Award: Module Title: Assignment Title: Examination C cle: Candidate Name: NCC Education Candidate No: Su*mission Date

:

Postgraduate Diploma in Strategic Business IT Computer Networking and Management Computer Networking and Management !une "##$ Da%id Tan Aik C&uan "'()(#

Marker+s comments: Moderator+s comments: Mark: Moderated Mark ,inal Mark

i

Statement and Con-irmation o- .wn /ork
Programme01uali-ication name:

Student declaration
I &a%e read and understood NCC Education+s polic on Academic Dis&onest and Plagiarism2 I can con-irm t&e -ollowing details: Student ID03egistration num*er: Name: Centre Name: Module Name: Module 6eader:

"'()(#

Da%id Tan Aik C&uan 3a--les Education Corp2 4Singapore5 Computer Networking and Management I%an

Num*er o- words: '788# I con-irm t&at t&is is m own work and t&at I &a%e not plagiari9ed an part o- it2 I &a%e also noted t&e assessment criteria and pass mark -or assignments2 Due date: Student Signature: Su*mitted Date:

ii

Computer Networking and Management Table of Contents
TABLE OF CONTENTS........................................................................................................

iii

TASK 1. THE INTERNET INFRASTRUCTURE AT OPUS IT SERVICES PTE., LTD.
a. Undertake an investigation of an Internet infrastructure in your workplace or college. Produce a report of your findings, including appropriate screen dumps, with reference to the following: i. Networking server and client operating system environment ii. Hardware, NIC, HU !"!#I$CH%! and other network appliances iii. $H&%% internet ena'led client applications availa'le at the organisation '. (or the networked server and clients investigated in a) a'ove, report in detail with a specially created diagram using *!+,isio or any -pen source diagramming software, the following: i. Connectivity to the outside world ./0N, #0N, ,PN, 01!/, #I(I etc.) ii. IP addressing logic for the networked machines c. 1efine the hardware"software components compulsorily re2uired for ma3imum security in a typical internet setup. Investigate the components availa'le"not availa'le from a real scenario and produce an e3ecutive report with your comments and recommendations.

8282 Introduction
T&is task descri*es t&e internet in-rastructure at .pus IT Ser%ices PTE27 6td2 4.pus57 an IT ser%ice compan in Singapore2 T&is section descri*es t&e ser%ers7 operating s stems7 and &ardware maintained in t&e compan : and &ow t&e in-rastructure connects to t&e outside world7 including securit measures adopted to make t&e entire s stem -ree -rom malicious attacks2 .pus pro%ides its clients wit& t&e -ollowing ser%ices:

!atabase

SOL"T ONS CO#E$ !ATABASE

NF$AST$"CT"$E TO TS CL ENTS.
%ro&ess'met(odolog)

S A SE$# CE T*AT A!# SES CL ENTS

TO ENS"$E T*AT %$OCESSES A!*E$E TO STAN!A$! AN! CONS STENT %$OCESSES.

1

its clients2 Attac&ed to t&ese ser%ers are de%ices t&at are speci-icall con-igured to per-orm t&e ser%ices o--ered * ..pus2 T&e networking ser%er and client operating s stem en%ironment is grap&icall descri*ed in Figure -.to+s on desktops7 ser%er and network7 > @irus eradication and protection7 > Tec&nical and usage =uestions7 > .Outsour&ing IS A &elpdesk7 call centre and on.ing t&e computing needs o.to.P<S .igure 8282 Networking ser%er and client operating s stem en%ironment 2 .pus IT Ser%ices To *e a*le to pro%ide all its ser%ices7 .IT Ser%ices is a token.*elow2 .lexi. T SE$# CES is a telep&one and onsite ser%ice support plan o--ered to clients to assist t&em in maintaining IT &ardware and so-tware on a need.usage ser%ice plan w&ere clients can call -or &elp in answering suc& =uestions as: > ?ow. acti%ate *asis2 .pus maintains ser%ers t&at are reser%ed -or satis.site support ser%ice pro%ided to clients2 Fle+i.*ased7 multi.perating s stems =uestions7 and > Isolating pro*lems related to computer &ardware7 perip&erals7 local area network media0connection and so-tware 82"2 T&e internet in-rastructure at .

si9ed7 and enterprise *ranc& o--ices7 and industrial en%ironments to select t&e rig&t com*ination -or t&e network edge2 It uses t&e Standard Image 4SI5 So-tware -or *asic data7 %ideo and %oice ser%ices2 T&e En&anced Image 4EI5 So-tware is used -or rate limiting and securit -iltering2 T&e Cisco Cluster Management Suite 4CMS5 So-tware7 allows users to simultaneousl con-igure and trou*les&oot multiple desktop switc&es using a standard we* *rowser2 3 .!e.i&es used in t(e Opus s)stem T&e .wide intelligent ser%ices suc& as ad%anced =ualit oser%ice 41oS57 rate limiting7 access control lists 4AC6s57 multicast management7 and &ig&.pus s stem is composed o.a CCS C)AB# #8 core switc&7 a CCS C"$A# #8 edge switc& and a @6AN "8# ITE agent2 T&e Cisco Catal st )AB# #8 core switc& is a -ixed.o--ice en%ironments7 com*ining *ot& 8#08##08### and PoE con-igurations -or IP telep&on 7 wireless access7 %ideo sur%eillance7 *uilding management s stems7 and remote %ideo2 Customers are a*le to deplo network.con-iguration access la er switc& -or *ranc&.so-tware and con-iguration t&at allows small7 mid. per-ormance IP routing2 T&e Cisco Catal st "$A# #8 edge switc&7 on t&e ot&er &and7 pro%ides -ast et&ernet and giga*it et&ernet connecti%it 2 T&is &as two sets o.

/7 as -ollows: 4 .ailable at Opus T&ree Internet.nternet.site support ser%ice2 82)2 Connecti%it Approac& T&e connecti%it o.pus include &elpdesk7 call centre and on.t&e .ena*led client applications t&at is o--ered * .pus s stem to t&e outside world is t&roug& 6ANs and gatewa s7 s&own grap&icall in Figure -.enabled &lient appli&ations a.

pus s stem -ollows su*netting to allow t&e creation omultiple logical networks t&at exist wit&in t&e Class A network2 T&is approac& ena*les ..pus s stem % addressing logi& for t(e networked ma&(ines T&e IP addressing logic used in t&e ..pus to use more t&an one network in t&e s stem2 T&e s stem also uses Classless Interdomain 3outing 4CID35 to impro%e address space utili9ation and routing scala*ilit in t&e Internet2 82(2 3e=uired securit s stems in a t pical internet setup T&e internet set up at .igure 82"2 Connecti%it o.pus complies wit& t&e -ollowing conditions re=uired -or computer securit : 1 .

