Browse > Article
http://dx.doi.org/10.3745/KIPSTC.2004.11C.1.081

Cascade Perimeter Defence Model in Multiple VPN Environment  

Lim, Hyung-J. (성균관대학교 대학원 정보통신공학부)
Kim, Tae-Kyung (성균관대학교 대학원 정보통신공학부)
Chung, Tai-M. (성균관대학교 정보통신공학부)
Publication Information
The KIPS Transactions:PartC / v.11C, no.1, 2004 , pp. 81-88 More about this Journal
Abstract
This paper analyzed the proper methods to solve the security problems of establishing trust zone which is changed by security policy in large scale networks containing multiple VPNs. Therefore, we surveyed the vulnerability of VPN technologies, it analyzed various models suitable for trust zone. By simulations of various models, we Propose the cascade perimeter defence policy model having the neit as such an efficient transit cost and the strictly isolation for trust tone. This model can protect the trust zone from the public network by dividing the trust Tone according to each VPN group and it shows the better transit performance by cascading the position of perimeter defence policy.
Keywords
VPN; MPLS; IPSec;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 Herve Debar, Marc Dacier, 'Toward a Taxonomy of Intrusion-Detection Sysetms,' IBM R&D, 1998
2 Eric C. Rosen, 'Use of PE-PE IPsec in RFC2547 VPNs,' IETF Internet Draft Provider Provisioned VPN WG, August, 2002
3 M. Carugi, 'Service requirements for Layer 3 Provider Provisioned Virtual Private Networks : ,' IETF Internet Draft Provider Provisioned VPN WG, October, 2002
4 Ananth Nagarajan, 'Generic Requirements for Provider Provisioned VPN,' IETF Internet Draft Provider Provisioned VPN WG, December 2002
5 Landwehr & Goldschlag, 'Security Issues in Networks with Internet Access,' Proc. IEEE, Vol.85, No. 12, December, 1997   DOI   ScienceOn
6 Michael Behringer, 'Analysis of the Security of the MPLS Architecture,' IETF Internet Draft Provider Provisioned VPN WG, October, 2002
7 Internet URL, http://rr.sans.org/encryption/mpls2.php
8 Paul Knight, Bryan Gleeson, 'Network based IP VPN Architecture using Virtual Routers,' IETF Internet Draft Provider Provisioned VPN WG, July, 2002
9 Dorothy E. DENNING, 'Intrusion Detection Model,' IEEE Transactions on Software Engineering, Vol.SE-13, pp.222-232, February, 1987   DOI   ScienceOn
10 윤재우, 이승형, 'IP 기반 VPN 프로토콜의 연구동향 : 확장성과 보안성', 한국정보보호학회, 정보보호학회지, 제11권 제6호, pp. 53-43, 2001   과학기술학회마을
11 ITU-T, Recommendation Y.1311,'Network Based VPNs-Generic Architecture and Service Requirements,' ITU-T, 2002
12 R. Callon, M. Suzuki, 'A Framework for Layer 3 Provider Provisioned Virtual Private Networks,' IETF Internet Draft Provider Provisioned VPN WG, October, 2002
13 Frame Relay Forum, 'The Path to MPLS,' WAVESMITH NETWORK, white paper, 2001
14 Internet URL, http://www.cosinecom.com
15 Robert N. Smith, Sourav Bhattacharya, 'Firewall Placement In A Large Network Topology,' IEEE FTDCS '97, p.40, October, 1997   DOI
16 Ananth Nagarajan, 'Generic Requirements for Provider Provisioned VPN,' IETF Internet Draft Provider Provisioned VPN WG, December, 2002
17 Samuel Patton, David Doss, William Yurcik, 'Distributed weakness in virtual private networks,' IEEE LCN '00, p.96, 2000   DOI
18 ITU-T Recommendation Y.1311-1, 'Network Based IP VPN over MPLS architecture,' ITU-T, 2001
19 Internet URL, http:www.acm.org/xrds2-4/intrus.html
20 Internet URL, http://staff/ashington.edu /gray/papers/credo.html
21 Jeremy de Clercq, Cliff Wang, 'An Architecture for Provider Provisioned CE-based Virtual Private Networks using IPsec,' IETF Internet Draft Provider Provisioned VPN WG, June, 2002