Security Cost of Middlebox Traversal

早过忘川 提交于 2019-12-24 00:17:11

问题


I want to calculate the security cost of middlebox traversal when VM migrate from one physical server to another. Middle boxes can be firewalls or IPS/IDS containing rules checking the VM traversing them. Now imagine the most simple scenario that the only problem is to find the cost of checking VM by middlebox rules (this is what I call it security cost), and according to this cost finding the optimum path.

However there are already some protocols out there such as BGP or OSPF, but unfortunately non of them consider the security cost.


回答1:


I do not agree that the right way to arrive at the optimum path is to calculate firewall rules. Instead, I would focus on the impact of large set of rules. Instead of trying to find out how many rules are present or what security features are enabled, you should define the optimum path as the one that has lowest network latency. That is probably easily measured. If there is a firewall with lot of rules and can still process traffic at faster rate, you should not mind going through that firewall, right?



来源:https://stackoverflow.com/questions/9383090/security-cost-of-middlebox-traversal

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!