Fraunhofer-Gesellschaft

Publica

Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Improving IP accounting for secure border routers

 
: Simon, K.; Schwenkler, T.; Groß, S.

Hamza, M.H. ; International Association of Science and Technology for Development -IASTED-:
Third IASTED international conference on communications, internet and information technology 2004. Proceedings : November 22-24, 2004, St. Thomas US Virgin Islands
Anaheim: ACTA Press, 2004
ISBN: 0-88986-447-0
ISBN: 0-88986-445-4
6 pp. : Ill., Lit.
International Conference on Communications, Internet and Information Technology (CIIT) <3, 2004, Saint Thomas>
English
Conference Paper
Fraunhofer IESE ()
computer network management; case study; computer network - security measure; TCP/IP (computer network protocol)

Abstract
Today, security is a major issue in design and operation of computer networks. To reduce a network's vulnerability, the effort should not be restricted to a firewall as a single point of network traffic control. Only multi-layered se curity models can effectively protect a network. Thus, a border router with proper access control embodies the out ermost security layer. Unfortunately, the rejection of po tentially harmful packages can have a negative impact on traffic accounting mechanisms applied on a border router that has been secured this way. In this paper we discuss the state of the art for both access control and traffic ac counting techniques. We show that one cannot solely trust current accounting mechanisms because they often suffer from inadequate accuracy and that this problem becomes even worse in secure environments with consequently ap plied access control. We confirm this statement with an experiment using Cisco's accounting technologies IP Ac counting and NetFlow. Going on, we demand a better traf fic measurement to meet the security requirements in future network operations and make a first proposal to enhance NetFlow in this direction.

: http://publica.fraunhofer.de/documents/N-29485.html