Monday, September 7, 2015

QoS (Quality of Service) technique

  • Traffic policing propagates bursts. When the traffic rate reaches the configured maximum rate, excess traffic is dropped (or remarked). The result is an output rate that appears as a saw-tooth with crests and troughs. In contrast to policing, traffic shaping retains excess packets in a queue and then schedules the excess for later transmission over increments of time. The result of traffic shaping is a smoothed packet output rate.
http://www.cisco.com/c/en/us/support/docs/quality-of-service-qos/qos-policing/19645-policevsshape.html

  • Shaping is a QoS (Quality of Service) technique that we can use to enforce lower bitrates than what the physical interface is capable of. Most ISPs will use shaping or policing  to enforce “traffic contracts” with their customers.
https://networklessons.com/quality-of-service/qos-traffic-shaping-explained/

  • A broadband remote access server (BRAS, B-RAS or BBRAS) routes traffic to and from broadband remote access devices

such as digital subscriber line access multiplexers (DSLAM) on an Internet service provider's (ISP) network.
BRAS can also be referred to as a Broadband Network Gateway (BNG)
The BRAS sits at the edge of an ISP's core network, and aggregates user sessions from the access network. It is at the BRAS that an ISP can inject policy management and IP Quality of Service (QoS).
https://en.wikipedia.org/wiki/Broadband_remote_access_server


  • What is Traffic Shaping?


Traffic shaping (also known as packet shaping) is bandwidth management technique that delays the flow of certain types of network packets in order to ensure network performance for higher priority applications. Traffic shaping essentially limits the amount of bandwidth that can be consumed by certain types of applications. It is primarily used to ensure a high quality of service for business-related network traffic.

The most common type of traffic shaping is application-based traffic shaping. Fingerprinting tools are first used to identify the application associated with a data packet. Based on this, specific traffic shaping policies are applied. For example, you might want to use application-based traffic-shaping to throttle peer-to-peer file sharing, while giving maximum bandwidth to a business-critical application such as Voice-over-IP (VoIP), which is especially sensitive to latency.

Many application protocols use encryption to circumvent application-based traffic shaping. To prevent applications from bypassing traffic shaping policies, route-based traffic shaping can be used. Route-based traffic shaping applies packet regulation policies based on the source and intended destination of the previous address a packet.

Limited network resources make bandwidth prioritization a necessity. Traffic shaping is the one of the most important techniques to ensure a high quality of service for business applications and data. It is an essential requirement for a network firewall.

https://www.barracuda.com/glossary/traffic-shaping


  • Traffic shaping, also known as packet shaping, is a type of network bandwidth management for the manipulation and prioritization of network traffic to reduce the impact of heavy use cases from effecting other users. Traffic shaping identifies and classifies traffic streams by priority. High-priority traffic is forwarded immediately, and lower-priority traffic is rate-limited using various methods.


Traffic shaping techniques are core components of most network architectures. The benefits of traffic shaping include converging network technologies into a common network architecture and guaranteeing performance requirements for critical application traffic.

Quality of Service (QoS) is a specific implementation of network traffic shaping.


Data Center LAN Networks
Data Center LAN Networks include traffic categories including:

High-Priority â“ Low-Latency and Guaranteed Packet Delivery
Network traffic to network storage and for database transactions require low-latency network performance with high reliability. These network applications are highly sensitive to network performance and do not tolerate dropped packets well.
Storage Systems
Database Systems

Medium-Priority â“ Uninterrupted traffic
User access to business applications are business critical, but do not have the performance and reliability requirements as Storage and Database systems. This class of traffic must be prioritized to provide a good user experience.
User access to Applications
IP Telephony

Low-Priority â“ Best effort, use bandwidth not otherwise consumed
Bulk data transfers will completely consume the bandwidth of a network. If the network bandwidth is not prioritized with Traffic Shaping technologies, critical systems suffer. This traffic class should be configured to only consume traffic unused by other traffic classes.
Large file copies
Data backups
Peer-to-Peer applications
https://www.a10networks.com/blog/traffic-shaping/

  • During penetration testing, the main objective of the auditor is to exploit and gain access. For that to happen, it is required to have some information about the system/network being exploited, and to know the operating system running on the system (to be exploited). Also, from the network security point of view, it is required, and at the same time challenging, to know and understand the threats and protect against them. OS fingerprinting is the name given to the technique of detecting the operating system of the system/machine.

OS Fingerprinting can be broadly classified into two types:

Active Fingerprinting
Active OS fingerprinting is based on the fact that every OS has its own unique TCP/IP stack features. Every OS responds in a different manner to a variety of malformed packets. To perform such fingerprinting, all one has to have is a signature database of responses of different operating systems for different queries (packets). The next step is to send different packets to the target and compare the responses with the database, and then it will determine the underlying operating system. Same approach is followed by Nmap, one of the most widely used port scanning and OS fingerprinting tools.
Active fingerprinting is utilized most of the time during a penetration test as it is more certain in its outcomes, but it also generates traffic which might trigger an IDS/IPS running on the machine being fingerprinted.If we need to maintain stealth, this technique is not a good option as the traffic generated will leave traces in the log of the system.

Passive Fingerprinting
also maintains a database for the purpose of identification, but unlike the active technique, it does not generate any traffic.
It simply sits and sniffs the packets sent by the remote system and based on the unique signature of the operating system in the packet, it determines the OS. Simply by analyzing the data being sent by the remote host during the typical communication, the underlying OS can be detected. As no new packets are generated and sent to the target machine, it won’t trigger any security measures put in place by the owner, and hence, is more stealth.

https://resources.infosecinstitute.com/passive-fingerprinting-os/#gref
Taxonomy of OS fingerprinting tools 

  • Active Fingerprinting

Active fingerpringinting uses active techniques to identify the role of a server
    Xmas attack. This is a specific type of scan that sends specailly crafted packets to a system. By analyzing the return packets, the scanner can determine the operating system of the target.
    Port scanning. A port scanner sends queries on specific ports. If the server answers a query on a port, it indicates it is listening on this port. For example, if a system answers a query on port 25, it indicates it is running SMTP and is likely an email server. Additional queries can be sent to the system to verify it is an email server.
Passive Fingerprinting
Passive fingerprinting uses a sniffer (such as Wireshark) to capture traffic sent from a system.  It analyzes this traffic to determine what the server is doing. A key point is that passive fingerprinting does not send any traffic to the target system but instead just collects the traffic. With this in mind, passive fingerprinting cannot be done from remote attackers. It can only be done with a sniffer installed in the network
https://blogs.getcertifiedgetahead.com/active-fingerprinting-passive-fingerprinting/

No comments:

Post a Comment