China
Africa
Explore chapters and articles related to this topic
Site Interconnection
Published in Cheng Sheng, Jie Bai, Qi Sun, Software-Defined Wide Area Network Architectures and Technologies, 2021
First, we will look at the concepts of NAT mapping and filtering in STUN. NAT mapping refers to the process in which the NAT device maps the IP addresses of a group of hosts on a private network to the same public IP address so that the specific group of hosts can share a unique public IP address. In this way, all different information flows appear to come from the same IP address. NAT mapping can be achieved in the following ways: Address- and port-independent NAT mapping: A private IP address and its corresponding port are mapped to a fixed public IP address and port. In this mode, the NAT device uses the same mapping for subsequent packets that are sent from the same private IP address and port to any public IP address and port.Address-dependent NAT mapping: The NAT device uses the same mapping for packets that are sent from the same private IP address and port to the same public IP address corresponding to any port.Address- and port-dependent NAT mapping: The NAT device uses the same mapping for packets that are sent from the same private IP address and port to the same public IP address and port.
Artificial Intelligence for Cybersecurity
Published in Mazin Gilbert, Artificial Intelligence for Autonomous Networks, 2018
Anestis Karasaridis, Brian Rexroad, Pat Velardo
Also, blocking an Internet-facing IP address based on an assessment that a source of traffic could be malicious is risky, as the source may be a Network Address Translation (NAT) gateway in front of many different users and devices. A NAT gateway allows many devices on the LAN side of the gateway to share a single IP address on the Internet side of the gateway. To minimize risk of accidentally blocking sources of traffic, one approach is to serve all traffic but dedicate different pools of resources to different risk classes of traffic demand (benign, attack, or unknown). Figure 10.12 shows an example where ML algorithms combined with a software controller can adjust the service demand originating from different gateways to different pools of server clusters, thus allowing well-behaving gateways (and all their clients behind them) to access dedicated resources.
Customer Premises Networks
Published in Goff Hill, The Cable and Telecommunications Professionals' Reference, 2012
Firewalls are one of the most important defenses that a company or individual can have against malicious hackers and other attackers from outside. These prevent unwanted (and potentially unsafe) communication from taking place across the firewall. Other security techniques, such as encryption, also exist. Network Address Translation (NAT) provides a user with many IP addresses while only using up one IP address on the outside Internet. It is a quick and inelegant fix to the shortage of IP addresses, and this problem will only be resolved fully by the introduction of IPv6.
Human teleoperation - a haptically enabled mixed reality system for teleultrasound
Published in Human–Computer Interaction, 2023
David Black, Yas Oloumi Yazdi, Amir Hossein Hadi Hosseinabadi, Septimiu Salcudean
Though the results are promising, the implemented system also has certain limitations, which are discussed here. First, the tele-ultrasound system was implemented on local networks to allow rapid prototyping and development. However, to be truly useful in the real world, it would have to be expanded to run on external networks. With the advent of 5 G, the required bandwidths outlined in Table 2 can easily be supported. Current work is porting the communication system to WebRTC, which can support secure teleoperation over the Internet, through almost any firewall and router NAT (Network Address Translation). This is enabled by the Interactive Connectivity Establishment (ICE) protocol. Though the Internet adds some latency over local networks, WebRTC is a peer-to-peer, UDP-based architecture which is inherently faster than the system used in the presented prototype. We therefore expect the latency to continue to be limited by the human response time rather than the communication delays, so the tests and discussion about control architectures presented here would still be equally applicable. This improvement to the system is now discussed in Black and Salcudean (2022).
Virtualised Environment for Learning SDN-based Networking
Published in IETE Journal of Education, 2020
Oscar Polanco, Fabio G. Guerrero
The principle proposed by SDN for the control plane has been identified by the ITU as an important concept to be extended to user and management planes. This concept, which is called “softwarization,” is a part of the requirements identified for IMT-2020 systems (International Mobile Telecommunications) by study group 13 [5]. Network functions virtualisation (NFV),[6] decouples network functions such as routing, firewall, intrusion detection, and NAT (Network Address Translation) from proprietary hardware platforms, and implements them in software. It uses standard virtualisation technologies that run on high-performance common hardware (non-proprietary) to virtualise network functions. NFV is applicable to any processing in the data plane or to any function in the control plane, in both wired and wireless network infrastructures. NFV has several features in common with SDN because they share the following objectives: moving functions to a software, using common hardware platforms instead of proprietary platforms, using APIs, and more efficiently supporting the implementation of network functions. In addition, SDN and NFV are independent but complementary schemes. In order to make a clear distinction between SDN and NFV, it should be noted that SDN decouples data and control planes, making the control and routing of network traffic more flexible and efficient. In contrast, NFV decouples the network functions from the specific hardware platforms through virtualisation, and provides these functions by using generic hardware platforms.
Reachability Matrix Ontology: A Cybersecurity Ontology
Published in Applied Artificial Intelligence, 2019
Noemi Scarpato, Nicole Dalia Cilia, Marco Romano
A NATRule (Network Address Translation Rule) is completely described by the following series of triples: [URI of the rule] DACPruleID [datatype][URI] registeredAt [node – object] (links a NAT Rule to the device that executes it)[URI] allowsNode [node – object] (indicates the set of nodes matching the Destination value for this rule in the DACP input, which will be reachable if the rule is passed)[URI] allowsIPProtocol [string representing the IPProtocol (TCP or UDP) allowed by this rule – datatype][URI] allowsPortNumber [integer (0–65535) representing the port numbers allowed by this rule – datatype][URI] appliesTo [IP interface – object] (indicates the set of IP interfaces matching the Source value for this rule in the DACP input, for which the rule shall be fired).