Last Articles


Most popular password

Network Information Security: Myths and Realities Omnipotence hackers

Hackers and crackers, or what is good and what is bad?

Chronology of the ARPANET - INTERNET

Protection system in Windows - Fact or Fiction

The basic principles of security

Manager SAM and Active Directory

Administrative boundaries: the forest or domain?

Can you trust a domain that is connected to the Internet?

Идентификаторы защиты (SID)

Why can not I log in as an administrator from any location?

Network security model and resource sharing

Remote attacks on distributed computing systems

Characteristics and mechanisms of implementation of standard remote attacks

Fake ARP-server on the Internet

False DNS-server on the Internet

Substitution of one of the subjects TCP-connections on the Internet

Malfunction host on the network

Mythical remote attacks on the Internet

Dedicated channel communication between objects distributed CS
Control over route messages to the distributed CS

 As is known, each object distributed CS should have the address, unique identifying him. In order for a message from one object has been transferred to another facility of the system, it must pass through a chain of routers, whose task analyzing the destination address in the message, select the optimal route and, from him to forward the package or the next router or directly to the subscriber if it is directly connected to this site.

  Thus, the route to the object is a chain of nodes traversed by the message.

  This task, on the one hand, we can solve by introducing additional identification of messages on the other, higher-level OSI. Thus, addressing is carried out at the network level, and additional identification, such as transport. However, this solution is not to avoid the problem of control over the creation of connections, since the identification of additional subscribers will be possible only after the establishment of the connection.

  Therefore, the developers of the distributed CS can offer the following solutions to the problem.

  In the first case, the function checks the authenticity of the sender's address could be allocated to the router. It's easy to do, because the router can track where the packet came to him (from another router, or from the connected host of the subnets directly connected to this router).

  The router can verify that the sender address with the address of the appropriate subnet from which the message arrived. In the case that a message is sent on, and otherwise - is filtered out.

  This method allows the initial stage of drop packets with invalid sender addresses. Another variant of the solution may be to create a special packet header fields, where each router through which the packet enters the routing information (part of the address, for example).

  In this case, the first router, which received a package that captures information about the network class (A, B, C), where the packet came. Nevertheless, the introduction of the package addresses of all traversed the path of routers to be a suboptimal solution, since in this case is difficult to determine in advance the maximum size of the packet header.

  When the message reaches the final destination in the header will be fully marked traveled route. By this route, regardless of the specified package of network addresses of the sender, you can, firstly, to within a subnet to identify the authenticity of addresses and, secondly, to determine with accuracy the true subnet address. So, having received a similar message with the specified route network operating system analyzes the route and verifies the authenticity of the sender.

  In the event of the unreliability of the packet is discarded.

Top 5 most read

The basic rules of safe behavior on the Internet

Manager SAM and Active Directory

You forget your password. What should I do? Part 3

Social engineering as a way of committing crimes in the sphere of computer information

Идентификаторы защиты (SID)
Copyright © 2010 BRV ISTCOM S.R.L.- раскрутка сайта