1 / 14

LANCOM LA nguage for N etwork CO nfiguration and M anagement

LANCOM LA nguage for N etwork CO nfiguration and M anagement. Chitra S Agastya (csa2111@columbia.edu) Nipun Arora (na2271@columbia.edu) Sambuddho Chakravarty (sc2516@columbia.edu) Milind Nimesh (mn2353@columbia.edu) Ashish Singh Tomar (ast2124@columbia.edu). Meet the System Administrator.

shawna
Download Presentation

LANCOM LA nguage for N etwork CO nfiguration and M anagement

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. LANCOMLAnguage for Network COnfiguration and Management Chitra S Agastya (csa2111@columbia.edu)Nipun Arora (na2271@columbia.edu)Sambuddho Chakravarty (sc2516@columbia.edu)Milind Nimesh (mn2353@columbia.edu)Ashish Singh Tomar (ast2124@columbia.edu)

  2. Meet the System Administrator • Implement security / access policies on various of routers and firewalls • Proficient in esoteric configuration languages • Configure complex security strategies using low level firewall rules

  3. The End Result…. • Affects scalability of the network • No reusability of code • Conflicts arise due to use of different router configuration languages in the same network “Misconfigurations are source of most network vulnerabilities”

  4. The Business Angle… “Security managers need a single place to look for the corporate policies on who gets in and who doesn’t” -Forrester report

  5. The Solution: LANCOM • An out of the box solution to configure routers in a network, manufactured by different vendors • Device Independent Configuration Language • Domain Specific • User Focus: Network Administrator

  6. LANCOM COMPILER LEXER PARSER SYNTAX DIRECTED TRANSLATION INPUT SOURCE PROGRAM OUTPUT CONFIG. FILE COMMAND CLASSES SYMBOL TABLE CONFIGURATION ACTIONS ROUTING/ FIREWALLING COMMANDS FOR LINUX ROUTING/ FIREWALLING COMMANDS FOR FREE BSD TRANSLATOR ARCHITECTURE OF LANCOM

  7. Programming Constructs • Host • Host Group • Topology • Route

  8. Program Structure policy_type_t pol; pol = inbound deny tcp dst 1.1.1.1 netmask 255.255.255.0 8088; apply policy pol; prog Declarative Statements Assignment Statements Configuration Statements endprog

  9. Separation of Network Topology and Security Policy Description POLICY ROLE HOST HOST GROUP TOPOLOGY prog ipaddr_t ip1,ip2; ip1=1.1.1.1; ip2=4.4.4.4; policy_type_t p1; p1= inbound deny tcp src 2.2.2.2 netmask 255.255.255.0 all; role_type_t r1; r1=role { p1, outbound deny dst ip2 netmask 255.255.255.255 all}; host_type_t h1; h1=ip_addr 6.6.6.6 netmask 255.255.255.0; host_group_type_t hg1; hg1=host_group {h1, ip_addr 5.5.5.5 netmask 255.255.255.0}; topology_type_t t1; t1=hg1 r1; apply topology t1; endprog

  10. Test-Bed to Test Basic Firewall Policy Description Using LANCOM Webserver Linux (IPTABLES) FreeBSD (IPFW) Test-Bed Designed and Implemented on deterlab Webserver

  11. Device Independent Configuration prog policy_type_t p; p=inbound deny tcp dst 10.3.0.6 netmask 255.255.255.0 8088; apply policy p; endprog Linux (iptables) /sbin/iptables -I FORWARD -p tcp -d 10.3.0.6/255.255.255.0 -s 0.0.0.0/0.0.0.0 --destination-port 8088 -j DROP FreeBSD(ipfw) /sbin/ipfw add deny tcp from 0.0.0.0:0.0.0.0 to 10.3.0.6:255.255.255.0 8088

  12. Tools Used

  13. What we learned AntlrWorks – an easy to use GUI interface for writing your own language Networking Concepts Team Work Not all team members were conversant with networking

  14. THANK YOU!!

More Related