|
|
Advertise Contact SecurityWatch |
| Articles | Editorials | Reviews | News | InfoSec Directory | Releases | Submit PR |
|
Zero Configuration Networking Author: assassin007 Friday, 21 March 2003, 18:12 GMT Ever dreamt of a network that doesn’t require any network administrator to configure and administer the network? Yeah, it is possible. Zero configuration networking is to enable Zero configuration IP networking. The following are the common requirements to enable IP networking among the devices on a network. ->IP configuration ->Translation between IP addresses and host names ->Service discovery ->IP multicast address distribution So in order to make a zero configuration network possible, it must require the following (to satisfy the above mentioned requirements). ->IP configuration without a DHCP server ->Translation between IP addresses and host names without a DNS server ->Service discovery without a directory service ->IP multicast address distribution without the need of multicast server. ->Lastly to provide enough security to prevent the zeroconf networks from being less secure than the networks that doesn’t use ZEROCONF. But it may not be necessary for a zeroconf network to simultaneously have all the above mentioned features. For example, we can use zeroconf for name resolution on the networks that may already have DHCP running. Also one of the most important requirements of zeroconf networks is that, it should be able to interact with the existing networking protocols and Zeroconf networks protocols should minimize their impact on the existing networks and applications. Maintenance of Zeroconf networks: In traditional networks, the administrators will look after the changes that the networks undergo and change the parameters accordingly. But in zeroconf networks there will be no administrators. So the network *must* be able to configure itself according to the changes in the network. For example, the zeroconf must be able to assign IP address to the new nodes that join the network and it must be able to retain the IP address (to make them available for assigning to other) from the systems that detach from the zeroconf network. IP configuration: In IP networking, each host on the network is assigned an unique IP address for communication to happen among the hosts on the network. The IP addresses usually are manually assigned or by DHCP or PPP. But all these cases are not possible in zeroconf networks. So there must be a separate mechanism which can automatically assign dynamic IP address to the hosts on the network. This feature is already available in IPv6 (local-link IP address auto configuration). Zeroconf should suit both with the existing IPv4 and also the coming IPv6. Zeroconf IP interface configuration protocol takes care of this process. The Zeroconf IP interface configuration protocol: ->must discover if an IP address is already in use. ->must facilitate the hosts to validate IP addresses when moving to a new network. ->must be able to reclaim the allocated IP addresses ->must be able to resolve IP conflicts that might occur. ->should not immediately reuse IP addresses as soon as they become available. ->should have greater probability to assign the same IP address to a particular host should it leave or join the network. Translation between IP addresses and host names: Zeroconf doesn’t use DNS for mapping the IP addresses with host names. Host names used by Zeroconf networks are local whereas DNS names are global. Zeroconf networks use Zeroconf name resolution protocol for this purpose. Zeroconf name resolution protocol: ->It must allow host names to be mapped to IP addresses and vice-versa. ->Hosts can connect and disconnect from the network at any time. So failure of name resolution must not be taken as an indication that the host will remain invalid for any length of time. ->It should support the resolution of names on multiple IP subnets connected by a router. ->It must have a mechanism to probe whether a host name is already in use and new hosts joining the network should be ensured without a conflict with the host name already in use. ->It must allow timely re-use of hostnames. Zeroconf name resolution protocols should not immediately reuse host names as soon as they become available. ->It must resolve host name conflicts in a timely manner and on an ongoing basis. Conflict detection procedures (such as probing for the existence of a desired host name) must not prevent valid hostnames from being resolved. Security considerations: We are talking about the networks that don’t require an administrator to configure and maintain the network. But happens to the security of the network? As mentioned earlier Zeroconf protocols must not be any less secure than related current IETF-standard protocols. Zeroconf protocols are intended to operate in a local scope, in networks containing one or more IP subnets, and potentially in parallel with standard configured network protocols. Security mechanisms for zeroconf network protocols should be designed in keeping with the spirit of zeroconf, thus making it easy for the user to exchange keys, set policy, etc. It is preferable that a single security mechanism be employed that will allow simple configuration of all the various security parameters that may be required. Application: Zeroconf network uses link-local address technology. Link-local addresses are not globally unique. So Zeroconf networks are intended for use only in small networks where zero configuration (or approximately zero configuration) is necessary. With zeroconf networking it is possible to network devices as simple as plug-n-play. Zeroconf is now in its early stages of development. But if zeroconf networking is suitable for medium or large networks with enough security, it can change the world of networking with no network administrators to configure and maintain the networks. Yours, Chaitanya (aka assassin007) References: 1) The Internet Protocol Journal, Volume 5, number 4 2) Requirements for Automatic Configuration of IP Hosts draft-ietf-zeroconf-reqts-12.txt 3) Zeroconf charter (http://www.ietf.org/html.charters/zeroconf-charter.html) Zeroconf Mailing list: General Discussion: To Subscribe: In Body: subscribe zeroconf your_email_address Archive: http://www.merit.edu/mail.archives/zeroconf/ |
Tuesday, August 16, 2005 Network Security
GFI MailArchiver for Exchange - Easily archive Exchange Server mail & comply with Sarbanes Oxley - Free evaluation available. Network Security Software - Sponsored by GFI Network Security. Check your website security with Acunetix Web Vulnerability Scanner. Audit your web applications for SQL injection, cross site scripting & more. Download trial! Wireless Security
Press Releases
|
| Copyright © 2000 - 2005 eBCVG IT Security | Affiliates :: RSS feeds :: Privacy |