Ingress filtering by using Wildcard mask bits
draft-shahid-protect-edge-devices-00
Document | Type |
Expired Internet-Draft
(individual)
Expired & archived
|
|
---|---|---|---|
Authors | Ajaz Shahid , Syed Ahmed | ||
Last updated | 2011-01-20 | ||
RFC stream | (None) | ||
Intended RFC status | (None) | ||
Formats | |||
Stream | Stream state | (No stream defined) | |
Consensus boilerplate | Unknown | ||
RFC Editor Note | (None) | ||
IESG | IESG state | Expired | |
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
Security of the IP Network is always one of the primary concerns of the network design and normally used layered approach. It is recommended not to rely on a single layer of defense, but to configure multi-layer security measures. The primary purpose of this paper is to propose a simple and effective solution to enhance the security of EDGE devices which are connected to external users in a Service Provider network. Most Service Providers commonly use ingress filtering as one of the methods to filter traffic to secure edge devices of their infrastructure from external users. The proposed technique will use a special wildcard mask on the network addresses to limit the accessibility of the Service Provider EDGE devices from external users. This will greatly enhance the security of the Service Provider's edge devices from malicious attacks such as Denial of Service (DoS).
Authors
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)