networks t&at are attac&ed to t&e -irewall ser%er t&roug& network adapter cards2 T&e trusted networks co%er t&e -irewall ser%er and 1 .pus &as adopted t&e -ollowing measures to minimi9e t&e risk o.&ugging tra--ic2 )2 Attack Pre%ention Internet attacks suc& as unaut&ori9ed access7 alteration or t&e-t o.pus uses a met&odolog to anal 9e and prioriti9e risks2 T&is met&odolog allows t&e sc&eduling o.o-.remedial measures2 (2 Securit .pus continuousl optimi9es network per-ormance t&roug& continuing polic re-inements and s stem design impro%ements7 and using products t&at *lock *andwidt&.minimi9ing risk <se o.securit measures in place and compares t&em to *est practices2 T&en7 impro%ements are designed and implemented2 "2 Network A%aila*ilit and Per-ormance .%irus protection so-tware7 and periodic c&anges in passwords2 Et&ical &acking is also conducted periodicall to identi.weak areas in t&e s stem and ena*le t&e design and implementation o.data7 worm and %irus in-iltrations7 and denial.sensiti%e in-ormation2 .ser%ice attacks continuousl plague t&e s stem Also common are unaut&ori9ed grade c&anges7 data tampering7 persistent pro*lems wit& critical s stems and t&e-t o.pus &as identi-ied t&e t pe o.securit measures in order o.importance2 .trusted networks /&en setting up t&e -irewall ser%er7 .82 3egulator Compliance To pre%ent data securit *reac&es7 .pus conducts periodic gap anal ses o.implementation o.pus &as implemented measures to stops t&ese attacks2 T&ese measures include use o.attacks: Met&od oattack 82 Network packet sni--ers 3isk Can get critical s stem in-ormation7 suc& as user account in-ormation and passwords2 /&en an attacker /a s o.t&e current status o.

pus+ securit perimeter2 /&en setting up t&e ..or communications t&at originate on a @PN7 securit mec&anisms allow t&e -irewall ser%er to aut&enticate t&e origin7 data integrit 7 and ot&er securit measures en-orced on trusted networks2 <ntrusted Networks <ntrusted networks are networks t&at are known to *e outside .pus -irewall ser%er7 we identi-ied t&e untrusted networks -rom w&ic& t&at -irewall can accept re=uests2 <nknown Networks <nknown networks are unknown to t&e -irewall *ecause we cannot tell t&e -irewall ser%er t&at t&e network is a trusted or an untrusted network2 T&e -irewall t&ere-ore applies its set securit polic 2 Esta*lis&ing a Securit Perimeter A critical part o.pus+ o%erall securit solution is a network firewall7 w&ic& monitors tra--ic crossing network perimeters and imposes restrictions according to securit polic 2 Perimeter routers are -ound at t&e network *oundar 7 suc& as *etween pri%ate networks7 intranets7 extranets7 or t&e Internet2 .o*tains t&e correct account in-ormation7 an attacker gains access to a s stem.le%el user account7 w&ic& t&e attacker uses to create a new account t&at can *e used at an time as a *ack door to get into a network and its resources2 all networks a-ter it2 @irtual pri%ate networks 4@PNs5 &owe%er7 are also considered as trusted networks2 T&e packets t&at start on a @PN are considered to -rom t&e internal perimeter network2 .irewalls separate internal and external networks2 T&e .pus network securit polic -ocuses on controlling t&e network tra--ic and usage2 It identi-ies its resources and t&reats7 de-ines use and responsi*ilities7 and executes actions w&en t&e securit polic is %iolated2 2 .

*ot& num*ers and special c&aracters2 Bot& passwords and passp&rases are logged t&roug& t&e use o.pus &as designated t&e networks o.Perimeter Networks .critical network -iles and ser%ices2 An example is an attacker modi. Implementing ingress and egress -iltering on routers2 An access control list *locks unwanted pri%ate IP addresses2 T&e -ilter &as *een designed not to accept addresses -rom wit&in t&e network .pus network -rom sending spoo-ed tra--ic to t&e Internet2 En&r)ption and Aut(enti&ation C <se oencr ption and aut&entication reduces spoo-ing2 T&is is done in a secure c&annel2 4Matt&ew Tanase.a ke logger2 "se of biometri&s T&e *iometric s stems applied co%er -ingerprint s stem and %oice recognition2 4Danc&o Danc&e%0 !anuar '7 "##A5 "2 IP spoo-ing Can pro%ide access to user accounts and passwords2 An attacker can t&en emulate one internal user to send e. March 11.ing t&e routing ta*les -or our network2 B doing so7 t&e attacker ensures t&at all network packets are routed to &is computer *e-ore t&e are transmitted to t&eir -inal destination2 3 . 2003) .n t&e upstream inter-ace7 source addresses outside t&e network are restricted t&ere* pre%enting someone on .computers t&at are to *e protected and de-ined t&e network securit mec&anisms t&at protect t&em2 T&us t&e -irewall ser%er ser%es as t&e gatewa -or communications *etween trusted networks and untrusted and unknown networks2 T&e -ollowing measures &a%e *een done: Filtering at t(e $outer .password attacks: "se of passp(rases Passp&rases are somet&ing t&at one alwa s remem*er7 eit&er a =uote7 -a%orite sentence or a com*ination o.pus &as adopted t&e -ollowing measures to minimi9e t&e risk o. mail messages to *usiness partners t&at appear to &a%e originated -rom someone wit&in our organi9ation2 )2 Password attacks Can pro%ide access to accounts t&at can *e used to modi.

it) atta&ks T&ese attacks o%erload t&e %ictim so t&at its TCP0IP stack is not a*le to &andle an -urt&er connections7 and processing =ueues are completel -ull wit& nonsense malicious packets2 6egitimate connections are t&us denied2 To protect t&e network against connecti%it attacks7 t&e -ollowing &as *een done: . <sed a -irewall at t&e perimeter w&ic& works as an intermediar in -orwarding t&e connections to t&e ser%er2 4A*&is&ek Sing&7 CISSP Decem*er 8(7 "##A5 1 . Decreased t&e TCP Connection Timeout on t&e .pus ser%er2 . Den communication2 . ?ang t&e s stem2 %rote&tion measures against atta&ks Amplifier Configuration.er operating s)stems2 Ser%ers are con-igured so t&at t&e will not respond to a directed *roadcast re=uest2 Network &onne&ti.(2 Denial. Bring t&e s stem down or &a%e it operate at a reduced speed2 . Cras& t&e s stem2 .t&e s stem to ot&ers w&o need its ser%ices2 DoS attacks do t&e -ollowing: .o-. T&e routers are con-igured so t&at it does not -orward directed *roadcasts onto networks2 All *roadcast are disa*led on all routers2 T&is ensures t&at emplo ees on t&e internal network wonDt *e a*le to launc& attacks2 A -irewall gi%es additional securit 2 Configuration of ser. ser%ice attacks T&ese attacks make a ser%ice una%aila*le -or normal use7 w&ic& is accomplis&ed * ex&austing some resource limitation on t&e network or wit&in an operating s stem or application2 T&e moti%ation -or DoS attacks is not to *reak into a s stem2 Instead7 it is to den t&e use o.

