Êtes-vous un étudiant de l'EPFL à la recherche d'un projet de semestre?
Travaillez avec nous sur des projets en science des données et en visualisation, et déployez votre projet sous forme d'application sur Graph Search.
Concept
Middlebox
Résumé
A middlebox is a computer networking device that transforms, inspects, filters, and manipulates traffic for purposes other than packet forwarding. Examples of middleboxes include firewalls, network address translators (NATs), load balancers, and deep packet inspection (DPI) boxes.
UCLA computer science professor Lixia Zhang coined the term middlebox in 1999.
Middleboxes are widely deployed across both private and public networks. Dedicated middlebox hardware is widely deployed in enterprise networks to improve network security and performance, however, even home network routers often have integrated firewall, NAT, or other middlebox functionality. One 2017 study counting more than 1,000 deployments in autonomous systems, in both directions of traffic flows, and across a wide range networks, including mobile operators and data center networks.
The following are examples of commonly deployed middleboxes:
Firewalls filter traffic based on a set of predefined security rules defined by a network administrator. IP firewalls reject packets "based purely on fields in the IP and transport headers (e.g., disallow incoming traffic to certain port numbers, disallow any traffic to certain subnets etc.)" Other types of firewalls may use more complex rulesets, including those that inspect traffic at the session or application layer.
Intrusion detection systems (IDSs) monitor traffic and collect data for offline analysis for security anomalies. Unlike firewalls, IDSs do not filter packets in real time, as they are capable of more complex inspection and must decide whether to accept or reject each packet as it arrives.
Network address translators (NATs) replace the source and/or destination IP addresses of packets that traverse them. Typically, NATs are deployed to allow multiple end hosts to share a single IP address: hosts "behind" the NAT are assigned a private IP address and their packets destined to the public Internet traverse a NAT, which replaces their internal private address with a shared public address.
Source officielle
À propos de ce résultat
Cette page est générée automatiquement et peut contenir des informations qui ne sont pas correctes, complètes, à jour ou pertinentes par rapport à votre recherche. Il en va de même pour toutes les autres pages de ce site. Veillez à vérifier les informations auprès des sources officielles de l'EPFL.