{"title":"一种保护基于mpoa的企业网络的防火墙方案","authors":"Jun Xu, M. Singhal","doi":"10.1109/HASE.1998.731613","DOIUrl":null,"url":null,"abstract":"A well-known security problem with MPOA is that cut-through connections generally bypass firewall routers if there are any. None of the previously proposed approaches solved the problem properly. We propose a novel firewalling scheme for MPOA that nicely fixes the security hole. Our firewalling scheme has three outstanding advantages that make it ideal for securing MPOA-based enterprise networks. First, based on our novel concept of logical chokepoints, our firewalling scheme does not require the existence of physical chokepoints inside the network. Second, the scheme is nicely embedded into the MPOA protocol so that its cost, performance overhead, and protocol complexity are reduced to a minimum. Third, the scheme is centrally administrated so that it scales well to very large networks.","PeriodicalId":340424,"journal":{"name":"Proceedings Third IEEE International High-Assurance Systems Engineering Symposium (Cat. No.98EX231)","volume":"23 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1998-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A firewalling scheme for securing MPOA-based enterprise networks\",\"authors\":\"Jun Xu, M. Singhal\",\"doi\":\"10.1109/HASE.1998.731613\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"A well-known security problem with MPOA is that cut-through connections generally bypass firewall routers if there are any. None of the previously proposed approaches solved the problem properly. We propose a novel firewalling scheme for MPOA that nicely fixes the security hole. Our firewalling scheme has three outstanding advantages that make it ideal for securing MPOA-based enterprise networks. First, based on our novel concept of logical chokepoints, our firewalling scheme does not require the existence of physical chokepoints inside the network. Second, the scheme is nicely embedded into the MPOA protocol so that its cost, performance overhead, and protocol complexity are reduced to a minimum. Third, the scheme is centrally administrated so that it scales well to very large networks.\",\"PeriodicalId\":340424,\"journal\":{\"name\":\"Proceedings Third IEEE International High-Assurance Systems Engineering Symposium (Cat. No.98EX231)\",\"volume\":\"23 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1998-11-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings Third IEEE International High-Assurance Systems Engineering Symposium (Cat. No.98EX231)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/HASE.1998.731613\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings Third IEEE International High-Assurance Systems Engineering Symposium (Cat. No.98EX231)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/HASE.1998.731613","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A firewalling scheme for securing MPOA-based enterprise networks
A well-known security problem with MPOA is that cut-through connections generally bypass firewall routers if there are any. None of the previously proposed approaches solved the problem properly. We propose a novel firewalling scheme for MPOA that nicely fixes the security hole. Our firewalling scheme has three outstanding advantages that make it ideal for securing MPOA-based enterprise networks. First, based on our novel concept of logical chokepoints, our firewalling scheme does not require the existence of physical chokepoints inside the network. Second, the scheme is nicely embedded into the MPOA protocol so that its cost, performance overhead, and protocol complexity are reduced to a minimum. Third, the scheme is centrally administrated so that it scales well to very large networks.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