"282 Introduction T&ere are tec&nologies and tools a%aila*le -or network management -unctions2 T&ere is7 &owe%er7 no single solution a%aila*le to address all t&e -ollowing network management areas: 82 network de%ice and application -ault management7 "2 network de%ice and application con-iguration management7 )2 network utili9ation and accounting management7 (2 network per-ormance management7 and A2 securit management2 4Networkdictionar 2com7 Network Management Tec&nologies7 accessed April "#7 "##$5 &ttp:00www2networkdictionar 2com0networking0NetworkManagementTec&nologies2p&p T&is task descri*es t&e %arious network management -unctions7 and examples o.FIES a.3E MANAFEMENT TEC?N.unctions T&e -ollowing are t&e -unctions o.network -aults w&ic& mig&t *e detected * network management tec&nologies2 "2"2 . -utline two e3amples of network faults which might 'e detected using network management technologies.networked s stems2 T&is entit 7 usuall a ser%er7 keeps t&e network 4and t&e ser%ices t&at t&e network pro%ides5 operating smoot&l 2 It also monitors t&e network to spot pro*lems ideall 2 . %3plain the function of the following in the conte3t of network management: 4 4 4 4 4 0 managing entity 0 managed device 0 managed o'5ect 0 management information 'ase 0 network management protocol '.TASE "2 NET/.6.a managing entit 7 a managed de%ice7 a managed o*Gect7 a management in-ormation *ase 4MI@57 and a network management protocol2 82 Managing entit A network managing entit re-ers to t&e &ardware t&at monitors t&e operation o.

undamentals7 CiscoPress7 "##B5 "2 Managed de%ice A managed de%ice is a network node t&at contains an simple network protocol 4SNMP5 agent and t&at resides on a managed network2 Managed de%ices gat&er and sa%e in-ormation and make t&is a%aila*le to network management s stems 4NMSs5 using SNMP2 Managed de%ices7 sometimes called network elements7 can *e an t pe o.SNMP agents &ad to *e polled -or in-ormation7 increasing tra--ic * Gust getting tra--ic -low in-ormation2 Because o.*e-ore users are a--ected2 4A2 Clemm7 A27 Network Management .TCP0IP Alread implemented SNMP • Disad%antages Too muc& network tra--ic due to polling • Supports onl TCP0IP • • • • SNMP" Supports ot&er protocols • Secure No securit Ne%er -ull implemented 3 .t&is7 SMNP" was de%eloped to allow t&e management o.de%ice suc& as routers7 access ser%ers7 switc&es7 *ridges7 &u*s7 IP telep&ones7 computer &osts7 and printers 4/ikepedia7 Simple Network management Protocol7 accessed April "#7 "##$52 Centrali9ed management s stems running on ser%ers gat&er in-ormation -rom managed de%ices and store t&ese in-ormation in a data*ase called management in-ormation *ase2 T&e data*ase can *e accessed to pro%ide statistics on t&e per-ormance o.management in-ormation and t&e a*ilit to allow more t&an one agent per de%ice2 Because it is more secure7 de%ices can *e monitored and con-igured remotel 2 Protocol • Ad%antages Part o.de%ices across networks t&at did not run TCP0IP7 to automaticall report alarms and pro%ide securit -or its transmissions2 SNMP" o--ers management s stem aut&entication7 encr ption o.t&e network2 Earlier %ersions o.

• Allows remote con-iguration 4 .

*Gect7 accessed April "#7 "##$52 (2 Management in-ormation *ase A management in-ormation *ase 4MIB5 is t&e data*ase used to manage t&e de%ices in a network2 It is a collection o.ut16en7 Address Translation ta*le 4like A3P ta*les5 called atTa*le 4/ikipedia7 Management In-ormation Base7 accessed April "#7 "##$5 5 .MIB o*Gects include: • • output =ueue lengt&7 w&ic& &as t&e name i-.Protocol <pdated SNMP • Ad%antages • Disad%antages No securit -eatures No remote con-iguration Not supported * standards Manu-acturers are o--ering t&eir own solutions Easier to implement t&an SNMP" due to t&e remo%al o. a so-tware module t&at can communicate wit& t&e SNMP manager2 Examples o.SNMP" • • SNMP) • • )2 Managed o*Gect In a network7 a managed o*Gect is an a*stract representation o.its use in management 4/ikipedia7 managed .network resources t&at are managed2 A managed o*Gect represents a p& sical entit 7 a network ser%ice7 or an a*straction o.a resource t&at exists independentl o.structured5 and entries are addressed t&roug& o*Gect identi-iers2 SNMP uses MIBs2 Components controlled * t&e management console need an SNMP agent .o*Gects in a data*ase used to manage entities suc& as routers and switc&es2 Data*ases are &ierarc&ical 4tree.securit -eatures ?as t&e securit o.

igure "282 TCP0IP stack on two &osts connected %ia two routers and t&e la ers used at eac& &op .data7 and pro%ides ser%es t&e upper la er protocols *ased on using ser%ices -rom some lower la ers2 <pper la er protocols are logicall closer to t&e user and deal wit& more a*stract data7 rel ing on lower la er protocols to translate data into -orms t&at can e%entuall *e p& sicall transmitted2 In general7 an application uses a set o.la ers2 Eac& la er sol%es pro*lems in t&e transmission o.protocols to send its data down t&e la ers7 *eing -urt&er encapsulated at eac& le%el 4/ikipedia7 Internet Protocol Suite7 accessed April "#7 "##$52 Figures /.A2 Network management protocol T&e Internet Protocol Suite7 also known as TCP0IP is t&e set o./ are examples s&owing two Internet &ost computers communicating across local network *oundaries constituted * t&eir internetworking gatewa s 4routers52 .and /.communications protocols used -or t&e Internet and ot&er similar networks2 T&e Internet Protocol ma *e %iewed as a set o.igure "2"2 Encapsulation o.application data mo%ing t&roug& t&e protocol stack2 6 ..

an one ser%er is unlikel to interrupt t&e w&ole s stem2 I.network -aults detected * network management tec&nologies .aults can occur eit&er in t&e source o.ailure o.-aults7 t&e s stem s&ould *e made redundant2 I.t&e -ailed ser%er can *e trans-erred to t&e ot&er ser%er7 as s&own in Figure /.t&is is not done7 t&e media distri*ution process is %ulnera*le to -ailure2 82 Downstream -aults .igure "2)2.ault tolerance using clustering "2 Securit -aults Access to t&e s stem * unaut&ori9ed persons7 can damage t&e content and t&e s stem2 Some content ma not &a%e %alue *ut ma contain sensiti%e in-ormation t&at must *e 7 .one ser%er stops7 t&e workload o.content to client7 suc& as -aults in distri*ution ser%ers or cac&e0prox ser%ers2 To minimi9e t&e risk o.one component7 suc& as a distri*ution ser%er7 can pre%ent clients -rom recei%ing t&e content t&e re=uested2 <sing multiple ser%ers to stream t&e same content7 called clustering7 reduces t&e risk o.t&e content7 suc& as an encoder or digital media li*rar or distri*ution o.interrupted ser%ice2 Clustering is a -ault tolerance tec&ni=ue *ecause reduced capacit or -ailure o.1 *elow2 ."2)2 Examples o.

