RESULTS FROM 1 TO 20 OF 42

2023, Rapporto tecnico, ENG

5G network analysis for dynamic QoS and traffic management

A. Gebrehiwot; A. De Vita; F. M. Lauria

Optimal Quality of Service (QoS) and efficient traffic management in 5G Non-Terrestrial Networks (NTNs) rely on the effective orchestration of communication between the various network elements. Through real-time monitoring of the 5G infrastructure, we can derive signi

2023, Rapporto tecnico, ENG

A software-based 5G infrastructure for the TRANTOR project

A. De Vita; A. Gebrehiwot; F. M. Lauria

This document serves as a comprehensive overview of the 5G research infrastructure developed for the TRANTOR project, a 3-year initiative nanced by the HORIZON EUROPE program that concentrates on the forward trajectory of 5G Non-Terrestrial Network (NTN) evolution, heading towards 6G systems. The goal of the infrastructure is to facilitate and deeply investigate the Quality of Service (QoS) and traffic management in NTN associated with 5G systems and to develop new functionalities as foreseen by the TRANTOR project. The experimental network infrastructure is based on the open-source free5GC project, further complemented by a standalone implementation of a 5G RAN (Radio Access Network, also known as gNodeB) and multiple 5G UE (User Equipment) using UERANSIM, an open source state-of-the-art 5G UE and gNodeB simulator. Detailed overview and use cases of the deployed 5G infrastructure are also described.

2023, Rapporto tecnico, ENG

Peculiarities of Traffic and QoS management in 5G NTN networks

A. Gebrehiwot; A. De Vita; F.M. Lauria

The rapid advancements in Low Earth Orbit (LEO) satellite technologies promise high bandwidth and lower costs, making them crucial components for the future 6G networks. However, these orbits introduce a range of challenges not present in traditional Geosynchronous Orbit (GEO) systems, such as mobility issues, smaller coverage areas, and the need for inter-satellite communications. Within the scope of the TRANTOR project, we aim to investigate the complexities and peculiarities involved in utilizing LEO satellites for global communications. In this technical paper we will focus on reviewing the dynamic traffic and Quality of Service (QoS) management of NTN networks primarily being based on the 3GPP document "Technical Specification Group Radio Access Network; Solutions for NR to support non-terrestrial networks, NTN, Release 16" (3GPP TR 38.821 V16.1.0 (2021-05)).

2023, Rapporto tecnico, ENG

Controlling and monitoring Ethernet-based network infrastructures: practical implementations using scapy

A. Gebrehiwot; F. M. Lauria

This document explores control and monitoring mechanisms commonly employed in Ethernet-based network infrastructures, aiming to provide a comprehensive understanding of their functionality. It presents practical script examples that utilize scapy, a powerful and user-friendly Python library for sensing and manipulating network packets. The showcased scripts focus on essential functionalities such as ARP monitoring, IPv4 collision detection, and rogue DHCP server detection. By examining these examples, readers can gain a comprehensive understanding of how these mechanisms contribute to network control and maintenance. The main objective is to offer valuable insights and practical applications of these mechanisms within Ethernet-based network infrastructures.

2023, Software, ENG

2D random movement simulator

F. M. Lauria; A. Gebrehiwot

The 2D Random Movement Simulator is a minimal web application for locally simulating the random movement of random points in a 2D space on a canvas. The application allows users to display distances between these points, with different colors indicating the level of safety: - green for okay distances; - yellow for alerting distances; - red for danger distances.

2023, Rapporto tecnico, ENG

A practical methodology to detect multiple IP addresses used by a single host on different network interfaces

A. Gebrehiwot; C. Porta

This document presents a technical-practical methodology to discover multiple IP addresses used by a single host with multiple network interfaces, regardless of using wired or wireless technology. After a brief introduction regarding the protocols involved and the requirements to satisfy, it describes the main steps of the proposed algorithm. Finally it reports an example of implementation to demonstrate its effectiveness. In fact, because of its usefulness it has been integrated into a software instrument used for the management of the CNR research area network in Pisa.

2021, Sito web, ITA

Portale di supporto agli utenti delle reti del CNR di Pisa

F. M. Lauria; A. Gebrehiwot; A. De Vita; A. Mancini; C. Porta

Oltre alle funzionalità di apertura ticket il portale mette a disposizione degli utenti delle reti del CNR di Pisa una sezione "Knowledge base" con le domande più frequenti. Dal punto di vista dei gestori del portale, ovvero il personale afferente all'unità tecnologica Computer and Communication Networks dell'IIT, esso permette di gestire le richieste da un'unica interfaccia web.

