Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Improving IP accounting for secure border routers

: Simon, K.; Schwenkler, T.; Groß, S.

Fulltext urn:nbn:de:0011-n-262846 (225 KByte PDF)
MD5 Fingerprint: 8ea78f451ca47fe327dfb629e0d0ea3b
Created on: 13.01.2005

Kaiserslautern, 2004, VII , 16 pp. : Ill., Lit.
IESE-Report, 111.04/E
Reportnr.: 111.04/E
Report, Electronic Publication
Fraunhofer IESE ()
case study; computer network management; computer network - security measure; TCP/IP (computer network protocol)

Today, security is a major issue in design and operation of computer networks. To reduce a network's vulnerability, the effort should not be restricted to a firewall as a single point of network traffic control. Only multi-layered security models can effectively protect a network. Thus, a border router with proper access control embodies the outermost security layer. Unfortunately, the rejection of potentially harmful packages can have a negative impact on traffic accounting mechanisms applied on a border router that has been secured this way. In this paper we discuss the state of the art for both access control and traffic accounting techniques. We show that one cannot solely trust current accounting mechanisms because they often suffer from inadequate accuracy and that this problem becomes even worse in secure environments with consequently applied access control. We confirm this statement with an experiment using Cisco's accounting technologies IP Accounting and NetFlow. Going on, we demand a better traffic measurement to meet the security requirements in future network operations and make a first proposal to enhance NetFlow in this direction.