nl persons directl in%ol%ed wit& t&e operation o.permissions w&ic& allow per-orming certain -unctions and ma pro&i*it t&e user -rom per-orming ot&ers2 . Aut(ori2ation2 A-ter identit &as *een esta*lis&ed7 it must meet certain criteria *e-ore t&e re=uestor can gain access to t&e restricted content2 . Firewalls2 .our network2 • %()si&al se&urit)2 All critical media storage and &ardware components s&ould *e &oused in a room t&at &as *een dedicated to t&at purpose2 . %ermissions2 Eac& permitted user will &a%e a speci-ic set o.protected against t&e-t2 6ocked doors and network -irewalls ma not *e ade=uate to keep out an intruder2 T&e securit o.irewalls are used to separate a proprietar network -rom t&e Internet7 *ut t&e can also *e used to pro%ide strict securit wit&in a network 4Microso-t Tec&net7 /indows Media Ser%ices Deplo ment Fuide52 8 .t&e s stem s&ould &a%e access2 Additional permissions suc& as card ke readers7 com*ination locks7 alarm s stems7 and closed circuit %ideo depend on t&e %alue o.a s stem and content is dependent upon two t&ings: 485 t&e p& sical securit o.monitored ports2 T&e -irewall can also pre%ent t&e t pe o.our data and our o%erall securit strateg 2 • Network se&urit)2 Network securit considers t&e -ollowing aspects: .in-ormation t&at can pass t&roug& t&e ports2 .irewalls pre%ent access to speci-ic7 closel .t&e s stem &ardware and storage and 4"5 t&e %irtual securit o. Aut(enti&ation2 Persons re=uesting access must &a%e t&eir credentials %eri-ied2 T&is process usuall in%ol%es logging a name and password2 .

pu*lic ke and pri%ate ke cr ptograp& T&e tec&ni=ue used in pu*lic ke .operations to compute and t&en %eri.777 up+to+date PCs and stating any other reasona'le assumptions you need to make. calculate how long it will take.pri%ate ke cr ptograp& is t&e use o. 1escri'e the se2uence of operations which must 'e undertaken to compute and then verify the digital signature of a long message.6 TEC?NI1<ES a.*0C) of a long message. 0ssuming that you have access to 67.sometimes referred to as a 'rute force attack). '. %3plain the comparative advantages and disadvantages of pu'lic key and private key cryptography.pu*lic ke and pri%ate ke cr ptograp& 7 t&e se=uence o. )282 Introduction T&is task discusses &ow long it takes to deri%e an AES ke using ke space searc&2 It also s&ows t&e ad%antages and disad%antages o. d.a long message2 )2"2 Time to deri%e an AES ke using ke space searc& T&e time it takes to *reak a 8"H. Compare and contrast digital signatures and *0Cs.*it AES ke is a*out 8#8) ears2 To c&eck all t&e "8"H 4)(#7"H"7)BB7$"#7$)H7(B)7(B)7)'(7B#'7()87'BH7"887(AB5 possi*ilities7 a de%ice t&at could c&eck a *illion *illion ke s 48#8H5 per second would need a*out 8#8) ears to ex&aust t&e ke space 4/ikipedia7 Brute -orce Attack7 accessed April "#7 "##$52 )2)2 Comparati%e ad%antages and disad%antages o. 1escri'e the se2uence of operations which must 'e undertaken to compute and then verify the message authentication code .e3cluding 0%!). to derive an 0%! key using a key space search . e. on average. c.as mmetric ke algorit&ms *ecause t&e ke used to encr pt a message is not t&e same as t&e ke used to decr pt it2 Eac& user &as a two cr ptograp&ic ke s . (or each cryptography type: name and give outline information for -N% common cipher .NT3.t&e digital signature and t&e message aut&entication code o.TASE )2 INTE3NET C. a pu'lic ke and a private ke 2 T&e pri%ate ke is con-idential7 w&ile t&e pu*lic ke is pu*licl known2 T&e recipientDs pu*lic ke is used to encr pt messages and can onl *e decr pted wit& t&e corresponding pri%ate ke 2 9 .

t&e use o.ke encr ption can *e likened to a locked mail*ox wit& a mail slot2 T&e mail slot is accessi*le to all: its location 4t&e street address5 is t&e pu*lic ke 2 An one w&o knows t&e address can go to t&e gate and drop a message t&roug& t&e slot2 ?owe%er7 onl t&e person w&o &as a correct ke can open t&e mail*ox and read t&e message2 Digital signatures can *e likened to t&e sealing o.t&e matc&ing pri%ate ke 2 T&is is used -or secrec 2 • Digital signatures I a message signed wit& a senderDs pri%ate ke can *e %eri-ied * an one w&o knows t&e senderDs pu*lic ke 7 pro%ing t&at t&e sender &ad access to t&e pri%ate ke and t&e message was not tampered2 Pu*lic.an en%elope wit& a personal wax seal2 T&e message can *e accessed * an one7 *ut t&e seal pro%es its aut&enticit 2 A pro*lem o.ke cr ptograp& is con-idence or proo.In contrast7 s mmetric ke algorit&ms use a single secret ke s&ared * sender and recei%er -or *ot& encr ption and decr ption2 To use s mmetric encr ption7 t&e sender and recei%er must s&are a secret ke in ad%ance2 82 Description T&e two main *ranc&es o.ke pairs2 Anot&er approac&7 is t&e Jwe* o.applications2 .t&e message7 and compares t&is &as& %alue wit& t&e signed &as& %alue to pro%e it was not tampered2 10 .owners&ip o.ke pairs2 All known pu*lic ke tec&ni=ues are more computationall intensi%e t&an t&eir secret.ke in-rastructure 4PEI57 w&ere one or more t&ird parties7 known as certi-icate aut&orities7 certi.t&at a pu*lic ke is correct7 *elongs to t&e person or entit claimed7 and &as not *een tampered or replaced * a t&ird part 2 T&e approac& to t&is pro*lem is to use a pu*lic.or digital signatures7 t&e sender &as&es t&e message and t&en signs t&e resulting J&as& %alueJ2 To %eri.trustJ met&od to ensure aut&enticit o.pu*lic.pu*lic ke cr ptograp& are: • Pu*lic ke encr ption I a message encr pted wit& a recipientDs pu*lic ke cannot *e decr pted * an one except a possessor o.t&e signature7 t&e recipient computes t&e &as& o.ke counterparts7 *ut can *e made -ast enoug& -or a wide %ariet o.

