In this paper, a new mechanism called adaptiveVPN has been proposed that enables enterprises toselectively trade off security for some traffic so thatan NSP can provide value-added services for this traf-fic. This mechanism benefits the enterprise because itcan outsource some services to the NSP; it benefitsthe NSP by increasing its revenue opportunities. Foran NSP to provide value-added services, some or allof the packet headers and/or the application dataneed to be visible at the device (i.e., the IPSS) thatprovides the value-added service. In an end-to-endVPN, packets are encrypted end-to-end from theclient to the enterprise VPN gateway, and neitherany headers, nor application data are visible withinthe network. In a network-based VPN, the user VPNsession is terminated within the network at an IPSS,allowing the IPSS to provide value-added services.Adaptive VPN enables traffic from a specific user tobe carried both on an end-to-end VPN session and/ora network-based VPN session, based on the NAIofthe user and the application that is being accessed.We have modified the Lucent security product suitethat provides VPN services (i.e., the Lucent IPSecclient, the LSMS, and the Lucent VPN firewall brick) to support adaptive VPN. The design and implementation of these modifications have been discussed inthis paper.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.