Goddard et al., 2001 - Google Patents
An unavailability analysis of firewall sandwich configurationsGoddard et al., 2001
View PDF- Document ID
- 16258777575916559513
- Author
- Goddard S
- Kieckhafer R
- Zhang Y
- Publication year
- Publication venue
- Proceedings Sixth IEEE International Symposium on High Assurance Systems Engineering. Special Topic: Impact of Networking
External Links
Snippet
Firewalls form the first line of defense in securing internal networks from the Internet. A Firewall only provides security if all traffic into and out of an internal network passes through the firewall. However, a single firewall through which all network traffic must flow represents …
- 238000004458 analytical method 0 title description 6
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Error detection; Error correction; Monitoring responding to the occurence of a fault, e.g. fault tolerance
- G06F11/16—Error detection or correction of the data by redundancy in hardware
- G06F11/20—Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
- G06F11/202—Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements where processing functionality is redundant
- G06F11/2023—Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements where processing functionality is redundant details of failing over
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Error detection; Error correction; Monitoring responding to the occurence of a fault, e.g. fault tolerance
- G06F11/16—Error detection or correction of the data by redundancy in hardware
- G06F11/20—Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
- G06F11/2097—Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements maintaining the standby controller/processing unit updated
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance or administration or management of packet switching networks
- H04L41/06—Arrangements for maintenance or administration or management of packet switching networks involving management of faults or events or alarms
- H04L41/0654—Network fault recovery
- H04L41/0659—Network fault recovery by isolating the faulty entity
- H04L41/0663—Network fault recovery by isolating the faulty entity involving offline failover planning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
- H04L63/0218—Distributed architectures, e.g. distributed firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Application independent communication protocol aspects or techniques in packet data networks
- H04L69/40—Techniques for recovering from a failure of a protocol instance or entity, e.g. failover routines, service redundancy protocols, protocol state redundancy or protocol service redirection in case of a failure or disaster recovery
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/58—Association of routers
- H04L45/586—Virtual routers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network-specific arrangements or communication protocols supporting networked applications
- H04L67/10—Network-specific arrangements or communication protocols supporting networked applications in which an application is distributed across nodes in the network
- H04L67/1002—Network-specific arrangements or communication protocols supporting networked applications in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers, e.g. load balancing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/22—Alternate routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements or network protocols for addressing or naming
- H04L61/35—Network arrangements or network protocols for addressing or naming involving non-standard use of addresses for implementing network functionalities, e.g. coding subscription information within the address or functional addressing, i.e. assigning an address to a function
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L29/00—Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00 contains provisionally no documents
- H04L29/02—Communication control; Communication processing contains provisionally no documents
- H04L29/06—Communication control; Communication processing contains provisionally no documents characterised by a protocol
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing packet switching networks
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Goddard et al. | An unavailability analysis of firewall sandwich configurations | |
| EP1449093A4 (en) | SANDWICHES FIREFIGHTS INSENSITIVE TO FAILURES | |
| EP1648136B1 (en) | Intelligent integrated network security device for high-availability applications | |
| US8521879B1 (en) | Systems and methods for a load balanced interior gateway protocol intranet | |
| US7152179B1 (en) | IP redundancy with improved failover notification | |
| US9448898B2 (en) | Network traffic routing | |
| US8479275B1 (en) | Secure high-throughput data-center network employing routed firewalls | |
| US12093150B1 (en) | Systems and methods for online brand continuity | |
| Kanizo et al. | Designing optimal middlebox recovery schemes with performance guarantees | |
| Reghu et al. | Development of robust infrastructure in networking to survive a disaster | |
| US8171111B1 (en) | Systems and methods for non-specific address routing | |
| Shao et al. | Accelerating bgp configuration verification through reducing cycles in smt constraints | |
| CN116016132A (en) | Active-active data center system, disaster recovery method and device | |
| Mansour et al. | Performance Analysis and Functionality Comparison of First Hop Redundancy Protocols. | |
| WO2003090106A1 (en) | Method, apparatus, and computer program product for redundant network | |
| Neira et al. | High Availability support for the design of stateful networking equipments | |
| Chowdhury et al. | Dynamic Routing System (DRS): Fault tolerance in network routing | |
| Chen et al. | Dependability modelling of homogeneous and heterogeneous distributed systems | |
| US20250097142A1 (en) | Traffic protection with predetermined reroute and adaptive failure detection for use of applications hosted on virtual private clouds | |
| White et al. | IBM Z/OS V2R2 Communications Server TCP/IP Implementation: Volume 3 High Availability, Scalability, and Performance | |
| EP1769380A2 (en) | Network traffic routing | |
| Xin-yuan et al. | Performance analysis of software rejuvenation | |
| Goddard | FAULT TOLERANT FIREWALL SANDWICHES | |
| Huang et al. | A network processor-based fault-tolerance architecture for critical network equipments | |
| Hu et al. | Research and application of E-commerce platform for enterprise based on NLB |