spoo-a*le digital certi-icate -or participants 4/ikipedia7 Pu*lic Ee Cr ptograp& 57 )2(2 ?ow to compute and %eri.pu*lic ke s is intercepted * a t&ird part and modi-ied to pro%ide di--erent pu*lic ke s instead2 T&is attack ma appear to *e di--icult to implement in practice7 *ut itDs not impossi*le w&en using insecure media suc& as pu*lic networks or wireless communications2 .time pad can *e pro%en to *e secure against an attacker7 no matter &ow muc& computing power is a%aila*le2 <n-ortunatel 7 all pu*lic.a message &as not *een c&anged2 ?owe%er7 t&ere are issues2 T&ese are: 11 .ing t&e identit o.a certi-icate aut&orit 7 a trusted t&ird part responsi*le -or %eri.a pu*lic ke encr ption s stem is con-identialit : a message w&ic& a sender encr pts using t&e recipientDs pu*lic ke can *e decr pted onl * t&e recipientDs paired pri%ate ke 2 To aut&enticate7 and maintain con-identialit 7 t&e sender -irst signs t&e message using &is pri%ate ke 7 t&en encr pts t&e message and signature using t&e recipientDs pu*lic ke 2 )2 /eaknesses Among s mmetric ke encr ption algorit&ms7 onl t&e one.ne wa to pre%ent suc& attacks is to use o.ke sc&emes are suscepti*le to *rute -orce ke searc& attack2 T&ese insecurities can *e a%oided * c&oosing large ke si9es so t&at it will takes a long time to *reak t&e code2 Anot&er securit %ulnera*ilit in using as mmetric ke s is t&e possi*ilit o.t&e s stem and issuing a tamper resistant and non.a man in t&e middle attack7 w&ere communication o.t&is7 message digests can *e used to c&eck i.long messages It is important to understand t&e meaning o.a user o.t&e message is c&anged t&e message digest would likewise c&ange2 Because o.digital signatures o."2 Securit T&e application o.%arious terms *e-ore discussing &ow to compute and %eri.digital signatures2 A message digest7 or &as&7 is a %alue o*tained on a message2 T&is message digest %alue is guaranteed to *e t&e same -or t&e same message2 I.

/ *elow2 .a message digest recei%ed is not encr pted2 T&e diagram s&ows t&at: 12 .igure )2"2 Message Digest Encr ption T&e -igure a*o%e indicates t&at t&e message digest must *e encr pted *e-ore it is sent to t&e recei%er2 T&e recei%er would reGect t&e message i.knowing i.ing messages7 we can encr pt t&e message digest7 as s&own in Figure 1.igure )282 Message digest computation process /e know t&at t&e main pro*lem in t&is sc&eme is t&at t&e attacker can easil alter t&e original message and rerun t&e same message digest algorit&m on t&e altered message2 T&is can lead to a modi-ied message digest7 t&us making it di--icult to catc& t&e attacker2 To pre%ent ot&ers -rom modi.t&is instruction is genuine2 Two issues need to *e addressed: message integrit and non.a &as&7 digital signatures can *e used to guarantee t&e %alidit omessage integrit and non.repudiation2 To sol%e t&e weakness o.*elow2 .a *ank recei%es an instruction to trans-er <SD87### -rom Account A to Account B7 t&e *ank &as no wa o.82 An attacker can c&ange *ot& t&e original message and t&e computed message digest2 T&ere-ore7 t&e recei%er &as no wa o.repudiation using t&e computation process s&own in Figure 1.t&e original message and t&e message digest &a%e not *een c&anged2 "2 A message digest does not pro%e t&at t&e message was sent * t&e sender and not * some*od else2 So7 i.knowing i.

repudiation 4t&e message is pro%en to *e sent * t&e sender7 since onl &e knows t&e pri%ate ke corresponding to t&is pu*lic ke 5 4Indict&reads2com7 /&at are digital signatures5 Figure 1.8 K MD.MD.a2 A genuine sender is a*le to per-orm t&is encr ption operation7 and a genuine recei%er is a*le to %eri."7 we ac&ie%e *ot& message integrit 4message &as not *een tampered wit&7 *ecause t&e attacker does not know t&e sender+s pri%ate ke 5 and non.1 s&ows t&is2 13 .pu*lic ke cr ptograp& 7 also called as as mmetric ke cr ptograp& 7 is used -or t&is purpose2 T&e idea is -or t&e sender and onl t&e sender knows a pri%ate ke 7 w&ic& can *e used to encr pt t&e message digest to produce t&e output as s&own in t&e earlier diagram2 T&e recei%er and no one else knows t&e sender+s pu*lic ke and use it to decr pt t&e message digest success-ull 2 T&us: a2 T&e sender would encr pt t&e message digest wit& a pri%ate ke 2 T&e sender must keep t&e pri%ate ke secret2 *2 T&e output is called as t&e digital signature -or t&is particular message2 c2 T&e sender sends t&e message and t&e digital signature to t&e recei%er2 d2 T&e recei%er %eri-ies t&e digital signature using t&e sender+s pu*lic ke 7 w&ic& is pu*licl known2 T&is s&ould gi%e t&e recei%er a message digest7 sa MD."2 I.82 e2 T&e recei%er also computes a new message digest on t&e original message7 sa MD.t&is encr ption: and *2 It would *e di--icult -or an attacker to encr pt2 /&ile an attacker would still *e a*le to compute t&e message digest7 &e must not *e a*le to encr pt t&e message digest2 T&e use o.

.igure )2)2 Digital Signature .HJ5: Signature sig K Signature2getInstance 4JMDAwit&3SAJ5: sig2initSign 4kp2getPri%ate455: sig2update 4*a5: * te NO signedData K sig2sign 45: 00 Displa plain text and signature S stem2out2println 4J. Process at Sender+s and 3ecei%er+s End T&e -ollowing is a sample program in !a%a7 w&ic& per-orms and %eri-ies digital signatures2 00 Compute and @eri.a Digital Signature00 /ritten * Atul Ea&ate import Ga%a2securit 2L: pu*lic class DigitalSignatureExample M pu*lic static -inal String str K JT&is is t&e message to *e digitall signed2 J: pu*lic static %oid main4StringNO args5 t&rows ExceptionM 00 Fenerate a 3SA ke pair S stem2out2println 4JAttempting to generate a ke pair 222J5: Ee PairFenerator kpg K Ee PairFenerator2getInstance 4J3SAJ5: kpg2initiali9e 48#"(5: Ee Pair kp K kpg2genEe Pair 45: S stem2out2println 4JEe pair generated success-ull 222J5: 00 Sign data * te NO *a K str2getB tes4J<T.riginal plain text was : J P str5: S stem2out2println 4JSignature is : J P new String 4signedData55: S stem2out2println 4JKKK Now tr ing to %eri.signature KKKJ5: 14 .

