Title :
Requirements for Managing Distributed Packet Filter Configurations in Carrier-grade Networks
Author :
Tödtmann, Birger ; Rathgeb, Erwin P.
Author_Institution :
Comput. Networking Technol. Group, Univ. of Duisburg-Essen, Duisburg
fDate :
May 21 2007-Yearly 25 2007
Abstract :
Operators of IP-based multi-service networks have to maintain increasingly complex management architectures which need tight protection as their in-band signaling and control protocols are inherently susceptible to attacks from outsiders. Operators therefore need an efficient management of local security functions distributed among network components that enforce a coherent global network security policy. In this paper, a flexible and scalable approach for the management of distributed packet filters in IP-based multi-vendor environments is presented that allows the operator to incorporate filter capability restrictions within nodes and the trade-off between operational risk and attack risk into their management decisions.
Keywords :
IP networks; filtering theory; protocols; telecommunication security; IP-based multiservice network; carrier-grade IP network; coherent global network security policy; distributed packet filter configuration; in-band signaling; Computer network management; Computer networks; Environmental management; Filters; Middleboxes; Packet switching; Protection; Resource management; Risk management; Technology management;
Conference_Titel :
Integrated Network Management, 2007. IM '07. 10th IFIP/IEEE International Symposium on
Conference_Location :
Munich
Print_ISBN :
1-4244-0798-2
Electronic_ISBN :
1-4244-0799-0
DOI :
10.1109/INM.2007.374701
