Modern local networks consist of several subscriber devices located inside the same building. Computers on the local network are interconnected using network equipment - switches. By default, all devices connected to the ports of the same switch can communicate by exchanging network packets. Computer networks of data transmission are the result of the information revolution and in the future will be able to form the main means of communication. The worldwide trend towards the integration of computers in the network is due to a number of important reasons, such as the acceleration of the transmission of information messages, the ability to quickly exchange information between users, receiving and transmitting messages (faxes, E-mail letters, electronic conferences, etc.) without leaving the workplace, the ability to instantly receive any information from anywhere in the world, as well as the exchange of information between computers of different manufacturers working under different software. A large number of broadcast packets sent by devices leads to a decrease in network performance, because instead of useful operations, the switches are busy processing data addressed to everyone at once. The situation forces us to divide such large networks into autonomous subnets; as a result, the logical structures of the network are different from the physical topologies. This article discusses VLAN technology (Virtual Local Area Network - VLAN), which allows you to divide one local network into separate segments.
This paper reports the results of experiments and studies involving different types of devices that can implement a BadUSB scenario, for example, BadUSB, Rubber Ducky, which, when connected to a computer, impersonate a device with a Human Interface Device, emulating other devices such as a keyboard and mouse. Given the problem of the lack of management tools for detecting preliminary modifications of USB devices against attacks based on the seizure of computer control, a software and hardware system is proposed as an object of study. It is implemented programmatically in the Arduino IDE environment, and physically it is made on the Arduino Mega board with Shield, which reads the parameters of the devices. It monitors the startup of USB devices and checks each device for pre-retrofitting by passing HID descriptors from the connected hardware. Having parsed the data using Python, the data are represented in the appropriate form for analysis, on the basis of which a decision is made by the system on the possible preliminary modification of the USB drive from which these data came. This is due to the detailed consideration and thorough analysis of data, data types, temporal characteristics of data transmitted along different channels. The technical characteristics and functionality of USB devices were investigated; the parameters transmitted at the moment when they are supplied with power were determined. The system can draw a conclusion based on the analysis according to its algorithm and block a suspicious USB device that has been connected and that can intercept control over the computer. The results of the study could be used in the field of protection of information systems from attacks based on the seizure of control from external media. The designed solution increases the level of security of the system, making it possible to recognize a possibly pre-modified device at the connection stage
A Software-Defined Network (SDN) on a Wide Area Network (WAN) is a computer network that is controlled and created by software. SD-WAN is an emerging research area that has received a lot of attention from industry and government. This technology offers tremendous opportunities to support the creation of consolidated data centers and secure networks. This is an innovation that allows the network to be monitored and programmed so that it can respond to network events caused by security breaches. This solution provides network security, offers a single network management console, and provides complete control over the network architecture. Also controls security in the cloud software-defined infrastructure (SDI), such as dynamically changing the network configuration when forwarding packets, blocking, redirecting, changing Media Access Control (MAC) or Internet Protocol (IP) addresses, limiting the packet flow rate etc. Using SD-WAN technology, it is possible to reduce the cost of dedicated bandwidth channels, achieve a high-quality Virtual Private Network (VPN), and the ability to automatically select a channel for certain channels. The main advantages of SD-WAN are the management of an unlimited number of devices from a single center, reducing the cost of deploying branch infrastructure. According to the results of the survey, 7 % of respondents use SD-WAN for security solutions, 14% at the piloting stage. As a result of the research, it was revealed that by 2024, to increase the flexibility and support of cloud applications, more than 60 % of SD-WAN customers will implement the SASE (Secure Access Service Edge) architecture, which is 30% more than in 2020 and the main concept - application security and cloud functions. Keywords: OpenFlow, Software defined wide area network (SD-WAN), architecture, DDoS attack, WAN network
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.