t&is7 digital signatures o--er non.repudiation o--ered * signatures2 An user w&o can %eri.3 *elow 15 .a message must &a%e ke s *e-ore initiating communications7 as in t&e case wit& s mmetric encr ption2 .4kp2getPu*lic455: sig2update 4*a5: *oolean isSign.in-ormation used to aut&enticate a message2 A MAC algorit&m7 sometimes called a ke)ed (as( fun&tion7 accepts a secret ke and a message to *e aut&enticated7 and outputs a MAC7 or called a tag2 T&e MAC %alue ensures integrit and aut&enticit -or messages * allowing %eri-iers to detect an c&anges2 /&ile MACs are similar to &as& -unctions7 t&e &a%e di--erent securit re=uirements2 To *e secure7 a MAC -unction must *e a*le to resist plaintext attacks2 T&is means t&at e%en i.k K sig2%eri.k5: QQ 4Atul Ea&ate7 !ul 887 "##'52 )2A2 ?ow to compute and %eri.a ke pair7 w&ic& is as mmetric encr ption2 Since t&is pri%ate ke is onl accessi*le to its &older7 a digital signature pro%es t&at a document is in -act signed * t&at &older2 Because o.t&e signature sig2init@eri.00 Now %eri.MACs o.n t&e ot&er &and7 a digital signature is generated using t&e pri%ate ke o.a MAC can also generate MACs -or ot&er messages2 .4signedData5: S stem2out2println 4JSignature %eri-ication results are: J P isSign.urt&ermore7 MACs cannot pro%ide non.long messages In cr ptograp& 7 a message aut(enti&ation &ode 4MAC5 is a s&ort piece o.repudiation 4/ikipedia7 Message Aut&entication Code7 accessed April "#2 "##$52 Example is s&own in Figure 1.an attacker &as access to a secret ke and generates MACs -or messages7 &e cannot guess t&e MAC -or messages t&at &as not et *een asked2 MACs di--er -rom digital signatures7 as MAC %alues are generated and %eri-ied using t&e same secret ke 2 T&is implies t&at t&e sender and recei%er o.

digital signatures and message aut&entication codes A digital signature is generated using t&e pri%ate ke o.Figure 1.t&e transmission t&roug& t&e same MAC algorit&m using t&e same ke 7 producing a second MAC data tag2 T&e recei%er t&en compares t&e -irst MAC tag recei%ed to t&e second MAC tag2 I.t&e are identical7 t&e recei%er can assume t&at t&e message &as integrit 7 and t&e message was not altered2 )2B2 Comparison o.repudiation properties2 Message aut&entication codes 4MAC5 %alues7 on t&e ot&er &and7 are generated and %eri-ied using t&e same secret ke 2 T&is means t&at t&e sender and recei%er o.3. Sending messages using MAB algorit(m In t&is example7 a sender runs a message t&roug& a MAC algorit&m to produce a MAC data tag2 T&e message and t&e MAC tag are t&en sent to t&e recei%er2 T&e recei%er t&en opens t&e message portion o.a message must agree on ke s *e-ore initiating communications7 as in t&e case wit& s mmetric encr ption2 16 .a ke pair7 w&ic& is as)mmetri& en&r)ption2 Since t&is pri%ate ke is onl known to its &older7 a digital signature pro%es t&at a document was in -act signed t&at &older2 T&us7 digital signatures pro%ide non.

generating MACs -or ot&er messages 4/ikipedia7 Message Aut&entication Code7 accessed April "#7 "##$52 17 .a MAC is also capa*le o.repudiation o--ered * digital signatures2 An user w&o can %eri.non.Compared to digital signatures7 MACs do not pro%ide t&e propert o.

congestion control in TCP Ta&oe2 T&ese are: • • • Additi%e increase7 multiplicati%e decrease Slow start . '.peration o.egas $CP algorithms. compare and contrast the $ahoe.3IT?MS In the conte3t of $CP congestion control: a.--icer7 introduced TCP Ta&oe in 8$HH. %3plain the operation of the $H&%% elements which make up the $CP congestion control algorithm.t&e elements o.ast retransmit2 82 Additi%e increase7 multiplicati%e decrease Eac& time a packet drop occurs7 window si9e is slas&ed in &al-2 A multiplicati%e decrease is executed2 Congestion is a%oided using multiplicati%e decrease2 18 .a TCP congestion control algorit&m Earl TCPs &ad weakness2 A maGor weakness is t&eir ina*ilit to connect data -low rates wit& congestion in t&e network2 T&e issues t&en were &ow to detect congestion7 and &ow to make -low rate relate to congestion le%el2 To address t&ese issues7 @an !aco*son7 -ormer Cisco c&ie.Tec&nical .8$H$2 @an !aco*son -ocused on congestion control as a means -or addressing t&e pro*lem o.TASE (2 TCP A6F.congestion in networks2 T&ere are t&ree elements o. #ith the aid of diagrams where appropriate. &eno and . (282 Introduction T&is task discusses TCP congestion control and -ocuses on t&ree algorit&ms7 namel TCP Ta&oe7 3eno and @egas2 (2"2 .

a slow start is to determine t&e a%aila*le capacit =uickl 2 To do t&is7 . . .or eac& 3TT7 congestion window is dou*led 4increment * 8 packet -or eac& ACE5 /&en congestion t&res&old is crossed7 additi%e increase is used2 19 ./&en no losses are o*ser%ed7 window si9e is increased graduall 2 An additi%e increase is executed2 T&e algorit&m -or additi%e increase and multiplicati%e de crease can *e descri*ed as -ollows: • • Increment congestion window * one packet per 3TT 4linear increase5 Di%ide congestion window * two w&ene%er a timeout occurs 4multiplicati%e decrease5 In practice7 increment a little -or eac& ACE2 Increment K 4MSSLMSS5  Congestion /indow Congestion /indow PK Increment "2 Slow Start T&e purpose o. . Estimate an optimistic congestion window using congestion t&res&old Congestion window starts wit& 8 packet .

last ack w&en a packet is recei%ed out o.order <se duplicate ACEs to trigger retransmission2 In using -ast reco%er in TCP 3eno7 slow start p&ase is skipped2 Instead7 t&e last success-ul congestion window is directl &al%ed2 20 .grain TCP timeouts lead to idle periods7 a -ast retransmit per-orms t&e -ollowing: • • • Send an ACE on e%er packet reception Send duplicate o.ast retransmit /&en coarse.Slow start is used w&en: • • .irst starting a connection7 and Connection goes dead waiting -or timeout )2 .

congestion control2 It predicts and a%oids congestions e%en *e-ore t&e occur2 21 .N A@.NFESTI.(2)2 Comparison o.upon a -ast retransmit Single packet drops can *e caug&t * t&e -ast retransmit0 -ast reco%er algorit&m Multiple consecuti%e packet drops will -orce t&e source into slow start2 C.start Source goes to slow start initiall and upon timeouts Source cuts congestion window in &al.IDANCE To a%oid congestion t&e TCP strateg controls congestion once it &appens: and repeatedl increase load in an e--ort to -ind t&e point at w&ic& congestion occurs7 and t&en *ack o--2 An alternati%e strateg -or congestion a%oidance is to predict w&en congestion is a*out to &appen7 t&en reduce rate *e-ore packets start *eing discarded TCP @EFAS TCP @egas adopts congestion a%oidance instead o.%arious TCP algorit&ms TCPs eit&er control congestion or a%oid congestion2 As discussed a*o%e7 TCP Ta&oe uses congestion control as its approac&2 In contrast7 two ot&er TCP t pes7 TCP 3eno and TCP @egas7 use congestion a%oidance as t&eir approac&2 TCP 3eno and its deri%ati%es toda use congestion a%oidance as -ollows: • • • • • Tr to a%oid -orcing t&e source to go to slow.

TCP Ta&oe and 3eno7 on t&e ot&er &and7 adopt congestion control2 It controls congestion a-ter it occurs2 To predict congestion7 TCP @egas permits t&e source to watc& -or some sign t&at t&e router+s =ueue is *uilding up w&ic& could lead to congestion2 In TCP @egas7 congestion can &appen w&en t&e 3TT grows and t&e sending rate -lattens2 Packet accumulation in t&e network can *e in-erred * monitoring 3TT and sending rate as s&own grap&icall *elow: 22 .

