Special Report: Network Provisioning
Effects of Security Measures on Performance: An important issue is the impact of security measures on application performance. As recently evidenced, the proliferation of strict firewalls, particularly at DOE sites, rendered several network-based applications inoperable. In particular, several legacy applications that relied on open socket communications simply stopped working since firewalls by default denied the communications on general ports. While this problem can be temporarily fixed by port exceptions or moving hosts into open portions of the networks, it leaves them vulnerable to attacks (defeating the very purpose of firewalls in the first place). More systematic efforts are needed to provide graceful interoperation of science applications under secured network environments. Obviously, today's crude packet filters and firewalls have limiting effects on the data transmission rates, which in turn limit the application throughputs.
Proactive Countermeasures: The provisioning technologies outlined in previous sections involve running services such as bandwidth allocation, and signaling to setup and tear down the paths over the networks. These services could be the target of newer attacks, particularly of denial-of-service type, which are not anticipated and handled in current IP networks. Similarly, the newer versions of transport protocols might be vulnerable to certain attacks as some of the current high-performance protocols. Such considerations might be taken into account in developing the provisioning and transport technologies as described in the previous sections.
Previous Next Table
of Content for report: Network Provisioning Home
