Network Iron Curtain: Hide Enterprise Networks with OpenFlow
نویسندگان
چکیده
In this paper, we propose a new network architecture, Network Iron Curtain that can handle network scanning attacks automatically. Network Iron Curtain does not require additional devices or complicated configurations when it detects scanning attack, and it can confuse scanning attackers by providing fake scanning results. When an attacker sends a scanning packet to a host in Network Iron Curtain, Network Iron Curtain detects this trial and redirects this packet to a honeynet, which is installed with Network Iron Curtain. The honeynet will respond to this scanning packet based on the predefined policy instead of the original target host. Therefore, the attacker will have fake information (i.e., false open port information). We implement a prototype system to verify the proposed architecture, and we show an example case of detecting network scanning.
منابع مشابه
Authentication, Authorization and Mobility in Openflow-enabled Enterprise Wireless Networks
Large-scale 802.11 wireless networks may benefit from Openflow deployment on its Access Points and other forwarding devices combined with centralized management of data flows on an Openflow controller. The reason is that services such as authentication or routing can be provided in an easier way and more efficiently when operating on a full view of the network rather than dealing with distribut...
متن کاملLeveraging SDN and OpenFlow to Mitigate Interference in Enterprise WLAN
Today's enterprise WLAN is facing challenges as the rapid growth of user scale and traffic load. Users often experience slow or even intermittent connection in crowded area. This is mainly due to the interference among denselydeployed access points (APs). In this paper, we took advantages of the emerging idea of SDN and OpenFlow technology to mitigate interference in enterprise WLAN. Specifical...
متن کاملTowards an Open Data Center with an Interoperable Network: Enterprise Networking using Open Industry Standards
Recently there has been an increased focus on transforming data center networks to meet the requirements of next generation, highly virtualized data centers. This paper describes a network architecture based on open industry standards which addresses many of the concerns facing traditional Ethernet, storage, and wide area networks. Various aspects of this architecture will be discussed, includi...
متن کاملAuthFlow: authentication and access control mechanism for software defined networking
Software Defined Networks are being widely adopted by enterprise networks. Providing security features in these next generation networks, however, is a challenge. In this paper, we present the main security threats in Software Defined Networks and we propose AuthFlow, an authentication and access control mechanism based on host credentials. The main contributions of the proposed mechanism are t...
متن کاملNetwork Virtualization Technology to Support Cloud Services
Recently, server virtualization technology, which is one of the key technologies to support cloud computing, has been making progress and gaining in maturity, resulting in an increase in the provision of cloudbased services and the integration of servers in enterprise networks. However, the progress in network virtualization technology, which is needed for the efficient and effective constructi...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2013