Two %ariations are o--ered * TCP Ta&oe and 3eno2 To a%oid congestion collapse7 TCP Ta&oe and TCP 3eno maintain a congestion window7 limiting t&e total num*er o.MM Computer Communication 3e%iew "A 485: 8A'C8H'2 Doi:8#288(A0"#A(('2"#A(B"52 In some implementations7 t&e initial sst&res& is large7 and so t&e -irst slow start usuall ends a-ter a loss2 ?owe%er7 sst&res& is updated at t&e end o.end2 T&is is somew&at similar to TCP+s sliding window used -or -low control2 TCP uses slow start to increase t&e congestion window a-ter a connection is initiali9ed and a-ter a timeout2 It starts wit& a window two times t&e maximum segment si9e 4MSS52 Alt&oug& t&e initial rate is low7 t&e rate o.an ACE times out7 slow start is used in t&e same manner as wit& Ta&oe2 In -ast reco%er 2 4TCP 3eno onl 5 TCP 3eno retransmits t&e missing packet t&at was signaled * ) duplicate ACEs7 and waits -or an acknowledgment o.t&e entire transmit window *e-ore returning to congestion a%oidance2 I.not acknowledged7 TCP 3eno experiences a timeout and enters a slow.to.eac& slow start7 and a--ects su*se=uent slow starts triggered * timeouts2 In congestion a%oidance7 t&e congestion window is additi%el increased * one MSS e%er round trip time2 /&en a packet is lost7 duplicate ACEs will *e recei%ed2 T&e *e&a%ior o.n t&e ot&er &and7 in TCP 3eno7 i.start2 .start state2 23 .t&ree duplicate ACEs are recei%ed 4i2e27 t&ree ACEs acknowledging t&e same packet7 w&ic& are not pigg *acked on data7 and do not c&ange t&e recei%erDs ad%ertised window57 3eno will &al%e t&e congestion window7 per-orm a J-ast retransmitJ7 and enter a p&ase called Slow Start2 I.Ta&oe and 3eno di--er in &ow t&e detect and react to packet loss2 In TCP Ta&oe7 loss is detected w&en a timeout expires *e-ore an ACE is recei%ed2 Ta&oe t&en reduces t&e congestion window to 8 MSS7 and reset to slow.increase is rapid: -or e%er packet acknowledged7 t&e congestion window increases * 8 MSS so t&at -or e%er round trip time 43TT57 t&e congestion window is dou*led2 /&en t&e congestion window exceeds a t&res&old ssthresh t&e algorit&m per-orms congestion a%oidance 4!aco*son7 @an7 8$$A52 Congestion A%oidance and Control7 ACM SIFC.unacknowledged packets t&at ma *e in transit end.

In a timeout7 *ot& algorit&ms reduce t&e congestion window to 8 MSS2 TCP @egas <ntil t&e mid.8$$#s7 all TCPs set timeouts and measured round.trip dela s *ased upon t&e last transmitted packet in t&e transmit *u--er2 6arr Peterson and 6awrence Brakmo introduced TCP @egas w&ere timeouts were set and round.trip dela s were measured -or e%er packet in t&e transmit *u--er2 Also7 TCP @egas uses additi%e increases and additi%e decreases in t&e congestion window2 24 .

EJ7 and a message o.a client and a ser%er2 A client is t&e end.dri%en d namic content reduces t&e e--ecti%eness o.data*ase.an ?TTP prox 7 reasons -or t&eir increased use7 and explains w& t&e use o.ielding7 et al27 Internet 3. %3plain with e3amples why the increased application of data'ase+driven dynamic we' content reduces the effectiveness of http pro3ies.user7 w&ile t&e ser%er is t&e we* site2 T&e client making a ?TTP re=uest is called a user agent2 T&e ser%er w&ic& sa%es or creates resources suc& as ?TM6 -iles and images is called t&e origin ser%er2 In *etween t&e user agent and origin ser%er are intermediaries7 suc& as proxies7 gatewa s7 and tunnels 4. 1etail three reasons for the recent increase in the deployment of http pro3ies on the Internet.unctions o. %3plain the function of an http pro3y .C "B8B7 section 82(7 3etrie%ed on !anuar "87 "##$52 /&en an ?TTP client starts a re=uest it esta*lis&es a Transmission Control Protocol 4TCP5 connection to a port on a &ost 4port H# * de-ault52 An ?TTP ser%er t&at port waits -or t&e client to send a re=uest message2 /&en a re=uest is recei%ed7 t&e ser%er sends *ack a status line7 suc& as J?TTP0828 "## . c.documents passing t&roug& t&e cac&e and making t&ese stored documents a%aila*le w&en su*se=uent re=uests -or t&e same documents are made wit&out &a%ing to again access t&e source2 T&is task descri*es t&e -unctions o.also known as a we' cache) and give an e3ample.?TTP proxies 4/ikipedia7 /e* Cac&e7 accessed April "#7 "##$52 A2"2 . A282 Introduction /e* cac&ing is storing we* documents suc& as ?TM6 pages and images in order to reduce *andwidt& usage7 ser%er load7 and percei%ed lag2 It increases processing speed * storing copies o.an ?TTP prox ?TTP is a re=uest0response standard o.its own7 t&e re=uested resource7 or an error message 4/ikipedia7 ?TTP7 accessed April "#7 "##$52 25 . '.TASE A2 T?E /EB CAC?E a.

Anon mous le%el .CES prox 7 an c&ains can *e made2 26 .ser%er know t&at a prox ser%er is used *ut does not re%eal t&e IP address o. Distorting le%el . ?ig& anon mit le%el C t&e do not let we* ser%ers know t&at a prox ser%er is *eing used7 including t&e IP address2 4&ttp prox ser%ers7 sta in%isi*le2com52 "2 ?TTP Prox C&aining ?TTP proxies can *e organi9ed into a c&ain and t&is impro%es anon mit on t&e Internet2 Ia corporate prox and Internet access is possi*le onl t&roug& it7 ou can *uild a c&ain *ased on t&e corporate prox : • I. Transparent le%el . unlike transparent and anon mous7 distorting prox ser%ers trans-er an IP address to a remote we* ser%er *ut s&ows a randoml generated IP address2 .?TTP proxies ?TTP prox ser%ers are popular *ecause it is used * man *rowsers and download managers2 T&e use o.t&e corporate prox is a S.t&e a*ilities o.man uses suc& as t&ose used in news media7 -inance organi9ations7 and searc& organi9ations2 An article on ?TTP in Sta in%isi*le2com descri*es ?TTP proxies as allowing working on t&e Internet wit& ?TTP and .a client2 T&e task o.?TTP proxies &a%e encouraged t&e de%elopment o.TP protocols2 ?TTP proxies stores in-ormation downloaded -rom t&e Internet t&en uses t&e prox as t&e source w&en su*se=uent searc&es are made2 Some o.?TTP proxies t&at encourages its use are as -ollows: 82 Anon mit o. t&ese prox ser%ers let a remote computer or a we*.?TTP Prox ?TTP prox ser%ers &a%e se%eral anon mit le%els2 T&ese are: .Internet access -or se%eral computers %ia a single connection2 .A2)2 3easons -or t&e increase in t&e use o. t&ese proxies are not anon mous2 T&e let we* ser%ers know t&at a prox ser%er is used and s&ow t&e IP address o.a client2 .suc& proxies is in-ormation cac&ing and support o.

