lancom language for network configuration and management chitra s agastya (csa2111@columbia.edu)...

Download LANCOM LAnguage for Network COnfiguration and Management Chitra S Agastya (csa2111@columbia.edu) Nipun Arora (na2271@columbia.edu) Sambuddho Chakravarty

Post on 13-Dec-2015

215 views

Category:

Documents

3 download

Embed Size (px)

TRANSCRIPT

  • Slide 1

LANCOM LAnguage for Network COnfiguration and Management Chitra S Agastya (csa2111@columbia.edu) Nipun Arora (na2271@columbia.edu) Sambuddho Chakravarty (sc2516@columbia.edu) Milind Nimesh (mn2353@columbia.edu) Ashish Singh Tomar (ast2124@columbia.edu) Slide 2 Meet the System Administrator Implement security / access policies on various of routers and firewalls Proficient in esoteric configuration languages Configure complex security strategies using low level firewall rules Slide 3 The End Result. Affects scalability of the network No reusability of code Conflicts arise due to use of different router configuration languages in the same network Misconfigurations are source of most network vulnerabilities Slide 4 The Business Angle Security managers need a single place to look for the corporate policies on who gets in and who doesnt -Forrester report Slide 5 The Solution: LANCOM An out of the box solution to configure routers in a network, manufactured by different vendors Device Independent Configuration Language Domain Specific User Focus: Network Administrator Slide 6 LEXER PARSER SYNTAX DIRECTED TRANSLATION CONFIGURATION ACTIONS SYMBOL TABLE COMMAND CLASSES ROUTING/ FIREWALLING COMMANDS FOR LINUX TRANSLATOR ARCHITECTURE OF LANCOM INPUT SOURCE PROGRAM OUTPUT CONFIG. FILE ROUTING/ FIREWALLING COMMANDS FOR FREE BSD LANCOM COMPILER Slide 7 Programming Constructs Host Host Group Topology Route Slide 8 Program Structure prog Declarative Statements Assignment Statements Configuration Statements endprog policy_type_t pol; pol = inbound deny tcp dst 1.1.1.1 netmask 255.255.255.0 8088; apply policy pol; Slide 9 Separation of Network Topology and Security Policy Description prog ipaddr_t ip1,ip2; ip1=1.1.1.1; ip2=4.4.4.4; policy_type_t p1; p1= inbound deny tcp src 2.2.2.2 netmask 255.255.255.0 all; role_type_t r1; r1=role { p1, outbound deny dst ip2 netmask 255.255.255.255 all}; host_type_t h1; h1=ip_addr 6.6.6.6 netmask 255.255.255.0; host_group_type_t hg1; hg1=host_group {h1, ip_addr 5.5.5.5 netmask 255.255.255.0}; topology_type_t t1; t1=hg1 r1; apply topology t1; endprog POLICY ROLE HOST HOST GROUP TOPOLOGY Slide 10 FreeBSD (IPFW) Linux (IPTABLES ) Webserver Test-Bed to Test Basic Firewall Policy Description Using LANCOM Test-Bed Designed and Implemented on deterlab Slide 11 Device Independent Configuration prog policy_type_t p; p=inbound deny tcp dst 10.3.0.6 netmask 255.255.255.0 8088; apply policy p; endprog Linux (iptables) /sbin/iptables -I FORWARD -p tcp -d 10.3.0.6/255.255.255.0 - s 0.0.0.0/0.0.0.0 --destination-port 8088 -j DROP FreeBSD(ipfw) /sbin/ipfw add deny tcp from 0.0.0.0:0.0.0.0 to 10.3.0.6:255.255.255.0 8088 Slide 12 Tools Used Slide 13 What we learned AntlrWorks an easy to use GUI interface for writing your own language Networking Concepts Team Work Not all team members were conversant with networking Slide 14 THANK YOU!!