Session Title Network Security Sessions
Chair Yoshiaki Kasahara [kasahara@nc.kyushu-u.ac.jp]
Yasuichi Kitamura [kita@jp.apan.net]
Rahmat Budiarto [rahmat@cs.usm.my]
Objective - To raise the security awareness and knowledge within APAN community
- To exchange experience and knowledge in network security technologies and issues, and
- To cooperate with other international security efforts to raise security awareness, capabilities and interoperation globally.
Security related topics includes protection of the physical, intellectual, and electronic assets of the APAN and other network, including its security policies, network access controls, virus protection, network administration, auditing, and transaction security.
Target Audience Researchers, Scientists, Network Engineers
Expected No. of Participants 30-50
Agenda of Session
1st session Chair: Yoshiaki Kasahara [kasahara@nc.kyushu-u.ac.jp]

1.Title: Design and Implementation of Large Scale URL Filtering download
Speakers: Kasom Koth-Arsa2, Surachai Chitpinityol1, Surasak Sanguanpong1, Anan Phonphoem1, and Chalermpol Chatampan1

^1Office of Computer Services, Kasetsart University, Bangkok, THAILAND
^2Faculty of Engineering, Kasetsart University, Bangkok, THAILAND

A web filtering is one of a mandatory system for control and managing Internet access under necessary situations and security reasons (such as Phishing sites). The filtering system should be able to detect and restrict web accesses, based on the administrative criteria, to both inside and outside organization's web servers despite of such traffic would connect through any web proxy or not. Currently, many web hosting sites deploy virtual hosts or share the same host names which cause the web filtering system based on only target IP addresses to come up with the undesired fault-positive match results. Although URL-based filtering can be solved using proxy servers; but it would be not appropriate for the case of large traffic volume and a large number of URLs to be filtered.

In this presentation, we will explain a system design and implementation of “pass-by” URL filtering technique. Pass-by filtering offers inspection and filtering web traffic without interfering legitimate Internet access. We present the system's design and architecture which is able to handle maximum 268 million URLs on a single machine. URL compression techniques based on delta encoding is the key component to handle a large number of URLs solely in the main memory without access to secondary storage. Finally, we describe an implementation which has been deployed to an International Internet Gateway and show the collected statistics of 4.6 Gbps peak aggregated traffic with around 64K packets per second of HTTP requests.

2.Title: Experiences in Deploying Machines Registration and Integrated Linux Firewall with Traffic Shaper for Large Campus Network download
Speakers: Surachai Chitpinityol1, Kasom Koth-Arsa2, Surasak Sanguanpong1, Pirawat Watanpongse2, and Chalermpol Chatampan1.

^1Office of Computer Services, Kasetsart University, Bangkok, THAILAND
^2Faculty of Engineering, Kasetsart University, Bangkok, THAILAND

The presentation will be divided into two parts: the SMART system and the Experiences in using Linux firewall and traffic shaper.

For a large scale campus network, registering and managing network hosts is not a trivial task. Simple Machine Address Registration Tools (SMART) has been developed for the network administrator to easily take care of the task. Each user has to register his/her network interface card's MAC address once in advanced before allowing access to the Internet. During the registration process, SMART will update the RADIUS server's configuration database in real-time. SMART will only grant the permission to the registered machine for network access.

SMART is composed of three main components: “command center”, “overlord”, and “observer”. The command center is a centralized database for recording the registered user and equipment information. The overlord is the policy enforcement unit that redirects any web request of the unregistered equipments to the command center web interface. The observer is the monitoring unit to detect any anomaly usage such as sync flood or port scanning. If any suspected misuse has been detected, the observer will report the incident to the command center which trigs the overlord to perform a blocking procedure.

For the Linux firewall part, the system is deployed on the large scale campus network which composes of more than ten thousand active hosts, five hundred thousand active network connections, and gigabit per second of aggregate network throughput. The network topology and how Linux firewall deployment as a traffic shaper will be discussed in details (such as P2P shaping). Finally, we conclude with the challenges, experiences, and comments on the future direction.

2nd session Chair: Yasuichi Kitamura [kita@jp.apan.net]

3. (spam statistics report from APAN Tokyo XP) Takatoshi Ikeda, KDDIdownload

APAN Tokyo XP is managing some mailing lists for managing the APAN network operation. The mailing list accounts should be opened for accepting a lot of requests from the researchers. But, unfortunately, the account is very easy to get for the spam generators, too. ops@jp.apan.net is one of the most important and active accounts at Tokyo XP and it's the target of the spam generators. In this report, we will report the statistics of the spam mails at Tokyo XP.

4. Title: The design of connectivity detect system by reuse of SPAM Mail download
Speakers: Koji Okamura and Hiroaki Towata (Kyushu Univ., Japan)

This presentation explains the system which can detect connectivity of Internet using many SPAM Mail over Internet. The authors show the design how to reuse useless SPAM Mail for management of Internet and have discussion to collaboration between another organizations in APAN.

5. (TBD)
Remarks (e.g. special arrangement) Room setup style: Classroom type






Copy Right 2007 APAN | |Last Updated 29 Aug 2007