an IP communication: IKEv2 and IPsec. Then, we present a detailed study of the parameters needed to keep a VPN session alive, and we demonstrate that it is possible to dynamically manage a VPN session between different gateways. Some of the reasons that justify the management of VPN sessions is to provide high availability, load sharing or load balancing features for IPsec connections. These mechanisms increase the continuity of service of IPsec-based communication. For example, if for some reason a failure occurs to a security gateway, the ISP should be able to overcome this situation and to provide mechanisms to ensure continuity of service to its clients. Some new mechanisms have recently been implemented to provide High Availability over IPsec. The open source VPN project, StrongSwan, implemented a mechanism called ClusterIP in order to create a cluster of IPsec gateways. We merged ClusterIP with our own developments in order to define two architectures: High Availability and Context Management over Mono-LAN and Multi-LAN environments. We called Mono-LAN those architectures where the cluster of security gateways is configured under a single IP address, whereas Multi-LAN concerns those architectures where different security gateways are configured with different IP addresses. Performance measurements throughout the thesis show that transferring a VPN session between different gateways avoids re-authentication delays and reduce the amount of CPU consumption and calculation of cryptographic material. From an ISP point of view, this could be used to avoid overloaded gateways, redistribution of the load, better network performances, improvements of the QoS, etc. The idea is to allow a peer to enjoy the continuity of a service while maintaining the same security level that it was initially proposed [INFO:INFO_OH] Computer Science/Other [INFO:INFO_OH] Informatique/Autre IPsec IKEv2 Resilience Context transfer High availability VPN management Virtual private network
114	Securing Network Connected Applications with Proposed Security Models Konstantaras, Dimitrios, Tahir, Mustafa January 2008 (has links) In today’s society, serious organizations need protection against both internal and external attacks. There are many different technologies available that organizations can incorporate into their organization in order to enhance security for their networking applications. Unfortunately, security is way to often considered as an afterthought and therefore implemented as an external part of the applications. This is usually performed by introducing general security models and technologies. However, an already developed, well structured and considered security approach – with proper implementation of security services and mechanisms – different security models can be used to apply security within the security perimeter of an organization. It can range from built into the application to the edge of a private network, e.g. an appliance. No matter the choice, the involved people must possess security expertise to deploy the proposed security models in this paper, that have the soul purpose to secure applications. By using the Recommendation X.800 as a comparison framework, the proposed models will be analyzed in detail and evaluated of how they provide the security services concerned in X.800. By reasoning about what security services that ought to be implemented in order to prevent or detect diverse security attacks, the organization needs to carry out a security plan and have a common understanding of the deﬁned security policies. An interesting ﬁnding during our work was that, using a methodology that leads to low KLOC-values results in high security, though low KLOC-values and high security go hand-in-hand. Security service security mechanism security protocol security policy X.800 standard attacks application proxy firewall Virtual Private Network (VPN) plugin filter Team Software Process (TSP) IPsec Common Criteria (CC) DMZ Computer Sciences Datavetenskap (datalogi)
115	Traffic Engineering with MPLS and QOS Ikram, Imran January 2009 (has links) In the modern era there exist applications that require very high resources and generate a tremendous amount of traffic so they require considerable amount of bandwidth and QOS to operate and perform correctly. MPLS is a new and a fast technology that offers much remuneration both in terms of providing trouble-free and efficient security together with the high speed of switching. MPLS not only guarantees quality of service of IP networks but in addition to provides scope for traffic engineering it offers many enhanced features of IP networks as it does not replace IP routing, but works along with existing and future routing technologies to provide high-speed data forwarding between label-switched routers (LSRs) together with QOS. Many network carriers are facing the problem of how to accommodate such ever-growing demands for bandwidth. And the static nature of current routing algorithms, such as OSPF or IS-IS, the situation is going even worse since the traffic is concentrated on the "least cost" paths which causes the congestion for some links while leaving other links lightly loaded. Therefore, MPLS traffic engineering is proposed and by taking advantage of MPLS, traffic engineering can route the packets through explicit paths to optimize network resource utilization and traffic performance. MPLS provides a robust quality of service control feature in the internet. MPLS class of service feature can work in accordance with other quality of service architectures for IP networks. MPLS IP TE QOS LSR LER LSP ER-LSP L-LSP CR-LDP RSVP-TE Exp COS FEC VPN LDP Ingress Egress OSPF Diffserv Interserv NHOP NNHOP Computer Sciences Datavetenskap (datalogi) Telecommunications Telekommunikation
