As the Internet emerges to be, not only the most important, but in many areas the only way of efficient communication, it becomes also vital for business and government institutions to securely exchange data via this medium. This led to the development ofvirtual private networks (VPNs). However, security in this aspect does not only refer to confidentiality, integrity, authentication, and access control, but also availability; a subgoal of increasing importance due to cheap and simple execution of denial-of-service (DoS) attacks.In order to increase the DoS-resilience of VPNs, the topology of this overlay network must react flexible to circumvent affected network parts and to reintegrate systems, which become available after the DoS attack ended or have been moved to different address ranges. Therefore, we developed a fully distributed IPsec configuration mechanism, which is able to react to failures dynamically and is yet scalable, efficient, and secure.Nonetheless, the usually required higher layer services do not work in a distributed way. Thus, a failure may still cause availability issues as services like Domain Name System (DNS) may become inaccessible, even though a network connection is still present. This artide introduces distributed VPN auto-configuration and goes into detail on distributed network services.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.