Intrusion detection considerations for switched networks
暂无分享,去创建一个
Many private and public networks are based on network switching technologies. However, switched networks present a number of challenges to intrusion detection equipment. These challenges include limited visibility of network flows at the edges of the network, high-speed packet processing, and highly-aggregated flows in the core. In addition, switched networks typically implement protocols specific for Layer 2 functions, such as connection establishment and connection routing, which can be attacked to deny service to higher layer protocols and applications. Since these attacks cannot be detected by Internet Protocol intrusion detection equipment. Layer 2 intrusion detection is required. This paper describes an approach for performing intrusion monitoring in switched, Layer 2 networks, specifically, Asynchronous Transfer Mode networks.
[1] Matt Blaze,et al. Tapping on my network door , 2000, CACM.
[2] N. P. Robinson,et al. ATM peer group leader attack and mitigation , 1999, MILCOM 1999. IEEE Military Communications. Conference Proceedings (Cat. No.99CH36341).
[3] Michael Tooley. ISO model for open systems interconnection , 1992 .