ip buffer with http
play

ip.buffer with HTTP New features! Great for Managed Services! - PowerPoint PPT Presentation

Aug 17, 2022 •580 likes •900 views

ip.buffer with HTTP New features! Great for Managed Services! Legacy Out Firewall issues Server not easily scaled Non transactional Duplicate data on failure Legacy In Port forwarding VPN black holes

  1. ip.buffer with HTTP ● New features! ● Great for Managed Services!

  2. Legacy Out ● Firewall issues ● Server not easily scaled ● Non transactional ● Duplicate data on failure

  3. Legacy In ● Port forwarding ● VPN “black holes” ● “Unfriendly” for IT! ● Security worries

  4. HTTP ● Single socket ● Out bound, port 80/443 ● IT department “friendly” ● Known technology

  5. Web browsing ● Simple browsing ● IT “friendly” ● Transactional - no duplicates ● Extendible with server-side scripting

  6. Security ● Strong encryption ● Industry standard SSL/TLS ● No eavesdropping

  7. Verification ● SSL certificates ● Locked to your server ● Cannot be misdirected

  8. Redirection #1 ● Buffer contacts: ● http://www.company.com/... ● Doesn't get data, but... ● Main web site redirects...

  9. Redirection #2 ● ...to ADSL ● Can relocate easily ● e.g. Change to hosted ● Just change redirection! ● Immediate effect

  10. Scalable #1 ● Main web site ● redirects to many...

  11. Scalable #2 ● ...ADSL servers ● Options: ● Load balancing ● Separate customers ● etc

  12. Central Updates ● Daily contact ● Uses plain http/https ● Web server script checks...

  13. Central Updates ● ...and delivers ● No extra sockets! ● Everything: ● Firmware, Scripts, Configuration, Time sync, etc

  14. Extendible ● “Glue” to anything ● All within server script

  15. Scannex Package ● Reference source code ● License models: ● Single site ● Distribution (no royalties!) ● Developer integration support

  16. ip.buffer with HTTP ● New features! ● Great for Managed Services! 1 This short presentation outlines the HTTP/web delivery mechanism for the ip.buffer. The new HTTP features of firmware 2.50 are covered as well. Scannex have designed technology that makes it much easier for managed service companies to deploy and manage ip.buffers on site.

  17. Legacy Out ● Firewall issues ● Server not easily scaled ● Non transactional ● Duplicate data on failure 2 Using FTP-push, SFTP-push, etc will often result in firewall issues on site. IT departments are wary of FTP – perhaps thinking their files can be “leeched”. They are also cautious of email – requiring that all emails go through their own servers (which results in delays etc). At the server-end it is not easily scalable. Supporting 10x, or 100x the number of sites can be problematic. Finally, the servers are usually not transactional. That is, if a transfer fails half way through (because of a network/ADSL issue) the server will have duplicate data when the transfer succeeds. Adding transactional capabilities to the server is possible, but impractical.

  18. Legacy In ● Port forwarding ● VPN “black holes” ● “Unfriendly” for IT! ● Security worries 3 T o allow the central server to access the buffers remotely requires a “port forwarding” rule to be added to the company firewall. IT departments are often unwilling to provide such port forwarding rules! Additionally, using standard inbound ports such as FTP, SSH, T elnet makes the firewall a “honey-trap” target for hackers who will try and hack their way in.

  19. HTTP ● Single socket ● Out bound, port 80/443 ● IT department “friendly” ● Known technology 4 The ip.buffer adds a new delivery mechanism – HTTP-push. In this method there is a single out-bound socket (usually on port 80 or 443) that goes directly to the central system. For the customer's IT department the traffic is a known technology, and negotiating such traffic is easier. For the server, you can use an industry standard web- server – such as Microsoft IIS (even the version included in Windows XP Pro, etc)

  20. Web browsing ● Simple browsing ● IT “friendly” ● Transactional - no duplicates ● Extendible with server-side scripting 5 The ip.buffer looks like a regular, ubiquitous, web-browser to the IT department's perimeter hardware. They can manage and monitor the traffic using their standard tools. Unlike a desktop PC, the ip.buffer uses a very tough operating system – Green Hills INTEGRITY . Along with careful coding the ip.buffer is immune to viruses, phishing attacks, and malware. As a natural side effect of using HTTP along with a standard web-server the system is transactional. The script running at the web-server can ensure that no partial data is left when a transaction fails. Web-server scripting skills are commonly available – most CDR management software companies already use a web-server for delivery of reports. Consequently, extending the functionality is simple (more on this later).

  21. Security ● Strong encryption ● Industry standard SSL/TLS ● No eavesdropping 6 Using HTTPS allows very strong encryption to be used – the same encryption technology used daily in online banking! All traffic between the ip.buffer and the central web-server is protected. No one can eavesdrop.