2021, Rapporto tecnico, ENG

Technical and administrative considerations on acquiring a NGFW-based network security solution

A. Gebrehiwot; F. Maria Lauria; Irene Sannicandro

The network security solution in use at the Pisa Research Area since 2008, is based on two on premise Next Generation Firewalls (NGFWs) capable of protecting the network infrastructure using typical NGWF features such as application awareness, threat prevention, anti-virus, anti-spyware, URL filtering, file blocking, DDoS protection, etc. Unlike traditional packet filtering firewalls, NGFWs enforce security policies not only based on network traffic attributes (e.g. IP addresses, protocol numbers and port numbers, etc.) but also on other types of attributes, such as the username of an authenticated user, the name of the used application, the type of the transported data, etc. Furthermore, NGFWs support the concept of zone-based firewalling and allow the configuration of individual protection rules regardless of the used network layer protocol, thus implementing a dual stack (IPv4/IPv6) firewall. There are various NGFW manufacturers in the market. Therefore, a public organization in need of acquiring a NGFW-based network security solution, should compare various products in order to select the best quality-price ratio. Unfortunately, at the time of writing of this document, there are no standard methods, i.e. benchmarks, for objectively evaluating and comparing performance indicators of NGFW devices from different manufacturers. For this reason, organizations are forced to make a choice by following a logical process that takes into account a series of different evaluation criteria (technical, practical, economical, administrative, etc.). This document tries to address the various issues that an organization might face during the phases of selection and acquisition of a security solution based on NGFW technologies, mainly considering both technical and administrative aspects.

2021, Rapporto tecnico, ITA

Policy di sicurezza informatica dell'Istituto di Informatica e Telematica

De Vita A.; Gebrehiwot A.; Lauria F.; Lucchesi C.; Mancini A.; Martinelli M.; Porta C.; Ruberti S.; Vasarelli L.

Questo technical report riporta la prima versione della Security Policy dell'Istituto di Informatica e Telematica, adottata nel rispetto della normativa vigente "Misure minime di sicurezza ICT per le pubbliche amministrazioni" previste dall'Agenzia per l'Italia Digitale. Tratta gli aspetti necessari per rilevare eventuali criticità di sicurezza informatica e stabilisce le azioni da intraprendere per accrescere il livello di sicurezza dell'intero ecosistema informatico dell'Istituto. Definisce inoltre un insieme di misure organizzative e comportamentali da adottare, da parte del personale dello IIT, per contrastare le minacce informatiche più frequenti e gestire eventuali incidenti. Un ulteriore obiettivo è la consultazione e divulgazione della policy stessa ad altri istituti del CNR, enti di ricerca e Pubblica Amministrazione, al fine di supportarli nella definizione di una politica di sicurezza per la propria organizzazione.

2020, Materiale didattico, ITA

Zone-based policy firewalling su apparati Cisco IOS

A. Gebrehiwot; F. M. Lauria

Il presente documento costituisce un quaderno di esercizi focalizzati sull'implementazione di strategie di Zone-based policy firewalling (aka "Zone-Policy Firewalling" or "ZPF") mediante l'utilizzo di router Cisco con sistema operativo IOS. La sicurezza delle reti è di fondamentale importanza per proteggere i dati e le risorse all'interno di un'infrastruttura, e i router Cisco offrono funzionalità avanzate per il controllo granulare del flusso di traffico di rete. Attraverso una combinazione di configurazioni e test pratici, questi esercizi consentiranno di acquisire familiarità con la creazione di zone di sicurezza, l'assegnazione di interfacce alle zone specifiche e la verifica del funzionamento delle restrizioni di traffico predefinite.

2020, Rapporto tecnico, ENG

Analysis of Cit0Day data leak: a collection of 345 million hacked credentials from 23600 online services

F. M. Lauria; A. De Vita; A. Gebrehiwot

The easiest and widely used authentication method to access Internet services is based on username and password. When users can create their own accounts on services that require online self-registration procedure, email addresses are usually used as usernames. Cybercriminals are constantly aiming to steal this type of data for various reasons, for example with the purpose of selling them in the underground market. Sometimes stolen accounts can be found on the public Internet, even without the owner being aware of it. In this report we provide a qualitative description and a quantitative analysis of Cit0Day data leak, a collection of more than 345 million hacked login credentials from 23600 online services, made available on the public Internet in October 2020. In particular, our analysis focuses on two different aspects: one related to the hacked services and the other related to the end user credentials. Finally, we have carried out a specific analysis of the data leak in order to assess the security concerns regarding our organization. Even if there were no hacked services belonging to our organization, we found out that nearly 2500 CNR related credentials were used on more than 450 hacked services.

