![Page 1: LANCOM LA nguage for N etwork CO nfiguration and M anagement](https://reader036.vdocument.in/reader036/viewer/2022070405/56813ce5550346895da68ed6/html5/thumbnails/1.jpg)
LANCOMLAnguage for Network COnfiguration
and Management
Chitra S Agastya ([email protected])Nipun Arora ([email protected])
Sambuddho Chakravarty ([email protected])Milind Nimesh ([email protected])
Ashish Singh Tomar ([email protected])
![Page 2: LANCOM LA nguage for N etwork CO nfiguration and M anagement](https://reader036.vdocument.in/reader036/viewer/2022070405/56813ce5550346895da68ed6/html5/thumbnails/2.jpg)
Meet the System Administrator
Implement security / access policies on various of routers and firewalls
Proficient in esoteric configuration languages
Configure complex security strategies using low level firewall rules
![Page 3: LANCOM LA nguage for N etwork CO nfiguration and M anagement](https://reader036.vdocument.in/reader036/viewer/2022070405/56813ce5550346895da68ed6/html5/thumbnails/3.jpg)
The End Result….
Affects scalability of the network
No reusability of code
Conflicts arise due to use of different router configuration languages in the same network
“Misconfigurations are source of most network vulnerabilities”
![Page 4: LANCOM LA nguage for N etwork CO nfiguration and M anagement](https://reader036.vdocument.in/reader036/viewer/2022070405/56813ce5550346895da68ed6/html5/thumbnails/4.jpg)
The Business Angle…
“Security managers need a single place to look for the corporate policies on who gets in and who doesn’t”
-Forrester report
![Page 5: LANCOM LA nguage for N etwork CO nfiguration and M anagement](https://reader036.vdocument.in/reader036/viewer/2022070405/56813ce5550346895da68ed6/html5/thumbnails/5.jpg)
The Solution: LANCOM
An out of the box solution to configure routers in a network, manufactured by different vendors
Device Independent Configuration Language
Domain Specific
User Focus: Network Administrator
![Page 6: LANCOM LA nguage for N etwork CO nfiguration and M anagement](https://reader036.vdocument.in/reader036/viewer/2022070405/56813ce5550346895da68ed6/html5/thumbnails/6.jpg)
LEXER
PARSER
SYNTAX DIRECTED
TRANSLATION
CONFIGURATION ACTIONS
SYMBOL TABLE
COMMAND CLASSES
ROUTING/ FIREWALLING
COMMANDS FOR LINUX
TRANSLATOR ARCHITECTURE OF LANCOM
INPUT SOURCE
PROGRAM
OUTPUT CONFIG.
FILE
ROUTING/ FIREWALLING
COMMANDS FOR FREE BSD
LANCOM COMPILER
![Page 7: LANCOM LA nguage for N etwork CO nfiguration and M anagement](https://reader036.vdocument.in/reader036/viewer/2022070405/56813ce5550346895da68ed6/html5/thumbnails/7.jpg)
Programming Constructs Host
Host Group
Topology
Route
![Page 8: LANCOM LA nguage for N etwork CO nfiguration and M anagement](https://reader036.vdocument.in/reader036/viewer/2022070405/56813ce5550346895da68ed6/html5/thumbnails/8.jpg)
Program Structure
prog
Declarative Statements
Assignment Statements
Configuration Statements
endprog
policy_type_t pol;
pol = inbound deny tcp dst 1.1.1.1 netmask 255.255.255.0 8088;
apply policy pol;
![Page 9: LANCOM LA nguage for N etwork CO nfiguration and M anagement](https://reader036.vdocument.in/reader036/viewer/2022070405/56813ce5550346895da68ed6/html5/thumbnails/9.jpg)
Separation of Network Topology and Security Policy Description
prog
ipaddr_t ip1,ip2;
ip1=1.1.1.1;
ip2=4.4.4.4;
policy_type_t p1;
p1= inbound deny tcp src 2.2.2.2
netmask 255.255.255.0 all;
role_type_t r1;
r1=role { p1, outbound deny dst ip2 netmask 255.255.255.255 all};
host_type_t h1;
h1=ip_addr 6.6.6.6 netmask 255.255.255.0;
host_group_type_t hg1;
hg1=host_group {h1, ip_addr 5.5.5.5 netmask 255.255.255.0};
topology_type_t t1;
t1=hg1 r1;
apply topology t1;
endprog
POLICY
ROLE
HOST
HOST GROUP
TOPOLOGY
![Page 10: LANCOM LA nguage for N etwork CO nfiguration and M anagement](https://reader036.vdocument.in/reader036/viewer/2022070405/56813ce5550346895da68ed6/html5/thumbnails/10.jpg)
FreeBSD (IPFW)
Linux (IPTABLES)
Webserver
Webserver
Test-Bed to Test Basic FirewallPolicy Description Using
LANCOM
Test-Bed Designed and Implemented on deterlab
![Page 11: LANCOM LA nguage for N etwork CO nfiguration and M anagement](https://reader036.vdocument.in/reader036/viewer/2022070405/56813ce5550346895da68ed6/html5/thumbnails/11.jpg)
Device Independent Configuration
prog
policy_type_t p;
p=inbound deny tcp dst 10.3.0.6 netmask 255.255.255.0 8088;
apply policy p;
endprog
Linux (iptables)
/sbin/iptables -I FORWARD -p tcp -d 10.3.0.6/255.255.255.0 -s 0.0.0.0/0.0.0.0 --destination-port 8088 -j DROP
FreeBSD(ipfw)
/sbin/ipfw add deny tcp from 0.0.0.0:0.0.0.0 to 10.3.0.6:255.255.255.0 8088
![Page 12: LANCOM LA nguage for N etwork CO nfiguration and M anagement](https://reader036.vdocument.in/reader036/viewer/2022070405/56813ce5550346895da68ed6/html5/thumbnails/12.jpg)
Tools Used
![Page 13: LANCOM LA nguage for N etwork CO nfiguration and M anagement](https://reader036.vdocument.in/reader036/viewer/2022070405/56813ce5550346895da68ed6/html5/thumbnails/13.jpg)
What we learned
AntlrWorks – an easy to use GUI interface for writing your own language
Networking Concepts
Team Work
Not all team members were conversant with networking
![Page 14: LANCOM LA nguage for N etwork CO nfiguration and M anagement](https://reader036.vdocument.in/reader036/viewer/2022070405/56813ce5550346895da68ed6/html5/thumbnails/14.jpg)
THANK YOU!!