dri%en d namic we* content reduces t&e e--ecti%eness o.&ttp proxies2 T&e reason -or t&is is t&e trans-er o.?TTP proxies in client ser%ers *ecause t&is -unction &as *een mo%ed -rom t&e client to t&e source site2 T&is means t&at ou &a%e a we* page t&at gra*s in-ormation -rom a data*ase and inserts t&at in-ormation into t&e we* page eac& time it is loaded2 I.?TTP proxies T&e increased use o.• i.proxies -rom t&e client to t&e we*site w&ere in-ormation is coming -rom2 Because t&e data*ase alread includes static in-ormation7 t&ere is %er little need -or a prox to reside in t&e client ser%er2 T&e increase in data*ase.t&e corporate prox is an ?TTP prox ou can create a c&ain using onl ?TTP and CFI proxies 4Sta in%isi*le2com07 ?TTP Prox Ser%ers52 A2(2 E--ecti%eness o.t&e use o.data*ase.dri%en we* sites in *anking ser%ices7 news organi9ations and similar sites &a%e reduced t&e e--ecti%eness o.t&e in-ormation in t&e data*ase c&anges7 t&e we* page also c&ange accordingl wit&out &uman inter%ention2 T&is is seen on online *anking sites w&ere ou log in and c&eck our *ank account *alance2 Rour *ank account in-ormation is stored in a data*ase and &as *een connected to t&e we* page wit& programming t&us ena*ling ou to see our *anking in-ormation 4Eillersites2com7 accessed April "#7 "##$52 27 .

March 11.. 2003 &ttp:00www2securit -ocus2com0in-ocus08B'( &ttp:00www2iss2net0Industr 0educationalTinstitutions0index2&tml &ttp:00*urks2*ton2ac2uk0*urks0pcin-o0&ardware0et&ernet0managed2&tm Networkdictionar 2com7 Network Management Tec&nologies7 &ttp:00www2networkdictionar 2com0networking0NetworkManagementTec&nologies2p&p 28 .Ser%ice Attacks7 Part 8 &ttp:00www2securit -ocus2com0in-ocus08HA) Atul Ea&ate7 !ul 887 "##'7 /&at are Digital SignaturesS Compute and @eri. IP Spoofing: An Introduction.and.Ga%a0 Clemm7 A27 Network Management .signatures.%eri.us0li*rar 0cc'"B#)"2aspx Tanase.undamentals7 CiscoPress7 "##B &ttp:00en2wikipedia2org0wiki0SimpleTNetworkTManagementTProtocol Danc&o Danc&e%0 !anuar '7 "##A0 Passwords .-.ing Denial.C "B8B7 section 82(7 &ttp:00en2wikipedia2org0wiki0?TTP !aco*son7 @an78$$A7 Congestion A%oidance and Control7 ACM SIFC.digital.using.. Common Attacks and Possi*le Solutions &ttp:00www2windowsecurit 2com0articles0Passwords. signature.MM Computer Communication 3e%iew "A 485: 8A'C8H'2 doi:8#288(A0"#A(('2"#A(B"2 &ttp:00ee2l*l2go%0papers0conga%oid2pd-2 Microso-t Tec&net7 /indows Media Ser%ices Deplo ment Fuide7 &ttp:00tec&net2microso-t2com0en.ielding7 et al27 Internet 3.Attacks.digital.a.compute.a Digital Signature <sing !a%a7 &ttp:00www2indict&reads2com08(H#0w&at.B2 3E.are.E3ENCES A*&is&ek Sing&7 CISSP7 Decem*er 8(7 "##A7 Dem sti.Solutions2&tml . Matt&ew .

*Gects &ttp:00en2wikipedia2org0wiki0ManagedTo*Gect /ikipedia7 Management In-ormation Base7 &ttp:00en2wikipedia2org0wiki0ManagementTIn-ormationTBase /ikipedia7 Network Management7 &ttp:00en2wikipedia2org0wiki0NetworkTmanagement /ikipedia7 Pu*lic Ee Cr ptograp& &ttp:00en2wikipedia2org0wiki0Pu*lic.orce Attac&7 &ttp:00en2wikipedia2org0wiki0BruteT-orceTattack /ikipedia7 Internet Protocol Suite7 &ttp:00en2wikipedia2org0wiki0InternetTprotocolTsuite /ikipedia7 Managed .us0li*rar 0cc'"B#)"2aspx /ikipedia7 Message Aut&entication Code &ttp:00en2wikipedia2org0wiki0MessageTaut&enticationTcode /ikipedia7 TCP Congestion A%oidance Algorit&m+ &ttp:00en2wikipedia2org0wiki0TCPTcongestionTa%oidanceTalgorit&m /ikipedia7 /e* Cac&e7 &ttp:00en2wikipedia2org0wiki0/e*Tcac&e &ttp:00www2sta in%isi*le2com0prox Tenc clopedia0&ttpTprox Tser%ers2&tml 29 ./ikipedia7 Brute .ke Tcr ptograp& /ikipedia7 Simple Network Management Protocol7 &ttp:00en2wikipedia2org0wiki0SimpleTNetworkTManagementTProtocol /ikipedia7 Management In-ormation Base7 &ttp:00en2wikipedia2org0wiki0ManagementTIn-ormationTBase &ttp:00tec&net2microso-t2com0en.

BH#B8".Ta&oe7 3eno and SACE TCPJ 4PostScript57 Computer Communications 3e%iew7 -tp:00-tp2ee2l*l2go%0papers0sacks2ps2U2 !aco*son7 @an 48$$A57 Congestion A%oidance and Control7 ACM SIFC.V2 3a*ino%ic&7 Mic&ael and Spatsc&ak7 .)2 30 .A)B.#2 Duane /essels7 /e* Cac&ing 4.all7 Ee%in: Sall .B8A'#.lo d 4!ul 8$$B57 Simulation.F3AP?R .&ttp:00www2killersites2com0articles0articlesTdata*aseDri%enSites2&tm '2 BIB6I.ABA$".*ased Comparisons o.red B Sc&neider7 ?as&es and Message Digests7 Cornell <ni%ersit ."#8.MM Computer Communication 3e%iew "A 485: 8A'C8H'2 doi:8#288(A0"#A(('2"#A(B"7 &ttp:00ee2l*l2go%0papers0conga%oid2pd-2 Ari 6uotonen7 /e* Prox Ser%ers 4Prentice ?all7 8$$'57 ISBN #.li%er7 /e* Cac&ing and 3eplication 4Addison /esle 7 "##857 ISBN #.D3eill and Associates7 "##857 ISBN 8.8).