2020, Rapporto tecnico, ENG

Securing a Dual Stack enterprise network using a Next-Generation Firewall

A. Gebrehiwot

Most general-purpose operating systems implement and enable native IPv4 and IPv6 support and implement a number of transition/coexistence technologies by default. The deployment of native IPv6 networks is constantly growing, and is already present in almost all our networks. Sometimes it is "official" IPv6 traffic, often it is just link-local traffic, or global-scope traffic going through tunnels unknown to the network administrators. It is very important to prevent security exposure in enterprise networks resulting from unplanned use of IPv6. Whatever the reason of the presence of IPv6 in an enterprise network, the time when network administrators just needed to control IPv4 is over. Many communication protocols operating over the modern Internet use hostnames. Hostnames often resolve to multiple IPv4 and IPv6 addresses, so in a Dual Stack portion of the Internet, a communication between two nodes may be established either in IPv4 or in IPv6. For example, a Dual Stack client may establish an http session to a WEB server using either IPv4 or IPv6. It is therefore essential to apply a consistent security policy on both bi-directional IPv4 and IPv6 traffic independently of which protocol is being used. In this Technical Report, our main objective is to demonstrate how to plan and enforce a consistent security policy for a Dual Stack enterprise network by applying the same controls on bi-directional legitimate IPv4 and IPv6 sessions by using a Next-Generation Firewall.

2020, Rapporto tecnico, ENG

Deployment of native IPv6 only networks using stateful NAT64/DNS64: Enterprise networks with IPv6 only clients capable of contacting IPv4 Servers

A. Gebrehiwot

Newly implemented IPv6 only networks are becoming common and these sites have interest to communicate with the whole Internet (IPv4 Servers and the whole IPv6 Internet). In this paper we will describe and show how to implement a reliable mechanism that allow client nodes connected to IPv6 only networks to be able to communicate with all IPv4 Servers using NAT64/DNS64 protocol translation. When stateful NAT64 is used in conjunction with DNS64, no changes are usually required in the IPv6 client or the IPv4 server including the transit networks. We present a testbed to demonstrate and to guide on how to realise a stateful NAT64/DNS64 which is capable of translating unicast packets carrying TCP, UDP, and ICMP traffic

2018, Materiale didattico, ITA

Approfondimenti su APP-ID & custom signatures

F. M. Lauria; A. Gebrehiwot

Materiale didattico del "Lab of Secure system configuration, device hardening and firewall management": insegnamento nell'ambito del Master di primo livello in cybersecurity organizzato dall'Università di Pisa e dall'Istituto di Informatica e Telematica del CNR tenuto nel periodo Settembre/Novembre 2018. Il documento approfondisce i concetti di APP-ID ed application signatures relativi ai NGFW.

2018, Materiale didattico, ITA

Introduzione ai zone protection profiles

F. M. Lauria; A. Gebrehiwot

Materiale didattico del "Lab of Secure system configuration, device hardening and firewall management": insegnamento nell'ambito del Master di primo livello in cybersecurity organizzato dall'Università di Pisa e dall'Istituto di Informatica e Telematica del CNR tenuto nel periodo Settembre/Novembre 2018. Il documento introduce il concetto di Zone Protection Profile relativo ai NGFW.

2018, Materiale didattico, ITA

Introduzione ad URL Category/Filtering e SSL Decryption

F. M. Lauria; A. Gebrehiwot

Materiale didattico del "Lab of Secure system configuration, device hardening and firewall management": insegnamento nell'ambito del Master di primo livello in cybersecurity organizzato dall'Università di Pisa e dall'Istituto di Informatica e Telematica del CNR tenuto nel periodo Settembre/Novembre 2018. Il documento introduce i concetti relativi alle tematiche di URL Category, URL Filtering e SSL Decryption relative ai NGFW.