  22. Verification ● SSL certificates ● Locked to your server ● Cannot be misdirected 7 HTTPS also includes the use of SSL certificates. (Note: You do not have to purchase a commercial certificate. A 'self- signed' certificate is perfectly adequate, and free to do.) The ip.buffer can also be “locked” to your particular server(s). When the session starts, the ip.buffer will check the certificate's 'fingerprint' and shut the connection if the certificate is not an approved one. Consequently, it is not possible to intercept and redirect the encrypted traffic – the data cannot be delivered into the wrong hands! (Note: SSL features are available in the SSL-enabled firmware. The firmware is freely available from Scannex, but not all countries freely allow the import/export/use of encryption technology!)

  23. Redirection #1 ● Buffer contacts: ● http://www.company.com/... ● Doesn't get data, but... ● Main web site redirects... 8 The HTTP protocol also includes powerful redirection capabilities. This feature allows the whole system to be upgraded, scaled-up, or migrated to another site with ease. The ip.buffer is programmed with your main, “always-on” web server address. You can use the main web-server as a redirection tool. When the ip.buffer contacts your main site, the web-server checks the details of the buffer (name & serial number) and says “Don't talk to me. Please send a new request over there.” The ip.buffer gets the redirection message and...

  24. Redirection #2 ● ...to ADSL ● Can relocate easily ● e.g. Change to hosted ● Just change redirection! ● Immediate effect 9 ...can then connect directly to a static IP address on ADSL (for example). If you find you have to switch ISPs, you just set up your new server, reprogram the redirect on the main server and all the traffic will go to the new server! Additionally, if you find your business grows unexpectedly, you can shift your data web-server to a hosted environment (running directly on an Internet back-bone for example). Again, just reprogram the redirect on the main server and the new server “goes live” immediately – without reprogramming any ip.buffers!

  25. Scalable #1 ● Main web site ● redirects to many... 10 The redirection mechanism can also be used to provide load-balancing or clustering arrangements. In this example, the main web server will redirect to more than one IP address, perhaps sequencing through the set in a “round-robin” fashion to split the load on the ADSL lines. Note: Other industry-standard HTTP clustering and load- balancing mechanisms can also be used as well!

  26. Scalable #2 ● ...ADSL servers ● Options: ● Load balancing ● Separate customers ● etc 11 The ip.buffer will be redirected to one of the many central web-servers. Since the main web-server receives the name and serial- number of the ip.buffer before it issues the redirect, you can implement several other techniques. For example, you could assign one physical server to handle traffic for just one customer. The main web- server can direct based on serial-number, or incoming URL. You can even provide redirection back into the customer's own network – for example to an IP address within the customer's network. With the redirection mechanism you can easily switch their traffic to another server as needed – whether for maintenance or payment purposes!

  27. Central Updates ● Daily contact ● Uses plain http/https ● Web server script checks... 12 Rather than using VPN or other in-bound accesses to manage the remote buffers, the ip.buffer uses the standard HTTP mechanism to obtain updates. Whenever the ip.buffer is powered up, and on a daily basis, the buffer will contact the central server and request any updates. (The check-on-power-up allows for someone on site to simply power cycle the buffer to get it to contact for an update check!) The script on the web-server can check against its file system, or against an SQL database and inform the buffer of any pending updates...

Recommend

Buffer Manager Each relation is can be mapped onto many files (each file containing data from one

Buffer Manager Each relation is can be mapped onto many files (each file containing data from one

Buffer Management The database buffer is the mediator between the basic file system and the tuple-oriented file system. The buffer managers task is to make the pages addressable in main memory and to coordinate the writing of pages to disk

1.12k views • 8 slides
Introduction Buffer Overflows Buffer overflows were the most common form of security

Introduction Buffer Overflows Buffer overflows were the most common form of security

Introduction Buffer Overflows Buffer overflows were the most common form of security vulnerability in the 90s. Buffer overflows dominate in the area of remote network penetration vulnerabilities. CS 465 They represent one of the

651 views • 4 slides
Security: Buffer Overflows and Defenses CS 416: Operating Systems Design Department of Computer

Security: Buffer Overflows and Defenses CS 416: Operating Systems Design Department of Computer

Security: Buffer Overflows and Defenses CS 416: Operating Systems Design Department of Computer Science Rutgers University http://www.cs.rutgers.edu/~vinodg/416 Buffer Overflow a very common attack mechanism from 1988 Morris Worm to Code Red,

950 views • 55 slides
Buffer Overflows with Content 2 A Process Stack Buffer Overflow Common Techniques employed

