Abstract :
Currently on the Internet, a network site is often secured by a firewall, filtering bogus traffic from outside at the border of the network site. This ’Border Defence Model’, however, obstructs the deployment of IPv6 applications and services, because the firewall negates the benefits of IPv6, such as end-to-end communication and IPsec. To solve this problem, the ’Quarantine Model’ is proposed. In this model, network nodes are accommodated to separate network segments according to their security levels, and a different security policy is implemented on each network segment. This ’divide and conquer’ framework provides more flexible and better network security for the Quarantine Model. This paper discusses how to conduct dynamic network separation, which is mandatory to the Quarantine Model, and analyzes the pros and cons of separation methods.
