Virtual Network Engineering Lab @ Texas A&M University - College Station, Texas 77840
Virtual Network Engineering Lab @ Texas A&M University - College Station, Texas 77840
VNE Lab Home Events @ VNE Lab VNE Lab Events
VNE Lab Home VNE Lab Sponsors Contact VNE Lab
 
D.O.G. (Direct Operations Gateway)
 


The main function of DOG (Direct Operations Gateway) is to provide secure and direct access to the system.

Network security will be a more and more important part in current networks. One of the main functions of DOG is to provide the users with secure access to the system. This goal is accomplished by using SSH, ipchains, tripwire and tiger.

SSH can provide strong authentication and secure communications over insecure channels, it is a replacement for rsh, rlogin, rcp and ftp. It encrypts all traffic and provides various levels of authentication depending on the needs. Main features of Secure Shell include remote logins, file copying and tunneling TCP and X11 traffic. There are two major versions of Secure Shell protocol, SSH1 and SSH2. They are incompatible. Our system will provide the support for both versions.

All traffic through a network is sent in the form of packets, A packet filter is a piece of software which looks at the header of packets as they pass through, and decides the fate of the entire packet. It might decide to deny the packet (i.e. discard the packet as if it had never received it), accept the packet (i.e. let the packet go through), or reject the packet (like deny, but tell the source of the packet that it has done so). Under Linux, packet filtering is built into the kernel. For the 2.0-serious kernel, The tool ipchains talks to the kernel and tells it what packets to filter. Specific rules can be set to satisfy the requirements.

Tripwire is a tool for file integrity assessment, a form of intrusion detection that works in conjunction with firewalls and other technologies to provide the most fundamental layer of defense with the enterprise. First it scan a computer and create a database of system files, a compact digital "snapshot" of the system in a known secure state. Once the baseline database is created, the integrity check can be run at any time. By scanning the current system and comparing that information with the data stored in the database, Tripwire detects and reports any additions, deletions or changes to the system outside of the specified boundaries. Thus malicious changes can be found.

Tiger will perform a security audit of the system, it is a set of scripts that scan Unix or Linux system looking for security problems. After the execution, the system administrator will get a report about the security holes.

DOG will have two network interface card, and only after the users are successfully authorized into it can they access the whole system.

After the users successfully log into DOG, they can use telnet, ftp services to access the system in the internal network.

Our system will provide a broad spectrum of options for access control management. DOG will provide direct access control. Direct Access allows the user direct control over the devices and programs assigned to an experiment. This method allows the most flexibility to the user and least administrative overhead during the experiment. However, it provides the least assistance to the user and lowers the likelihood of a successful experience - problems are more likely and user controlled recovery difficult. In this situation, the Virtual Lab user interface passes commands directly to the device(s) being controlled. For example, in configuring LANE and MPOA parameters on an ATM switch, the student types commands which are directly interpreted by the switch. There is freedom to explore many paths to a solution. However, if the student enters an incorrect NSAP (a twenty-byte value), not only will the resulting configuration not work, but it's likely the student will lose communication with the switch and be unable to complete any more exercises. Because the state of the system (e.g., the entered NSAP) is not tracked by administrative means, recovery is restricted to resetting the devices to a baseline configuration.

DOG will use Linux operating system, whose source code is freely available to everyone. Linux may be used for a wide variety of purposes including networking, software development, and as an end-user platform. Linux is often considered an excellent, low-cost alternative to other more expensive operating systems.

 

©VNELab @ Texas A&M University.