2018, Materiale didattico, ITA

Introduzione ai Next Generation Firewall (NGFW)

F. M. Lauria; A. Gebrehiwot

Materiale didattico del "Lab of Secure system configuration, device hardening and firewall management": insegnamento nell'ambito del Master di primo livello in cybersecurity organizzato dall'Università di Pisa e dall'Istituto di Informatica e Telematica del CNR tenuto nel periodo Settembre/Novembre 2018. Il documento illustra il programma del corso e tutti i concetti introduttivi relativi al mondo dei Next Generation Firewall.

2017, Materiale didattico, ITA

Cybersecurity auditing con scapy

F. M. Lauria; A. Gebrehiwot

Il documento ha lo scopo di fornire una guida pratica per l'auditing dei "Zone Protection Profiles" utilizzando lo scripting in Python. Nell'ambito della sicurezza di rete e più specificamente dei Next-Generation Firewalls, i "Zone Protection Profiles" rappresentano una componente fondamentale. Infatti essi mirano a proteggere le reti da una serie di minacce come il flood, il port scanning o il ping sweep.

2016, Sito web, ENG

Sito web per la distribuzione del tool 6MoNPlus

F. M. Lauria; C. Porta; A. De Vita; A. Gebrehiwot; A. Mancini

Il sito web è stato creato per la distribuzione del tool 6MoNPlus.

2016, Contributo in atti di convegno, ENG

6MoNPlus: Geographically distributed Dual Stack network monitoring

Filippo Lauria, Claudio Porta, Andrea De Vita, Abraham Gebrehiwot, Alessandro Mancini

Monitoring and controlling geographically distributed Dual Stack networks on the present Internet architecture is a complex task. The diffused use of Network Address Translation (NAT) and issues caused by border firewalls make remote network monitoring difficult. It is also necessary to physically be connected to the remote networks to sniff packets. There are several situations in which it is convenient to have an easy to use tool, accessible from every location, for monitoring and managing various networks, distributed in different locations, using a single management interface. This article is proposing a geographically distributed, scalable and extensible open tool for monitoring and controlling geographically distributed Dual Stack (IPv4/Ipv6) networks using a single management interface by solving the NAT traversal and firewall issues.

TNC16, Praga, 12-16/06/2016
InstituteSelected 0/4
    IIT, Istituto di informatica e telematica (40)
    ICAR, Istituto di calcolo e reti ad alte prestazioni (3)
    ISTI, Istituto di scienza e tecnologie dell'informazione "Alessandro Faedo" (1)
    ITC, Istituto per le tecnologie della costruzione (1)
Author

Gebrehiwot Abraham

TypeSelected 0/10
    Rapporto tecnico (19)
    Contributo in atti di convegno (6)
    Materiale didattico (6)
    Contributo in volume (3)
    Altro prodotto (2)
    Sito web (2)
    Articolo in rivista (1)
    Nota tecnica (1)
    Presentazione (1)
    Software (1)
Research programSelected 0/11
    DIT.AD005.020.001, Progettazione, sviluppo e monitoraggio della rete CNR di Pisa (14)
    ICT.P07.011.002, Servizi VoIP e multicast, progettazione LAN e monitoraggio reti (5)
    DIT.AD005.026.001, Relazioni Internazionali (4)
    DIT.AD006.029.005, Cybersecurity Lab - RETI (2)
    ICT.P00.002.005, Sistemi e strumenti per la gestione e lo sviluppo tecnologico del Registro del ccTLD .it (2)
    ICT.P08.017.003, Web Usability and Accessibility (2)
    INT.P02.014.001, Metodologie e tecniche ICT per l'e-health (2)
    ICT.P07.008.002, Tecnologie e sistemi wireless eterogenei interconnessi (1)
    ICT.P08.017.002, eGovernment Services (1)
    INT.P01.007.002, Servizi sicuri ed affidabili di e-government (1)
EU Funding ProgramSelected 0/0
No values ​​available
EU ProjectSelected 0/0
No values ​​available
YearSelected 0/15
    2012 (7)
    2023 (6)
    2011 (5)
    2016 (4)
    2018 (4)
    2020 (4)
    2021 (3)
    1993 (2)
    1994 (1)
    1995 (1)
LanguageSelected 0/3
    Inglese (27)
    Italiano (14)
    Francese (1)
KeywordSelected 0/130
    cybersecurity (8)
    firewall (6)
    ngfw (5)
    IPv6 (4)
    next-generation-firewall (4)
    5G (3)
    Digital Divide (3)
    Security (3)
    Access Control (2)
    IPv4 (2)
RESULTS FROM 1 TO 20 OF 42