Requirements for Managing Distributed Packet Filter Configurations in Carrier-grade Networks

Author

Tödtmann, Birger ; Rathgeb, Erwin P.

Author_Institution

Comput. Networking Technol. Group, Univ. of Duisburg-Essen, Duisburg

fYear

2007

fDate

May 21 2007-Yearly 25 2007

Firstpage

737

Lastpage

740

Abstract

Operators of IP-based multi-service networks have to maintain increasingly complex management architectures which need tight protection as their in-band signaling and control protocols are inherently susceptible to attacks from outsiders. Operators therefore need an efficient management of local security functions distributed among network components that enforce a coherent global network security policy. In this paper, a flexible and scalable approach for the management of distributed packet filters in IP-based multi-vendor environments is presented that allows the operator to incorporate filter capability restrictions within nodes and the trade-off between operational risk and attack risk into their management decisions.

Keywords

IP networks; filtering theory; protocols; telecommunication security; IP-based multiservice network; carrier-grade IP network; coherent global network security policy; distributed packet filter configuration; in-band signaling; Computer network management; Computer networks; Environmental management; Filters; Middleboxes; Packet switching; Protection; Resource management; Risk management; Technology management;

fLanguage

English

Publisher

ieee

Conference_Titel

Integrated Network Management, 2007. IM '07. 10th IFIP/IEEE International Symposium on

Conference_Location

Munich

Print_ISBN

1-4244-0798-2

Electronic_ISBN

1-4244-0799-0

Type

conf

DOI

10.1109/INM.2007.374701

Filename

4258592