Dynamic Network Separation for IPv6 Network Security Enhancement

Trento, Italy January 31-February 04

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/SAINTW.2005.59

2005 Symposium on Applications and th ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Shinsuke Suzuki Articles by Satoshi Kondo

	ASCII Text	x
	Shinsuke Suzuki, Satoshi Kondo, "Dynamic Network Separation for IPv6 Network Security Enhancement," Applications and the Internet Workshops, IEEE/IPSJ International Symposium on, pp. 22-25, 2005 Symposium on Applications and the Internet Workshops (SAINT 2005 Workshops), 2005.

	BibTex	x
	@article{ 10.1109/SAINTW.2005.59, author = {Shinsuke Suzuki and Satoshi Kondo}, title = {Dynamic Network Separation for IPv6 Network Security Enhancement}, journal ={Applications and the Internet Workshops, IEEE/IPSJ International Symposium on}, volume = {0}, year = {2005}, isbn = {0-7695-2263-7}, pages = {22-25}, doi = {http://doi.ieeecomputersociety.org/10.1109/SAINTW.2005.59}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Applications and the Internet Workshops, IEEE/IPSJ International Symposium on TI - Dynamic Network Separation for IPv6 Network Security Enhancement SN - 0-7695-2263-7 SP22 EP25 A1 - Shinsuke Suzuki, A1 - Satoshi Kondo, PY - 2005 KW - null VL - 0 JA - Applications and the Internet Workshops, IEEE/IPSJ International Symposium on ER -

Shinsuke Suzuki, Hitachi, Ltd.

Satoshi Kondo, Trend Micro Inc.

Currently on the Internet, a network site is often secured by a firewall, filtering bogus traffic from outside at the border of the network site. This ?Border Defence Model?, however, obstructs the deployment of IPv6 applications and services, because the firewall negates the benefits of IPv6, such as end-to-end communication and IPsec.

To solve this problem, the ?Quarantine Model? is proposed. In this model, network nodes are accommodated to separate network segments according to their security levels, and a different security policy is implemented on each network segment. This ?divide and conquer? framework provides more flexible and better network security for the Quarantine Model.

This paper discusses how to conduct dynamic network separation, which is mandatory to the Quarantine Model, and analyzes the pros and cons of separation methods.

Citation:

Shinsuke Suzuki, Satoshi Kondo, "Dynamic Network Separation for IPv6 Network Security Enhancement," saint-w, pp.22-25, 2005 Symposium on Applications and the Internet Workshops (SAINT 2005 Workshops), 2005

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.