Pushing Enterprise Security Down the Network Stack

Free registration required

Executive Summary

Network security is typically reactive: Networks provide connectivity and subsequently alter this connectivity according to various security policies, as implemented in middle-boxes, or at higher layers. This approach gives rise to complicated interactions between protocols and systems that can cause incorrect behavior and slow response to attacks. This paper proposes a proactive approach to securing networks, whereby security-related actions (e.g., dropping or redirecting traffic) are embedded into the network fabric itself, leaving only a fixed set of actions to higher layers. The paper explores this approach in the context of network access control. The design uses programmable switches to manipulate traffic at lower layers; these switches interact with policy and monitoring at higher layers.

  • Format: PDF
  • Size: 329.1 KB