Communication Networks and Services Research Conference

Secure Communication in Next Generation Internet

Nauman Aslam and William Robertson
Department of Engineering Mathematics and Internetworking, Dalhousie University, Halifax Nova Scotia, Canada, B3J-2X4
[naslam, bill.robertson]@dal.ca

In recent years, Network Security has emerged as one of the most important challenge for many organizations. The enormous proliferation of the Internet and emergence of unified data, voice and multimedia services are responsible for emerging communication models that are essential for successful business activity of any organization. However, the increasing numbers of sophisticated security threats have the potential to significantly impede productivity, disrupt business operations and result in loss of information. Therefore maintaining a secure network remains the top priority for most organizations. The aim of this tutorial is to discuss the major security issues faced by network managers and the solutions currently employed. Todays networks are subject to attack from a number of sources including packet sniffers, IP spoofing, Denial of Service (DoS), spam, viruses, trojans and worms. To combat such problems, network security professionals are always looking for novel solutions to provide ultimate protection. Among such solutions are the Intrusion-prevention Systems (IPS) that have the ability to accurately identify, classify, and stop malicious traffic, including worms, spyware, adware, network viruses, and application abuse, before they affect business resiliency. The IPSs can be divided into two categories: host-based systems that protect individual computer systems such as PCs and servers; and network-based systems which protect traffic from attacks. The host-based IPS relies on the software agents installed directly on the system being protected. It interacts with the operating system to closely monitor and prevent any attacks. The networkbased IPS combines the features of a Firewall and Intrusion detection system (IDS). The IPS relies on sophisticated techniques such as utilizing attack and vulnerability signatures that allows systems to learn normal network and application behaviors and blocks any suspicious activity. The workshop will review the development and evaluation of a network security policy and practices in securing network infrastructure. The workshop will be delivered in three modules. The first module will provide an overview of the basic security concepts and

technologies. The discussion will focus on topics including security threats, system vulnerabilities, essential technologies and modern defenses such as authentication, cryptography, encryption, digital certificates that are vital in maintaining network integrity. In the second module, practical implementation issues, security designs, defense architecture, systems and methodologies will be discussed. A detailed discussion on various design and implementation strategies of the network security appliances will be presented. Finally, the third module will consist of hands on exercise with state-of-the-art equipment including Cisco PIX Firewalls, Cisco 6509 Firewall Services Module (FWSM) and IDS Sensor Appliance. A representative network consisting of the latest security devices is illustrated in Figure 1.

Figure 1: A Representative Network for Testing Security Policy

978-0-7695-3135-9/08 $25.00 2008 IEEE DOI 10.1109/CNSR.2008.97

Authorized licensed use limited to: Swami Ramananda Tirtha Inst of Sci and Tech. Downloaded on December 9, 2008 at 06:51 from IEEE Xplore. Restrictions apply.

About the Presenters

Nauman Aslam received a B.Sc. (Eng.) degree from the University of Engineering and Technology, Lahore, Pakistan, in 1994 and a Masters of Engineering degree in Internetworking from Dalhousie University, Halifax, NS, Canada, in 2003. He is currently working toward his Ph.D. degree at Dalhousie University. He is currently a Research Assistant/Laboratory Coordinator for the Internetworking Program at Dalhousie University. Nauman was actively involved in design and commissioning of the Advanced Internetworking Laboratory (AIL) at Dalhousie University. He has several years of experience in design, implementation and trouble shooting of networks. His credentials include Cisco Certified Instructor and other certifications. More information can be obtained at: http://myweb.dal.ca/naslam Dr. W. Robertson is the Director of the successful Master of Engineering in Internetworking Program of Dalhousie University which was established in 1997. Dr Robertson received his B.Sc. (Eng. Hons.) degree and M.Sc. (Eng.) degree from Aberdeen University, Scotland, U.K., both in 1967, and his Ph.D. degree from the Technical University of Nova Scotia [(TUNS), now Dalhousie University], Halifax, NS, Canada, in 1986. Since 1983, he has held various positions at TUNS and Dalhousie University. His current research interests include wireless mobility Quality of Service, Network Security, and Wireless Sensor Networks. More information can be obtained at: http://www.dal.ca/~billr/.

Authorized licensed use limited to: Swami Ramananda Tirtha Inst of Sci and Tech. Downloaded on December 9, 2008 at 06:51 from IEEE Xplore. Restrictions apply.