Buffer Overflows with Content 2 A Process Stack Buffer Overflow Common Techniques employed

1 Buffer Overflows with Content 2 A Process Stack Buffer Overflow Common Techniques employed in buffer overflow exploits to create backdoors Execution of additional network services via the INETD daemon The addition of new users

497 views • 30 slides
External buffer Raslan Darawsheh Mellanox External buffer First was introduced by Olivier

External buffer Raslan Darawsheh Mellanox External buffer First was introduced by Olivier

x External buffer Raslan Darawsheh Mellanox External buffer First was introduced by Olivier in his presentation in 2016. The support for External buffer has been there since DPDK 18.05 2 External buffer: Contd 3 External

544 views • 12 slides
Lab 2: Buffer Overflows Fengwei Zhang SUSTech CS 315 Computer Security 1 Buffer Overflows

Lab 2: Buffer Overflows Fengwei Zhang SUSTech CS 315 Computer Security 1 Buffer Overflows

Lab 2: Buffer Overflows Fengwei Zhang SUSTech CS 315 Computer Security 1 Buffer Overflows One of the most common vulnerabilities in software Programming languages commonly associated with buffer overflows including C and C++

1.14k views • 17 slides
Buffer Overflows and Defenses CS 419: Computer Security Lecture 10 and 11 Buffer Overflow a

Buffer Overflows and Defenses CS 419: Computer Security Lecture 10 and 11 Buffer Overflow a

Buffer Overflows and Defenses CS 419: Computer Security Lecture 10 and 11 Buffer Overflow a very common attack mechanism from 1988 Morris Worm to Code Red, Slammer, Sasser and many others prevention techniques known still of major concern

873 views • 53 slides
TinyOS Determine when Fill message Specify Pass buffer message buffer Network Communication

TinyOS Determine when Fill message Specify Pass buffer message buffer Network Communication

Inter-Node Communication General idea: Sender: TinyOS Determine when Fill message Specify Pass buffer message buffer Network Communication buffer with data Recipients to OS can be reused Computer Network Receiver:

176 views • 3 slides
Week 03 Lectures PostgreSQL Buffer Manager 1/95 PostgreSQL buffer manager: provides a shared

Week 03 Lectures PostgreSQL Buffer Manager 1/95 PostgreSQL buffer manager: provides a shared

Week 03 Lectures PostgreSQL Buffer Manager 1/95 PostgreSQL buffer manager: provides a shared pool of memory buffers for all backends all access methods get data from disk via buffer manager Buffers are located in a large region of shared

505 views • 25 slides
Riparian Buffer or Riparian Forest Buffer Equivalency Demonstration and Offsetting Water

Riparian Buffer or Riparian Forest Buffer Equivalency Demonstration and Offsetting Water

Implementation of Act 162 of 2014 Riparian Buffer or Riparian Forest Buffer Equivalency Demonstration and Offsetting Water Resources Advisory Committee August 12, 2015 Tom Wolf, Governor John Quigley, Secretary Agenda 1. Overview of Act 162

530 views • 37 slides
Real-World Buffer Overflow Protection in User & Kernel Space Michael Dalton , Hari Kannan,

Real-World Buffer Overflow Protection in User & Kernel Space Michael Dalton , Hari Kannan,

Real-World Buffer Overflow Protection in User & Kernel Space Michael Dalton , Hari Kannan, Christos Kozyrakis Computer Systems Laboratory Stanford University http: / / raksha.stanford.edu Forum 1 Motivation Buffer overflows remain a

506 views • 22 slides
Chapter 10 Buffer Overflow Buffer Overflow Common attack mechanism first wide use by

Chapter 10 Buffer Overflow Buffer Overflow Common attack mechanism first wide use by

Chapter 10 Buffer Overflow Buffer Overflow Common attack mechanism first wide use by the Morris Worm in 1988 Prevention techniques known NX bit, stack canaries, ASLR Still of major concern Recent examples:

354 views • 21 slides
Buffer Trees Lars Arge. The Buffer Tree: A New Technique for Optimal I/O Algorithms . In

Buffer Trees Lars Arge. The Buffer Tree: A New Technique for Optimal I/O Algorithms . In

Buffer Trees Lars Arge. The Buffer Tree: A New Technique for Optimal I/O Algorithms . In Proceedings of Fourth Workshop on Algorithms and Data Structures (WADS), Lecture Notes in Computer Science Vol. 955, Springer-Verlag, 1995, 334-345. 1

518 views • 27 slides
AKC Education Webinar Series: Social Media Resources Buffer: What Is It? Buffer is a software

AKC Education Webinar Series: Social Media Resources Buffer: What Is It? Buffer is a software

