An SDN/NFV-Enabled Enterprise Network Architecture Offering Fine-Grained Security Policy Enforcement

Claas Lorenz; David Hock; Johann Scherer; Raphael Durner; Wolfgang Kellerer; Steffen Gebert; Nicholas Gray; Thomas Zinner; Phuoc Tran-Gia

doi:10.1109/MCOM.2017.1600414CM

An SDN/NFV-Enabled Enterprise Network Architecture Offering Fine-Grained Security Policy Enforcement

Claas Lorenz, David Hock, Johann Scherer, Raphael Durner, Wolfgang Kellerer, Steffen Gebert, Nicholas Gray, Thomas Zinner, Phuoc Tran-Gia

Chair of Communication Networks

Research output: Contribution to journal › Article › peer-review

54 Scopus citations

Abstract

In recent years, the number of attacks and threat vectors against enterprise networks have been constantly increasing in numbers and variety. Despite these attacks, the main security systems, for example network firewalls, have remained rather unchanged. In addition, new challenges arise not only to the level of provided security, but also to the scalability and manageability of the deployed countermeasures such as firewalls and intrusion detection systems. Due to the tight integration into the physical network's infrastructure, a dynamic resource allocation to adapt the security measures to the current network conditions is a difficult undertaking. This article covers different architectural design patterns for the integration of SDN/NFV-based security solutions into enterprise networks.

Original language	English
Article number	7828267
Pages (from-to)	217-223
Number of pages	7
Journal	IEEE Communications Magazine
Volume	55
Issue number	3
DOIs	https://doi.org/10.1109/MCOM.2017.1600414CM
State	Published - Mar 2017

Access to Document

10.1109/MCOM.2017.1600414CM

Cite this

@article{a368a3268c674cb1b118b5615ef7c7ba,

title = "An SDN/NFV-Enabled Enterprise Network Architecture Offering Fine-Grained Security Policy Enforcement",

abstract = "In recent years, the number of attacks and threat vectors against enterprise networks have been constantly increasing in numbers and variety. Despite these attacks, the main security systems, for example network firewalls, have remained rather unchanged. In addition, new challenges arise not only to the level of provided security, but also to the scalability and manageability of the deployed countermeasures such as firewalls and intrusion detection systems. Due to the tight integration into the physical network's infrastructure, a dynamic resource allocation to adapt the security measures to the current network conditions is a difficult undertaking. This article covers different architectural design patterns for the integration of SDN/NFV-based security solutions into enterprise networks.",

author = "Claas Lorenz and David Hock and Johann Scherer and Raphael Durner and Wolfgang Kellerer and Steffen Gebert and Nicholas Gray and Thomas Zinner and Phuoc Tran-Gia",

note = "Publisher Copyright: {\textcopyright} 1979-2012 IEEE.",

year = "2017",

month = mar,

doi = "10.1109/MCOM.2017.1600414CM",

language = "English",

volume = "55",

pages = "217--223",

journal = "IEEE Communications Magazine",

issn = "0163-6804",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "3",

}

TY - JOUR

T1 - An SDN/NFV-Enabled Enterprise Network Architecture Offering Fine-Grained Security Policy Enforcement

AU - Lorenz, Claas

AU - Hock, David

AU - Scherer, Johann

AU - Durner, Raphael

AU - Kellerer, Wolfgang

AU - Gebert, Steffen

AU - Gray, Nicholas

AU - Zinner, Thomas

AU - Tran-Gia, Phuoc

PY - 2017/3

Y1 - 2017/3

N2 - In recent years, the number of attacks and threat vectors against enterprise networks have been constantly increasing in numbers and variety. Despite these attacks, the main security systems, for example network firewalls, have remained rather unchanged. In addition, new challenges arise not only to the level of provided security, but also to the scalability and manageability of the deployed countermeasures such as firewalls and intrusion detection systems. Due to the tight integration into the physical network's infrastructure, a dynamic resource allocation to adapt the security measures to the current network conditions is a difficult undertaking. This article covers different architectural design patterns for the integration of SDN/NFV-based security solutions into enterprise networks.

AB - In recent years, the number of attacks and threat vectors against enterprise networks have been constantly increasing in numbers and variety. Despite these attacks, the main security systems, for example network firewalls, have remained rather unchanged. In addition, new challenges arise not only to the level of provided security, but also to the scalability and manageability of the deployed countermeasures such as firewalls and intrusion detection systems. Due to the tight integration into the physical network's infrastructure, a dynamic resource allocation to adapt the security measures to the current network conditions is a difficult undertaking. This article covers different architectural design patterns for the integration of SDN/NFV-based security solutions into enterprise networks.

UR - http://www.scopus.com/inward/record.url?scp=85010222439&partnerID=8YFLogxK

U2 - 10.1109/MCOM.2017.1600414CM

DO - 10.1109/MCOM.2017.1600414CM

M3 - Article

AN - SCOPUS:85010222439

SN - 0163-6804

VL - 55

SP - 217

EP - 223

JO - IEEE Communications Magazine

JF - IEEE Communications Magazine

IS - 3

M1 - 7828267

ER -

An SDN/NFV-Enabled Enterprise Network Architecture Offering Fine-Grained Security Policy Enforcement

Abstract

Access to Document

Other files and links

Fingerprint

Cite this