SciPass: a 100Gbps capable secure Science DMZ using OpenFlow and Bro
نویسندگان
چکیده
In this paper, we describe a 100Gbps capable OpenFlow based Science DMZ approach which combines adaptive IDS load balancing, dynamic traffic filtering and a novel IDS based technique to detect “good” traffic flows and forward around performance challenged institutional firewalls. Evaluation of this approach was conducted using GridFTP and Iperf3. Results indicate this is a viable approach to enhance science data transfer performance and reduce security hardware costs.
منابع مشابه
Avoiding Cyber-attacks to DMZ and Capturing Forensics from Intruders Using Honeypots
Nowadays, honeypots are widely used to divert attackers from the original target and keep them busy within a decoy environment. DeMilitarized Zone (DMZ) is an important zone for network administrators, because many of the services to the public network is provided at this zone. Many of the security tools such as firewalls, intrusion detection systems and several other secu...
متن کاملAvoiding Cyber-attacks to DMZ and Capturing Forensics from Intruders Using Honeypots
Nowadays, honeypots are widely used to divert attackers from the original target and keep them busy within a decoy environment. DeMilitarized Zone (DMZ) is an important zone for network administrators, because many of the services to the public network is provided at this zone. Many of the security tools such as firewalls, intrusion detection systems and several other secu...
متن کاملTossing Packets Over the Wall Using Transmit-Only Ethernet Cables
Solutions for transporting packets from an insecure DMZ into an organization’s internal network are described. All of the solutions attempt to prevent the establishment of two-way traffic by physically cutting the transmit wires at the receiving device on the internal network. Because alternate paths to the packet sender could exist, a user-mode packet relay on the internal network is used to a...
متن کاملThe medical science DMZ: a network design pattern for data-intensive medical science
Objective We describe a detailed solution for maintaining high-capacity, data-intensive network flows (eg, 10, 40, 100 Gbps+) in a scientific, medical context while still adhering to security and privacy laws and regulations. Materials and Methods High-end networking, packet-filter firewalls, network intrusion-detection systems. Results We describe a "Medical Science DMZ" concept as an opti...
متن کاملOpenFlow switch by OpenFlow protocol via a secure channel. OpenFlow Controller is programmable, Service Provider can
Abstract—Recently, attention is particularly focused on the research of Software defined network (SDN) for reducing network management complexity. The one of a key technology of SDN is OpenFlow. OpenFlow provide a centralized controller for network and the scalability of controller is main issue. In this paper, we propose a high-speed routing engine for improve the scalability of OpenFlow contr...
متن کامل