在封閉式網路實現可追蹤IP分配管理政策與網路安全之研究
| Autor: | Tzu-Wen Wei, 魏子文 |
|---|---|
| Rok vydání: | 2005 |
| Druh dokumentu: | 學位論文 ; thesis |
| Popis: | 93 The Internet’s open environment provides network attackers an easy surroundings to proceed their attacks. Yet for the time being, it is still difficult to efficiently trace down the sources of attacks, making the attackers even more convenient to launch their sabotage without being found. On the other hand, unlike the Internet, an isolated network is very much different from an open environment, and the network owners (administers) are more likely to be able to locate origins of attacks, since the configuration and related resources of the network are under their control. In this paper, we demonstrate and analyze a network management strategy to improve the network’s defense capability. This strategy constructs an IP-traceable infrastructure based on the associations among a framework of hierarchical IP addresses assignment, the geographical locations of the physical links, and multi-layer network filtering rules. Under this implementation of our strategy, the security officer is able to trace and locate origins of the attacks which launch Denial of Service (DoS) attacks, Trojan horses, and computer viruses, etc. In addition, by using the multi-layer network filtering rules, one can reduce the cost which caused by the redundant routing generated by attack packets, and the network performance is improved. A good strategy used to build a robust network infrastructure may be the best approach to counter any kind of attacks. |
| Databáze: | Networked Digital Library of Theses & Dissertations |
| Externí odkaz: |
|