Transcript Document
Designing Manageable Protocols Andrew Cormack Chief Security Adviser UKERNA TERENA Networking Conference, 2003 ©The JNT Association, 2003 Why Manage Networks? Networks have production uses Teaching, assessment, administration, video conferencing, … Time-critical, bandwidth-criticial, reliability-critical Bandwidth is finite Some things are more important than others Different priorities in different organisations Important things should have priority Helps if priorities are written down! TERENA Networking Conference, 2003 ©The JNT Association, 2003 Management Tools? Manager told – “Service X is important” Manager sees – IP packets Packets have Source & destination address Source & destination port Initial TCP packet has a direction How to map packets to services? Need help from protocol design TERENA Networking Conference, 2003 ©The JNT Association, 2003 Management Requirements Identifiable Services give rise to recognisable network flows Controllable Services can be permitted on some network segments Services can be denied from some network segments Non-hazardous My use of a service must not be a hazard to others My use of a service should not be a hazard to me TERENA Networking Conference, 2003 ©The JNT Association, 2003 Management Assumptions Least-worst assumptions Port number identifies service • E.g. port 80 = web IP address(es) identify location on network Source is client; destination is server [TCP only] Dangerous assumptions IP address identifies person Port <1024 means trusted TERENA Networking Conference, 2003 ©The JNT Association, 2003 Case Studies – HTTP I [ C[ H[ I [ C[ H? ? 80 www.site ? TERENA Networking Conference, 2003 ©The JNT Association, 2003 Case Studies – FTP I [ C[ H? I ? C[ Hx ? 21 ftp.site ? ? TERENA Networking Conference, 2003 20 ©The JNT Association, 2003 Case Studies – passive FTP Ix Cx H[ Ix Cx Hx ? 21 ftp.site ? ? TERENA Networking Conference, 2003 ? ©The JNT Association, 2003 Case Studies – P2P (Napster) Ix Cx Hx Ix Cx Hx 6697-6701 + more ? Variable UDP ports ? 4444-8888 64.124.41/24 TERENA Networking Conference, 2003 ©The JNT Association, 2003 Future developments Dynamic address allocation DHCP or NAT Must align address allocation with managed groups IP version 6 Little change to manageability Port numbers may be buried in a chain of headers Encryption may make application layer invisible Mobility is extreme dynamic address allocation TERENA Networking Conference, 2003 ©The JNT Association, 2003 Conclusion: Protocols need Identifiable traffic flows Well defined, appropriate use of reserved ports Clarity over relationship between hosts Direction of initiation must be apparent Support for layered protection Expect to meet firewalls; work with proxies Application proxies may be only option TERENA Networking Conference, 2003 ©The JNT Association, 2003 Give managers options YES/NO is not enough TERENA Networking Conference, 2003 ©The JNT Association, 2003 TERENA Networking Conference, 2003 ©The JNT Association, 2003