ATM Firewall Routers with Black Lists Hwajung LEE The George Washington University School of...
-
Upload
mateo-derrick -
Category
Documents
-
view
213 -
download
0
Transcript of ATM Firewall Routers with Black Lists Hwajung LEE The George Washington University School of...
![Page 1: ATM Firewall Routers with Black Lists Hwajung LEE The George Washington University School of Engineering and Applied Science Electrical Engineering and.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518d0cc550346a61f8b5cac/html5/thumbnails/1.jpg)
ATM Firewall Routers with Black Lists
Hwajung LEE
The George Washington University
School of Engineering and Applied Science
Electrical Engineering and Computer Science
Computer and Communications Security
![Page 2: ATM Firewall Routers with Black Lists Hwajung LEE The George Washington University School of Engineering and Applied Science Electrical Engineering and.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518d0cc550346a61f8b5cac/html5/thumbnails/2.jpg)
2
Overview of Firewalls
HOST
Router
HOSTFirewall
<Figure 1> Overview of Firewalls
![Page 3: ATM Firewall Routers with Black Lists Hwajung LEE The George Washington University School of Engineering and Applied Science Electrical Engineering and.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518d0cc550346a61f8b5cac/html5/thumbnails/3.jpg)
3
Overview of Firewalls
Physica l F irewall C om ponents
C ircuit-level G ateways(C ircuit-level P roxies)
Packet F ilters Application G ateways
F irewalls
![Page 4: ATM Firewall Routers with Black Lists Hwajung LEE The George Washington University School of Engineering and Applied Science Electrical Engineering and.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518d0cc550346a61f8b5cac/html5/thumbnails/4.jpg)
4
Overview of ATM
OSI Layer ATM Layer
ConvergencesublayerNetwork layer
/Transport layerATM Adaptation
Segmentation andreassembly sublayer
Data Link layer/Network layer
ATM
Data LinkTransmission
convergence sublayer
PhysicalPhysical
Physical mediumdependent sublayer
<TABLE 1> ATM layers and sublayers
![Page 5: ATM Firewall Routers with Black Lists Hwajung LEE The George Washington University School of Engineering and Applied Science Electrical Engineering and.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518d0cc550346a61f8b5cac/html5/thumbnails/5.jpg)
5
Overview of ATM
• ATM (Asynchronous Transfer Mode)
• ATM cells– Fixed-size packets
• Cell Switching (Connection-Oriented)– cf. Circuit Switching, Packet Switching
5Byte Header 48 Byte Payload
![Page 6: ATM Firewall Routers with Black Lists Hwajung LEE The George Washington University School of Engineering and Applied Science Electrical Engineering and.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518d0cc550346a61f8b5cac/html5/thumbnails/6.jpg)
6
ATM Routing
Physical Layer
Router
Application Layer
AAL
ATM
Physical Layer
Host A
Application Layer
AAL
ATM
Physical Layer
Host B
ATM
AAL
![Page 7: ATM Firewall Routers with Black Lists Hwajung LEE The George Washington University School of Engineering and Applied Science Electrical Engineering and.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518d0cc550346a61f8b5cac/html5/thumbnails/7.jpg)
7
ATM Firewall Routers with Black Lists
• ATM (Asynchronous Transfer Mode)
• Basic Concepts
– High Speed : 155.52Mbps, 622Mbps
– If firewalls protect a host or domain,
firewalls can be a bottleneck.
=> Each Router shares firewall loads
![Page 8: ATM Firewall Routers with Black Lists Hwajung LEE The George Washington University School of Engineering and Applied Science Electrical Engineering and.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518d0cc550346a61f8b5cac/html5/thumbnails/8.jpg)
8
ATM Firewall Routers with Black Lists
• Basic Concepts : ATM Signalling
(ITU-T Q.2931)
<Step 1> Connection SETUP * With Source Address, Destination Address
<Step 2> Communicate
<Step 3> Connection RELEASE
![Page 9: ATM Firewall Routers with Black Lists Hwajung LEE The George Washington University School of Engineering and Applied Science Electrical Engineering and.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518d0cc550346a61f8b5cac/html5/thumbnails/9.jpg)
9
ATM Firewall Routers with Black Lists
• Basic Concepts : ATM Addressing – CCITT (now ITU-T) E.164
NDC : National destination code
N(s)N : National (significant) number
SA : Sub-address
SN : Subscriber number
<Figure 2> E.164
=> Hierarchical Topology
NDC S N SA
N(s)N
![Page 10: ATM Firewall Routers with Black Lists Hwajung LEE The George Washington University School of Engineering and Applied Science Electrical Engineering and.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518d0cc550346a61f8b5cac/html5/thumbnails/10.jpg)
10
ATM Firewall Routers with Black Lists
<Figure 3>Logical ATM Topology based on CCITT(now ITU-T) E.164
Firewall Routers
Host
HOST A HOST B
FR 2FR 3
FR 1
Domain CDomain D
![Page 11: ATM Firewall Routers with Black Lists Hwajung LEE The George Washington University School of Engineering and Applied Science Electrical Engineering and.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518d0cc550346a61f8b5cac/html5/thumbnails/11.jpg)
11
ATM Firewall Routers with Black Lists
• Black List Cells (based on Q.2931)
• Black List CAMs (Content Addressable Memory)
Black List Destination Address Source Address
(Message Type)
Source AddressDestination Address
Why CAM? For speed up.
