Design and Implementation of Proactive Firewall System in Cooperation with DNS and SDN
-
- Tomokazu Otsuka
- Okayama Univ.
-
- Nariyoshi Yamai
- Tokyo Univ. of Agri. and Tech.
-
- Kiyohiko Okayama
- Okayama Univ.
-
- Yong Jin
- Tokyo Inst. of Tech.
-
- Hiroya Ikarashi
- Tokyo Univ. of Agri. and Tech.
-
- Naoya Kitagawa
- Tokyo Univ. of Agri. and Tech.
抄録
Recently, unauthorized accesses from the external networks to the internal hosts are sharply increasing. Although many firewall appliances are widely utilized as one of the countermeasures, its throughput is not high enough especially when it performs deep packet inspection. In order to solve this problem, we propose a proactive firewall system which consists of two or more firewall appliances with Software Defined Network (SDN) adaptively choosing a proper one for each communication flow based on, for example, whether its peer is trusted or not. To obtain the peer IP address in advance, the system introduces EDNS Client Subnet option of DNS. According to the performance evaluation results on the prototype system, we confirmed that the prototype system could separate flows of trusted hosts from other flows effectively.
収録刊行物
-
- IEICE Proceeding Series
-
IEICE Proceeding Series 61 25-28, 2016-07-10
The Institute of Electronics, Information and Communication Engineers
- Tweet
キーワード
詳細情報 詳細情報について
-
- CRID
- 1390286981361468032
-
- NII論文ID
- 230000012186
-
- ISSN
- 21885079
-
- 本文言語コード
- en
-
- データソース種別
-
- JaLC
- CiNii Articles
- KAKEN
-
- 抄録ライセンスフラグ
- 使用不可