Embed Size (px)
Citation preview
INTERNET CRITICALITIESActivation and deactivation of the emergency back-up network
Fabrizio Cuccoli,Francesco Sermi
RaSS CNIT UO Firenze
Outline1) Reference Scenario and Network.2) Most Reasonable Scenario.3) Worst Case Scenario.4) Characteristics of the SWING system.5) Supervision of the Internet Links.6) Simple Network Management Protocol.7) Performance Monitoring and Management Tools8) SWING Network Management System.9) Reactivation of the Internet Links.10) Considerations
2SWING Final Meeting | CNIT - Pisa, Italy13/12/2013
Reference Scenario and Network
3SWING Final Meeting | CNIT - Pisa, Italy13/12/2013
Most Reasonable Scenario 1/2
4SWING Final Meeting | CNIT - Pisa, Italy13/12/2013
• t0 – Hackers undertakes a DoS attack to the Barcelona harbour facility.• t0 + 2m – The ECI of Barcelona detects the missing internet connection and
reports an alert to its connected CGA located in Madrid via the SWING network.
• t0 + 2 m 30 s – After receiving the alert from Barcelona’s ECI, the SWING station in the CGA – Madrid begins a check among all its connected ECIs (Malaga and Valencia) and CGAs (Rome and Athens) to verify the status of internet connection for each of them. The interaction takes place via the SWING network.
• t0 + 5 m – All the connected ECIs, with the exception of the one located in Barcelona report a normal status of the internet connection. The treat is classified as “local”.
• t0 + 6 m 30 s – After about 8 minutes from its activation, the CGA in Madrid consolidates the HF link with the ECI in Barcelona, providing a safe basic connection via the SWING network.
Most Reasonable Scenario 2/2
5SWING Final Meeting | CNIT - Pisa, Italy13/12/2013
Worst Case Scenario 1/2
6SWING Final Meeting | CNIT - Pisa, Italy13/12/2013
• t0 + 3 m – The ECI – Palermo is under attack: it detects an interruption in the internet connection and via the HF link signals its status to the connected CGA in Rome.
• t0 +1m 30 s– The Rome’s CGA receives the alert message from one of its ECIs and activates a check procedure among the connected nodes.
• t0 + 3 m 20 s – Also the ECIs in Naples and Patrasso experience a loss of internet-connection. In about one minute they both send an alert to their relative CGA.
• t0 + 4 m – The CGA – Athens is under attack. It submits to the other CGAs a request to activate the SWING network.
• t0 + 5 m 15s – Also the CGA in Rome, detecting a multiple alert form some of its ECIs, confirms the request of SWING activation.
• t0 + 18 m – All the nodes are connected via the SWING network while their broadband connection is inhibited.
Worst Case Scenario 2/2
7SWING Final Meeting | CNIT - Pisa, Italy13/12/2013
Characteristics of the SWING system
8SWING Final Meeting | CNIT - Pisa, Italy13/12/2013
• Hierarchical structure (each CGA monitors the relative ECIs);
• Simple design (it is an emergency system: fast activation, cheap stand-by status);
• System resilience (it needs to be operative when other systems are not);
• Scalability of the infrastructure (the definition of new node does not effect the functioning of the network).
Supervision of the Internet Links
9SWING Final Meeting | CNIT - Pisa, Italy13/12/2013
• Fault Management (detection, isolation and resolution of network faults);
• Configuration Management (configuring and adjusting a network);
• Accounting Management (tracking the usage of network resources);
• Performance Management (monitoring network utilization at various points in a network);
• Security Management (processes to make the network secure).
Simple Network Management Protocol
10SWING Final Meeting | CNIT - Pisa, Italy13/12/2013
The SNMP is an internet-standard protocol for managing devices on IP networks.SNMP is made by 3 components:• Network Management System (NMS);• Managed device;• Agent.
agent data
agent data
agent data
agent data
managed device
managed device
managed device
managed device
managingentity
data
networkmanagement
protocol
managing entity
agent dataagent datadata
agent dataagent datadata
agent dataagent datadata
agent dataagent datadata
managed device
managed device
managed device
managed device
managingentity
datamanaging
entitydata
networkmanagement
protocol
managing entity
The SNMP operates in the Application Layer of the Internet Protocol Suite (Layer 7 of the OSI model).
Perform. Monitoring & Managem. Tools
11SWING Final Meeting | CNIT - Pisa, Italy13/12/2013
Active tools: Tool Metrics Measurement approach
ping delay (RTT), loss ICMP echo
iperf achievable bandwidth path flooding
bing bandwidth capacity, lossRTT delay
variable packet size
traceroute Topology, delay (RTT) varied TTL
pathchar bandwidth capacityloss, delay (RTT)
variable packet size
netperf achievable bandwidth path flooding
• Weather Maps – Multi Router Traffic Grapher (MRTG) Diagram;
• Nagios (an host and service monitor designed to detect network problems in advance respect the user);
Passive tools:
SWING Network Management System
12SWING Final Meeting | CNIT - Pisa, Italy13/12/2013
- Distributed Monitoring Server at each ECI site;- Central Monitoring Server at each CGA site.
End-User
Router
Ethernet LAN
Internet
ECI/CGA Site
WebServer
GatewayHF
HFNetwork
NMS
Reactivation of the Internet links
13SWING Final Meeting | CNIT - Pisa, Italy13/12/2013
• The CGAs involved in the attack regularly carry out a sensing of the Internet connections for the relative ECIs. This is done through simple sensing procedure whose repetition frequency depends on the minimum latency for the broadband reactivation indicated by the customer.
• When the CGA senses the availability of the internet connection to one of the relative ECIs, it restores the broad band connection and disables the HF emergency link.
• The deactivation of the emergency HF link is subordinated to the restoration of the traditional internet connection.
• The restoration of the broad band connection takes place in a capillary way: from the external nodes to the inner CGAs ring.
• The SWING deactivation procedure must occur in a controlled fashion, by
using specifically designed not-ambiguous end-of-message signals.
Final Considerations
14SWING Final Meeting | CNIT - Pisa, Italy13/12/2013
• The complete process required for the activation of the HF back-up network after a warning alert event has been considered assuming a realistic network configuration and two different potential terroristic attacks.
• The time needed to guarantee a safe basic internet connection via SWING to the node under attack has been estimated in less than 10 minutes from the triggering event.
• However the effective time required for a complete SWING activation/ deactivation will depend on the event sequence that triggered the SWING and on the complexity of the effective physical topology of the SWING network.
References
15SWING Final Meeting | CNIT - Pisa, Italy13/12/2013
[1] Technical Report N. 2, “Technical analysis of the communication problems related to the identification and designation of CIs in the interested area”, Swing project, Sep. 2012[2] Douglas R. Mauro and Kevin J. Schmidt, “Essential SNMP”, (1st ed.) Sebastopol, CA: O’Reilly & Associates, 2001.[3] “An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks”, IETF RFC 3411[4] The MultiRouter Traffic Grapher Home Page, http://oss.oetiker.ch/mrtg/[5] Nagios Home Page, http://www.nagios.org
