Quarantine Model Overview for IPv6 Network Security
draft-kondo-quarantine-overview-02
| Document | Type |
Expired Internet-Draft
(individual)
Expired & archived
|
|
|---|---|---|---|
| Author | Satoshi Kondo | ||
| Last updated | 2006-03-10 | ||
| RFC stream | (None) | ||
| Intended RFC status | (None) | ||
| Formats | |||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | Expired | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
In the current Internet, a site is often secured by firewall, which filters harmful traffic from outside at the border of the site. This 'Border Defense Model', provides only a single line of defence and hinders the deployment of many next-generation Internet applications and services. This memo surveys the security issues of the 'Border Defense Model', and proposes a network architecture 'Quarantine Model', to provide a better security model and promote various end-to-end Internet usages. In our 'Quarantine Model', nodes shareing an Enterprise network network are connected to separate logical networks according to their security privilege level and community of interest. A different security policy is implemented on each logical network segment using the multiple security-related techniques, such as filtering, authentication, and encryption. This 'Compartmentalized' framework provides a better depth of network defenes and additional flexibility to our 'Quarantine Model'. This memo enumerates requirements and issues for this architecture. However, it is beyond the scope of this document to propose specific implementations or protocols.
Authors
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)