کد مقاله | کد نشریه | سال انتشار | مقاله انگلیسی | نسخه تمام متن |
---|---|---|---|---|
453249 | 694769 | 2007 | 15 صفحه PDF | دانلود رایگان |
Packet filters have traditionally been used to shield IP networks from known attack flows, usually within firewall systems connecting trusted and non-trusted network segments. As IP networks grow and tend to connect to more and more neighbor networks with unknown trust status, carrier-grade operators in particular are beginning to experience raising costs due to increasingly complex filter configurations that have to be applied to their networks, in order to maintain a desired security level. In this paper, we discuss the general properties of distributed packet filter configurations in large networks. Additionally, an algorithm for a simplified compilation of anticipatory static packet filter configurations in heterogeneous IP networks as well as simulation results that demonstrate possible filter cost reduction is presented.
Journal: Computer Networks - Volume 51, Issue 10, 11 July 2007, Pages 2565–2579