Dr.-Ing. Mathias Fischer; Prof. Dr. Max Mühlhäuser
The lecture resilient networks provides an overview on the basics of secure networks as well as on current threats and respective countermeasures. The current state-of-the-art in the research towards resilient networks is introduced. Resilience-enhancing techniques can be generally classified in proactive and reactive methods. Proactive techniques are redundancy and compartmentalization. Redundancy allows to tolerate attacks to a certain extent, while compartmentalization attempts to restrict the attack locally and preventing its expansion across the whole system. Reactive techniques follow a three step approach by comprising the phases of detecting an attack, mitigate its impacts, and finally restore a system's usual operation.
Based upon this categorisation of resilience strategies the lecture will give an excursus to graph theorie and will introduce generic strategies to increase the resilience of networks, e.g., proactively establishing backup routes and fast restoration strategies. Furthermore, the lecture will provide an overview on BGP routing and the Domain Name Service, as two essential Internet services. Both services are presented and current attacks as well as corresponding countermeasures are described. Moreover, Denial of Service attacks and their mitigation are observed in detail as well as mechanism for increasing the resilience of P2P networks. Finally, Intrusion Detection systems are covered as mechanisms to mitigate the impacts of successful attacks.
- [Sch03a] G. Schäfer. Netzsicherheit – Algorithmische Grundlagen und Protokolle, dpunkt.verlag, 435 pages, February 2003
- [Pio04] Michal Pioro and Deepankar Medhi – Routing, Flow, and Capacity Design in Communication and Computer Networks, The Morgan Kaufmann Series in Networking, 800 pages, 2004
- [BraErl05] Network Analysis: Methodological Foundations, Springer: Lecture Notes in Computer Science / Theoretical Computer Science and General Issues, 484 pages,2005