AKC Education Webinar Series: Social Media Resources Buffer: What Is It? Buffer is a software application for the web and mobile, designed to manage accounts in social networks, by providing the means for a user to schedule posts to Twitter,

506 views • 35 slides
More Vulnerabilities (buffer overreads, format string, integer overflow, heap overflows) Chester

More Vulnerabilities (buffer overreads, format string, integer overflow, heap overflows) Chester

More Vulnerabilities (buffer overreads, format string, integer overflow, heap overflows) Chester Rebeiro Indian Institute of Technology Madras Buffer Overreads 2 Buffer Overread Example 3 Buffer Overread Example len read from command line

906 views • 76 slides
Buffer Software Security overflows and other memory safety vulnerabilities Buffer overflow

Buffer Software Security overflows and other memory safety vulnerabilities Buffer overflow

Last time We continued By launching our 1st section: Buffer Software Security overflows and other memory safety vulnerabilities Buffer overflow fundamentals This time We will finish up By looking at Buffer Overflow overflows

1.33k views • 103 slides
k + -buffer: Fragment Synchronized k-buffer I3D 2014 Andreas A. Vasilakis & Ioannis Fudos {

k + -buffer: Fragment Synchronized k-buffer I3D 2014 Andreas A. Vasilakis & Ioannis Fudos {

k + -buffer: Fragment Synchronized k-buffer I3D 2014 Andreas A. Vasilakis & Ioannis Fudos { abasilak,fudos } @cs.uoi.gr Department of Computer Science & Engineering, University of Ioannina, Greece 16 March 2014 Introduction

782 views • 44 slides
Database Systems IIB: DBMS-Implementation Chapter 5: The Buffer Cache Prof. Dr. Stefan Brass

Database Systems IIB: DBMS-Implementation Chapter 5: The Buffer Cache Prof. Dr. Stefan Brass

Storage Hierarchy, Buffer Manager Disk/Buffer Performance in Oracle Database Systems IIB: DBMS-Implementation Chapter 5: The Buffer Cache Prof. Dr. Stefan Brass Martin-Luther-Universit at Halle-Wittenberg Wintersemester 2019/20

623 views • 50 slides
Delta Pointers: Buffer Overflow Checks Without the Checks Tadde us Kroes & Koen Koning

Delta Pointers: Buffer Overflow Checks Without the Checks Tadde us Kroes & Koen Koning

Delta Pointers: Buffer Overflow Checks Without the Checks Tadde us Kroes & Koen Koning Erik van der Kouwe Herbert Bos Cristiano Giuffrida June 19, 2018 Preview buffer[10] secret 2 Preview buffer[10] secret buffer[5] 2 Preview

934 views • 74 slides
IT 4500 : Information Security Secure Programming Dr Joe Francom Buffer Overflow What it is? A

IT 4500 : Information Security Secure Programming Dr Joe Francom Buffer Overflow What it is? A

IT 4500 : Information Security Secure Programming Dr Joe Francom Buffer Overflow What it is? A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold.

221 views • 3 slides
Smashing the Buffer Smashing the Buffer Miroslav tampar Miroslav tampar (mstampar@zsis.hr )

Smashing the Buffer Smashing the Buffer Miroslav tampar Miroslav tampar (mstampar@zsis.hr )

Smashing the Buffer Smashing the Buffer Miroslav tampar Miroslav tampar (mstampar@zsis.hr ) (mstampar@zsis.hr ) Summary BSidesVienna 2014, Vienna (Austria) November 22nd, 2014 2 Buffer overflow (a.k.a.)

462 views • 35 slides
Buffer Overflow CS461/ECE422 Spring 2012 Reading Material

Buffer Overflow CS461/ECE422 Spring 2012 Reading Material

Buffer Overflow CS461/ECE422 Spring 2012 Reading Material Based on Chapter 11 of the text Outline Buffer Overflow Stack Buffer Overflow Shell

783 views • 28 slides
Shared buffer laboratory 2 implements a shared buffer Process loop Ke yboard wait for

Shared buffer laboratory 2 implements a shared buffer Process loop Ke yboard wait for

slide 1 gaius Shared buffer laboratory 2 implements a shared buffer Process loop Ke yboard wait for keyboard int port get character put character into buffer end Read (char *ch) shared by the application process Read (char *ch); shared

398 views • 28 slides
CS241 Computer Organization Spring 2015 Buffer Overflow 4-022015 Outline Linking

CS241 Computer Organization Spring 2015 Buffer Overflow 4-022015 Outline Linking

CS241 Computer Organization Spring 2015 Buffer Overflow 4-022015 Outline Linking & Loading, continued Buffer Overflow Read: CSAPP2: section 3.12: out-of-bounds memory references & buffer overflow K&R:

775 views • 43 slides

More recommend