116	Designing and implementing a small scale Internet Service Provider Brown, Johan, Gustafsson Brokås, Alexander, Hurtig, Niklas, Johansson, Tobias January 2009 (has links) The objective of this thesis is to design and implement a small scaleInternet Service Provider (ISP) for the NetCenter sub department atMälardalen University. The ISP is intended to give NetCenter a networkseparate from the University’s network, providing them with a moreflexible environment for lab purposes. This will give their students anopportunity to experience a larger backbone with Internet accessibility,which has not been previously available. At the same time it will place theteachers in control of the network in the NetCenter lab premises.The network is designed with a layered approach including an Internetaccess layer, a larger core segment and a distribution layer with aseparated lab network. It also incorporates both a public and a privateserver network, housing servers running e.g. Windows Active Directory,external DNS services, monitoring tools and logging applications. TheInternet access is achieved by peering with SUNET providing a full BGPfeed.This thesis report presents methods, implementations and results involvedin successfully creating the NetCenter ISP as both a lab network and anInternet provider with a few inevitable shortcomings; the most prominentbeing an incomplete Windows Domain setup. Computer Sciences Datavetenskap (datalogi)
117	Enhancing security and scalability of Virtual Private LAN Services Liyanage, M. (Madhusanka) 21 November 2016 (has links) Abstract Ethernet based VPLS (Virtual Private LAN Service) is a transparent, protocol independent, multipoint L2VPN (Layer 2 Virtual Private Network) mechanism to interconnect remote customer sites over IP (Internet Protocol) or MPLS (Multiprotocol Label Switching) based provider networks. VPLS networks are now becoming attractive in many Enterprise applications, such as DCI (data center interconnect), voice over IP (VoIP) and videoconferencing services due to their simple, protocol-independent and cost efficient operation. However, these new VPLS applications demand additional requirements, such as elevated security, enhanced scalability, optimum utilization of network resources and further reduction in operational costs. Hence, the motivation of this thesis is to develop secure and scalable VPLS architectures for future communication networks. First, a scalable secure flat-VPLS architecture is proposed based on a Host Identity Protocol (HIP). It contains a session key-based security mechanism and an efficient broadcast mechanism that increase the forwarding and security plane scalability of VPLS networks. Second, a secure hierarchical-VPLS architecture is proposed to achieve control plane scalability. A novel encrypted label-based secure frame forwarding mechanism is designed to transport L2 frames over a hierarchical VPLS network. Third, a novel Distributed Spanning Tree Protocol (DSTP) is designed to maintain a loop free Ethernet network over a VPLS network. With DSTP it is proposed to run a modified STP (Spanning Tree Protocol) instance in each remote segment of the VPLS network. In addition, two Redundancy Identification Mechanisms (RIMs) termed Customer Associated RIMs (CARIM) and Provider Associated RIMs (PARIM) are used to mitigate the impact of invisible loops in the provider network. Lastly, a novel SDN (Software Defined Networking) based VPLS (Soft-VPLS) architecture is designed to overcome tunnel management limitations in legacy secure VPLS architectures. Moreover, three new mechanisms are proposed to improve the performance of legacy tunnel management functions: 1) A dynamic tunnel establishment mechanism, 2) a tunnel resumption mechanism and 3) a fast transmission mechanism. The proposed architecture utilizes a centralized controller to command VPLS tunnel establishment based on real-time network behavior. Hence, the results of the thesis will help for more secure, scalable and efficient system design and development of VPLS networks. It will also help to optimize the utilization of network resources and further reduction in operational costs of future VPLS networks. / Tiivistelmä Ethernet-pohjainen VPLS (Virtual Private LAN Service) on läpinäkyvä, protokollasta riippumaton monipisteverkkomekanismi (Layer 2 Virtual Private Network, L2VPN), jolla yhdistetään asiakkaan etäkohteet IP (Internet Protocol)- tai MPLS (Multiprotocol Label Switching) -yhteyskäytäntöön pohjautuvien palveluntarjoajan verkkojen kautta. VPLS-verkoista on yksinkertaisen protokollasta riippumattoman ja kustannustehokkaan toimintatapansa ansiosta tullut kiinnostavia monien yrityssovellusten