Advanced Security Management in Metro Ethernet Networks
Ammar Rayes
Cisco Systems, San Jose, CA 95134, U.S.A.
Abstract
With the rapid increase in bandwidth and the introduction of advanced IP services including voice, high-speed internet access, and video/IPTV, consumers are more vulnerable to malicious users than ever. In recent years, roviding safe and sound networks and services have been the zenith priority for service providers and network carriers alike. Users are hesitant to subscribe to new services unless service providers guarantee secure connections. More importantly, government agencies of many countries have introduced legislations requiring service providers to keep track and records of owners of IP and MAC addresses at all time. In this paper, we first present an overview of Metro Ethernet (or Ethernet-To-The-Home/Business (ETTx)) and compare with various IP broadband access technologies including DSL, wireless and cable. We then outline major security concerns for Metro Ethernet networks including network and subscriber/end user security. Next we introduce state-of-the-art algorithms to prevent attackers from stealing any IP or MAC addresses. Our proposal is to use network management in conjunction with hardware features for security management to provide a secure and spoofing-free ETTx network. The key idea behind our proposal is to utilize network management to enforce strict (port, MAC, IP) binding in the access network to provide subscriber security. The paper then proposes an adaptive policy-based security controller to quickly identify suspected malicious users, temporarily isolate them without disconnecting them from the network or validating their contracts, and then carry the required analysis. The proposed controller identifies malicious users without compromising between accurate but lengthy traffic analysis and premature decision. It also provides the ability to make granular corrective actions that are adaptive to any defined network condition.
Keywords:
Internet Security, Network Management, Network Security Management
Original Source Link : http://airccse.org/journal/nsa/1010s6.pdf
No comments:
Post a Comment