中间盒穿越的安全成本 [英] Security Cost of Middlebox Traversal

问题描述

我要计算中间盒穿越的安全成本时，虚拟机迁移从一台物理服务器到另一个。中东盒可以是包含规则检查虚拟机穿越他们的防火墙或IPS / IDS。现在想象一下最简单的场景，唯一的问题是要找到检查VM通过中间盒规则的成本（这就是我所说的IT安全成本），并根据这个成本找到最佳路径。

I want to calculate the security cost of middlebox traversal when VM migrate from one physical server to another. Middle boxes can be firewalls or IPS/IDS containing rules checking the VM traversing them. Now imagine the most simple scenario that the only problem is to find the cost of checking VM by middlebox rules (this is what I call it security cost), and according to this cost finding the optimum path.

不过已经有一些协议，在那里，如BGP或OSPF，但遗憾的是不他们考虑安全成本。

However there are already some protocols out there such as BGP or OSPF, but unfortunately non of them consider the security cost.

推荐答案

我不同意，正确的方法，在最适宜的路径到达是计算的防火墙规则。相反，我将集中在大组规则的影响。而不是试图找出有多少规则是present或哪些安全功能被激活，您应该确定最优路径作为一个具有最低的网络延迟。这可能是容易测量。如果有防火墙很多的规则，仍然可以处理流量以更快的速度，你应该不介意经过防火墙，对吧？

I do not agree that the right way to arrive at the optimum path is to calculate firewall rules. Instead, I would focus on the impact of large set of rules. Instead of trying to find out how many rules are present or what security features are enabled, you should define the optimum path as the one that has lowest network latency. That is probably easily measured. If there is a firewall with lot of rules and can still process traffic at faster rate, you should not mind going through that firewall, right?

这篇关于中间盒穿越的安全成本的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！