kannalta. Tällaisia sovelluksia ovat esimerkiksi DCI (Data Center Interconnect), VoIP (Voice over IP) ja videoneuvottelupalvelut. Uusilta VPLS-sovelluksilta vaaditaan kuitenkin uusia asioita, kuten parempaa tietoturvaa ja skaalautuvuutta, optimaalista verkkoresurssien hyödyntämistä ja käyttökustannusten pienentämistä entisestään. Tämän väitöskirjan tarkoituksena onkin kehittää turvallisia ja skaalautuvia VPLS-arkkitehtuureja tulevaisuuden tietoliikenneverkoille. Ensin väitöskirjassa esitellään skaalautuva ja turvallinen flat-VPLS-arkkitehtuuri, joka perustuu Host Identity Protocol (HIP) -protokollaan. Seuraavaksi käsitellään istuntoavaimiin perustuvaa tietoturvamekanismia ja tehokasta lähetysmekanismia, joka parantaa VPLS-verkkojen edelleenlähetyksen ja tietoturvatason skaalautuvuutta. Tämän jälkeen esitellään turvallinen, hierarkkinen VPLS-arkkitehtuuri, jolla saadaan aikaan ohjaustason skaalautuvuus. Väitöskirjassa kuvataan myös uusi salattu verkkotunnuksiin perustuva tietokehysten edelleenlähetysmekanismi, jolla L2-kehykset siirretään hierarkkisessa VPLS-verkossa. Lisäksi väitöskirjassa ehdotetaan uuden Distributed Spanning Tree Protocol (DSTP) -protokollan käyttämistä vapaan Ethernet-verkkosilmukan ylläpitämiseen VPLS-verkossa. DSTP:n avulla on mahdollista ajaa muokattu STP (Spanning Tree Protocol) -esiintymä jokaisessa VPLS-verkon etäsegmentissä. Väitöskirjassa esitetään myös kaksi Redundancy Identification Mechanism (RIM) -mekanismia, Customer Associated RIM (CARIM) ja Provider Associated RIM (PARIM), joilla pienennetään näkymättömien silmukoiden vaikutusta palveluntarjoajan verkossa. Viimeiseksi ehdotetaan uutta SDN (Software Defined Networking) -pohjaista VPLS-arkkitehtuuria (Soft-VPLS) vanhojen turvallisten VPLS-arkkitehtuurien tunnelinhallintaongelmien poistoon. Näiden lisäksi väitöskirjassa ehdotetaan kolmea uutta mekanismia, joilla voidaan parantaa vanhojen arkkitehtuurien tunnelinhallintatoimintoja: 1) dynaaminen tunnelinluontimekanismi, 2) tunnelin jatkomekanismi ja 3) nopea tiedonsiirtomekanismi. Ehdotetussa arkkitehtuurissa käytetään VPLS-tunnelin luomisen hallintaan keskitettyä ohjainta, joka perustuu reaaliaikaiseen verkon käyttäytymiseen. Tutkimuksen tulokset auttavat suunnittelemaan ja kehittämään turvallisempia, skaalautuvampia ja tehokkaampia VLPS järjestelmiä, sekä auttavat hyödyntämään tehokkaammin verkon resursseja ja madaltamaan verkon operatiivisia kustannuksia. Host Identity Protocol Software Defined Networking Spanning Tree Protocol Virtual Private LAN Services Virtual Private Networks network security scalability Host Identity Protocol Software-defined Networking (SDN) Spanning Tree Protocol VPLS VPN-verkot skaalautuvuus verkon tietoturva
118	Produktive und sichere Netzanwendungen Wolf, L., Richter, F., Heik, A., Meyer, R., Ehrig, M., Heide, G., Fischer, G., Kalfa,, Junghaenel, J., Parthey, M., Grunewald, D., Huebner,, Sontag, R., Riedel, W., Harder, F., Becher, M., Mueller, T., Ziegler, C., Anders, J., Breiler, A., Friedrich, R., Koehler, S. 13 July 1999 (has links) Gemeinsamer Workshop von Universitaetsrechenzentrum und Professur Rechnernetze (Fakultaet Informatik) der TU Chemnitz. Globales Thema: Produktive und sichere Netzanwendungen Zertifikate Netzinfrastruktur Internettelefonie IPP Druckdienst GNOME VMWARE NT vs. Linux RADIUS VPN Y2K WebDAV RSF webbasierte Dokumentenerstellung Beowulf-Cluster Fileserving-Infrastruktur Backupdienst AMANDA VRML-2 JAVA Server Pages ddc:004 IPSec XML PHP
119	Modul rozšiřující funkcionalitu GDPR řešení / Module Extending Functionality of GDPR Solution Janeček, Vít January 2018 (has links) The goal of this thesis is to introduced the principles of access control technologies, the General Data Protection Regulation and the software for data leakage protection. An essential part of the work is a draft and implementation of the expansion module for user device authentication including shared storage access authorization. Therefore, this module allows to verify whether a user can access shared corporate resources. It also allows to enable or disable access based on specified attributes, such as the type of the protected service or user permission. The basic verification of the module's functionality is realized through different sets of tests and a virtual environment that simulates the corporate environment. The result of the draft is a module that allows to verify access based on the device, and this module is moreover integrated into the Safetica security platform.
120	Vzdálené školící pracoviště / Remote training station Kučera, Tomáš January 2019 (has links) The purpose of the thesis is design and contruction of remote training station for training with Schneider Electric products. Its purpose is to introduce company PLCs, familirize user with configuring variable speed drives and servo drives and prezenting Machine Advisor and EcoStruxure Augmented Operator Advisor online servives The begining is dedicated to introduction to company and a range of its products in the field of industrial automation. In second chapter, I select components for building training station. Third chapter is dedicated to assembly of station. In fourth chaper I describe programing of individual elements and example.

Search results