Master's thesis and research paper
Visualization of virtual private networks in network management systems
by Florian S. Gysin
Master's Thesis ETH Lausanne, EPFL, School of Computer and Communication Sciences, 2013
We employ user centered design techniques to improve the usability of a set of tools for visualizing and configuring VPN networks at Open Systems AG. Through user and task analysis we identify user goals and tasks and uncover issues with the existing platform. This platform uses an adjacency matrix to visualize networks and we show that it does not adequately support users in their tasks. Through rapid prototyping and usability-driven design, we propose a new set of different tools, each responsible for the visualization of a certain aspect of VPN networks important to the user. The proposed designs include a geographical node-link diagram, a node-link based path inspector and a separate editor view. They are evaluated in a user study at Open Systems AG and have been shown to provide good support for users performing tasks on VPN networks. In an outlook on future work, we propose how to proceed from here on and introduce the idea of multiple coordinated views to combine the separate tools into one framework.
Highly available Virtual Machines in Global Wide Area Networks
by Lukas Frelich
Master's Thesis ETH Lausanne, EPFL, School of Computer and Communication Sciences, September 2012
Current virtualization platforms have greatly simplified the implementation of high availability. Instead of specifically designing a particular service, we can set a whole virtual machine, including all its services to be highly available. However, as those solutions require shared storage among the cluster nodes, their use is limited to fast local area networks. In this thesis we look into how these concepts could be extended to clusters, whose nodes are geographically separated and connected only through a slow network. We focus on the core problem of replacing shared storage with synchronized independent storages. To provide an efficient and fast means of synchronization, we have designed and developed SyncedFS - a FUSE file system, which logs activity on the files to speed up the synchronization. To assess the performance of SyncedFS, we compare it in different network setups to DRBD and GlusterFS, which are widely used solutions for this task. The results of our experiments show that SyncedFS performs very well in the setups with the network throughput considerably smaller than the write data transfer rate of the used storage.
Automatic Rating of VPN Links
by Guido Hungerbühler
Master's Thesis ETH Zurich, Department of Computer Engineering and Networks Laboratory, March 2012
Understanding VPN tunnel performance is crucial in helping to improve the quality of globally distributed networks. If we know the performance of every individual tunnel, we are able to spot problems and pinpoint bottlenecks in the network. We present a novel way on analyzing and visualizing the long-term performance of VPN tunnels. By using geographical clustering of VPN endpoints, we found that tunnels which connect similar regions also show performance characteristics that are alike. This makes it possible to define performance baselines with respect to specific regions.
Furthermore, it enables the detection of individual connections that constantly perform below standard. The proposed method takes advantage of globally spread networks with multiple links between distinct regions. We have developed a ready-to-use prototype which rates VPN tunnels and visualizes problems in the network.
Application-Level Network Performance Monitoring
by Manuel Stich
Master's Thesis ETH Lausanne, EPFL, School of Computer and Communication Sciences, September 2011
The end-to-end network performance, in a globally distributed company network, has an important impact on the overall performance of business critical applications. It is, therefore, of high interest to be able to continuously monitor the end-to-end network performance. This thesis proposes a distributed, passive monitoring system, capable of measuring end-to-end performance and finding out what link is responsible for how much delay.
Detection of Bad Performance in VPN Tunnels
Open PDF
Event Correlation Engine
by Andreas Müller
Master's Thesis ETH Zurich, Department of Computer Engineering and Networks Laboratory, August 2009
As modern IT systems running on distributed platforms tend to become more and more complex, the required management effort grows as well, and it is no longer economic, to manage a complete system manually. This thesis investigates the use of a correlation engine in the context of a global network offering various services, as a means to facilitate the monitoring of the network and of the individual services.
Rating Autonomous Systems
by Laurent Zimmerli
Master's Thesis ETH Zurich, Department of Computer Engineering and Networks Laboratory, August 2008
The quality of end-to-end connections over the Internet depends on the quality of the traversed Autonomous Systems. In this thesis, we developed an approach to rate Autonomous Systems by their quality. The approach is based on traceroute measurement data. Rating Autonomous Systems supports real-time Internet debugging and helps determine high quality ISPs.
Signature-based Extrusion Detection
by Cecile Luessi
Master's Thesis ETH Zurich, Department of Computer Engineering and Networks Laboratory, August 2008
An «Intrusion Detection System (IDS)» is an important component for the comprehensive protection of a company network. Unfortunately, a great number of false alarms make the application of an IDS difficult. This thesis investigates whether the outbound traffic of an infected host can be used to detect intrusion and, if so, how this can be done. Its focus lies on the distinction between attempted and successful attacks..
Security Policy Compliance at VPN Sites
by Patrik Bless
Master's Thesis ETH Lausanne, EPFL, October 2006
Computing environments continue to grow more insecure by the day. A myriad of threats of all kinds menace corporate, governmental, and even private information system infrastructures. In order to support security officers and engineers, a policy toolbox was developed for the Mission Control Security Gateway Service.
Automatic Monitoring of Internet Service Provider (ISP) Topologies
by Janneth Malibago
Master's Thesis ETH Zurich, Department of Computer Engineering and Networks Laboratory, August 2006
Manual, real-time debugging is the standard solution for solving Internet connectivity problems. In this thesis, a long-term monitoring strategy is pursued that continuously monitors Internet routing paths with traceroute. By correlating route changes and latency variations, the reason for connectivity outages, e.g., re-routing via another ISP, can be quickly determined.
Passive Measurement of Network Quality
by Dominique Giger
Project Thesis ETH Zurich, Department of Computer Engineering and Networks Laboratory, May 2006
Traditionally, network latency and packet loss statistics are gathered by doing active ping probes. The passive technique proposed in this thesis calculates these statistics by analyzing the actual VPN traffic in real-time. Tests show that this is a viable method for very accurate, non-intrusive statistics measurement.
Scan Detection Based Identification of Worm Infected Hosts
by Christoph Göldi and Roman Hiestand
Master's Thesis ETH Zurich, Department of Computer Engineering and Networks Laboratory, April 2005
The number of new worms on the Internet increases rapidly. Worm infections cause traffic overloads in office networks and congestions of Internet links which cost the industry yearly several billion dollars. An implementation of a generic worm detection algorithm has been done based on the analysis of worm scan traffic. Tests have shown that worms are detected in short time and with a very low false positive rate. The developed detection method enables affected companies to quickly react to worm infections and thus helps preventing major financial losses.
Smart Intrusion Detection
by Thomas Singer, Rolf Sigg
Master's Thesis ETH Zurich, Department of Computer Engineering and Networks Laboratory, March 2001
Intrusion detection is the art of detecting inappropriate, incorrect, or anomalous activity on computers and computer networks. Today, the majority of intrusion detection systems try to accomplish this task by acting somehow like a virus scanner. They look at captured network packets or system logs in order to find occurrences of patterns...