首页>
外国专利>
SECURITY POLICY ENFORCEMENT AND VISIBILITY FOR NETWORK ARCHITECTURES THAT MASK EXTERNAL SOURCE ADDRESSES
SECURITY POLICY ENFORCEMENT AND VISIBILITY FOR NETWORK ARCHITECTURES THAT MASK EXTERNAL SOURCE ADDRESSES
展开▼
机译:屏蔽外部源地址的网络体系结构的安全策略实施和可见性
展开▼
页面导航
摘要
著录项
相似文献
摘要
Some network architectures include perimeter or edge devices which perform network address translation or otherwise modify data in a network traffic packet header, such as the source address. The modification of the source address prevents downstream devices from knowing the true or original source address from which the traffic originated. To address this issue, perimeter devices can insert the original source address in an X-Forwarded-For field of the packet header. Firewalls and related security services can be programmed to record the original source address in the XFF field in addition to the other packet information and to consider the original source address during security analysis. Using the original source address in the XFF field, services can determine additional characteristics about the traffic, such as geographic origin or associated user accounts, and use these characteristics to identify applicable rules or policies.
展开▼