![Page 12: ATM Firewall Routers with Black Lists Hwajung LEE The George Washington University School of Engineering and Applied Science Electrical Engineering and.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518d0cc550346a61f8b5cac/html5/thumbnails/12.jpg)
12
ATM Firewall Routers with Black Lists
Black List Cells
Black List CAMs
Black List Destination Address Source Address
Source Address Destination Address
![Page 13: ATM Firewall Routers with Black Lists Hwajung LEE The George Washington University School of Engineering and Applied Science Electrical Engineering and.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518d0cc550346a61f8b5cac/html5/thumbnails/13.jpg)
13
ATM Firewall Routers with Black Lists
• Scenario 1– Protected Host A, Unauthorized Host B
• Scenario2– Protected Host A, Unauthorized Domain C
• Scenario 3– Protected Domain D, Unauthorized Domain C
![Page 14: ATM Firewall Routers with Black Lists Hwajung LEE The George Washington University School of Engineering and Applied Science Electrical Engineering and.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518d0cc550346a61f8b5cac/html5/thumbnails/14.jpg)
14
ATM Firewall Routers with Black Lists
Scenario 1 : Protected Host A, Unauthorized Host B
1. Host A sends a Black List Cell to FR 1
2. FR 1 saves it to its Black List CAM
3. Host B requests a Call SETUP to Host A
4. FR 1 receives it & Searches its Black List CAM
If exists -> Discards the Call SETUP Message
& Sends an Alarm Signals to Host A
Else -> Passes the Call SETUP Message
![Page 15: ATM Firewall Routers with Black Lists Hwajung LEE The George Washington University School of Engineering and Applied Science Electrical Engineering and.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518d0cc550346a61f8b5cac/html5/thumbnails/15.jpg)
15
ATM Firewall Routers with Black Lists
Scenario 2 : Protected Host A, Unauthorized Domain C
1. Host A sends a Black List Cell to FR 2
2. FR 2 saves it to its Black List CAM
3. Host in Domain C requests a Call SETUP to Host A
4. FR 1 receives it & Searches its Black List CAM
If exists -> Discards the Call SETUP Message
& Sends an Alarm Signal to Host A
Else -> Passes the Call SETUP Message
![Page 16: ATM Firewall Routers with Black Lists Hwajung LEE The George Washington University School of Engineering and Applied Science Electrical Engineering and.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518d0cc550346a61f8b5cac/html5/thumbnails/16.jpg)
16
ATM Firewall Routers with Black Lists
Scenario 2 : Protected Host A, Unauthorized Domain C
5. FR 2 receives it & Searches its Black List CAM
If exists -> Discards the Call SETUP Message
& Sends an Alarm Signal to Host A
Else -> Passes the Call SETUP Message
![Page 17: ATM Firewall Routers with Black Lists Hwajung LEE The George Washington University School of Engineering and Applied Science Electrical Engineering and.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518d0cc550346a61f8b5cac/html5/thumbnails/17.jpg)
17
ATM Firewall Routers with Black Lists
Scenario 3 : Protected Domain A, Unauthorized Domain C
1. Host A sends a Black List Cell to FR 2
2. FR 2 saves it to its Black List CAM
3. Host in Domain C requests a Call SETUP to Host in Domain A
4. FR 1 receives it & Searches its Black List CAM
If exists -> Discards the Call SETUP Message
& Sends an Alarm Signal to Host A
Else -> Passes the Call SETUP Message
![Page 18: ATM Firewall Routers with Black Lists Hwajung LEE The George Washington University School of Engineering and Applied Science Electrical Engineering and.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518d0cc550346a61f8b5cac/html5/thumbnails/18.jpg)
18
ATM Firewall Routers with Black Lists
Scenario 2 : Protected Host A, Unauthorized Domain C
5. FR 2 receives it & Searches its Black List CAM
If exists -> Discards the Call SETUP Message
& Sends an Alarm Signal to Host A
Else -> Passes the Call SETUP Message
![Page 19: ATM Firewall Routers with Black Lists Hwajung LEE The George Washington University School of Engineering and Applied Science Electrical Engineering and.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518d0cc550346a61f8b5cac/html5/thumbnails/19.jpg)
19
ATM Firewall Routers with Black Lists
Give Authority to unauthorized Party
Scenario 4 : Protected Host A, Unauthorized Host B
1. Host A sends a Permit Cell to FR 1
2. FR 1 saves it to its Black List CAM
![Page 20: ATM Firewall Routers with Black Lists Hwajung LEE The George Washington University School of Engineering and Applied Science Electrical Engineering and.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518d0cc550346a61f8b5cac/html5/thumbnails/20.jpg)
20
ATM Firewall Routers with Black Lists
Scenario 2 : Protected HOST A, Unauthorized Domain C
Black List
Destination Address
Source Address~.~.*.*(Message Type)
Scenario 3 : Protected Domain D, Unauthorized Domain C
Black List
Destination Address Source Address
~.~.*.* ~.~.*.*(Message Type)
• Black List Cells
![Page 21: ATM Firewall Routers with Black Lists Hwajung LEE The George Washington University School of Engineering and Applied Science Electrical Engineering and.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518d0cc550346a61f8b5cac/html5/thumbnails/21.jpg)
21
Conclusions
• Advantages
– Domain Protection & Host Protection– Alarm Signals– Low Overheads (Time Delays, Traffic Loads)– Strong Protection
with List of Authorized User Cells,
List of Authorized User CAMs
![Page 22: ATM Firewall Routers with Black Lists Hwajung LEE The George Washington University School of Engineering and Applied Science Electrical Engineering and.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518d0cc550346a61f8b5cac/html5/thumbnails/22.jpg)
22
Conclusions
• Disadvantages– Fake Black List Cells
Common problems of Network Management Signals
• Future Works– How to prevent Fake Black List Cells
![Page 23: ATM Firewall Routers with Black Lists Hwajung LEE The George Washington University School of Engineering and Applied Science Electrical Engineering and.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518d0cc550346a61f8b5cac/html5/thumbnails/23.jpg)
23
The End
Thank you.