Integrated management of network and host based security mechanisms
The security of a network depends heavily on the ability to manage the available security mechanisms effectively and efficiently. Concepts axe needed to organize the security management of large networks. Crucial is the possibility to cope with frequent changes of the configuration and with the complexity of networks consisting of thousands of users and components.
In the presented concept the network is divided into several administrative domains that are managed rather independent from each other. Each domain defines its own security policy. These are combined giving the global security policy. To enforce it, different security mechanisms — both network based and host based — can be used. Their configuration can be derived from the global security policy automatically.
Unable to display preview. Download preview PDF.
- 1.Brüggemann, H. H.: Spezifikation von objektorientierten Rechten. DuD-FachbeitrÄge, Vieweg, Wiesbaden (1997)Google Scholar
- 2.Chapman, D. B., Zwicky, E. D.: Building Internet Firewalls. O'Reilly (1995)Google Scholar
- 3.Cheswick, W. R., Bellovin, S. M.: Firewalls and Internet Security: Repelling the Wily Hacker. Addison-Wesley (1994)Google Scholar
- 4.Falk, R.: Formale Spezifikation von Sicherheitspolitiken für Paketfilter. In G. Müller, K. Rannenberg, M. Reitenspie\, H. Stiegler (eds.), Proc. of VerlÄ\liche IT-Systeme (VIS '97), DuD-FachbeitrÄge, Vieweg, Braunschweig and Wiesbaden (1997) 97–112Google Scholar
- 5.Fremont, A.: NetPartitioner 3.0, white paper, solsoft. http://www.solsoft.fr/np/whitepapernp.pdf (1998)Google Scholar
- 6.Garfinkel, S., Spafford, G.: Practical UNIX and Internet Security. O'Reilly, 2nd edn. (1996)Google Scholar
- 7.Hegering, H.-G., Abeck, S.: Integrated Network and Systems Management. Addison-Wesley (1994)Google Scholar
- 8.Hughes, L. J.: Actually Useful Internet Security Techniques. New Riders Publishing (1995)Google Scholar
- 9.Information processing systems — open systems interconnection — basic reference model — OSI management framework (part 4), ISO 7498-4/CCITT X.700 (1989)Google Scholar
- 10.Konopka, R., Trommer, M.: A multilayer-architecture for SNMP-based, distributed and hierarchical management of local area networks. In Proc. of the 4th International Conference on Computer Communications and Networks, Las Vegas (1995)Google Scholar
- 11.Unix host and network security tools. http://csrc.ncsl.nist.gov/tools/tools.htm (1996)Google Scholar
- 12.Rose, M. T.: The Simple Book. Prentice Hall, 2nd edn. (1996)Google Scholar
- 13.Schaller, H. N.: A concept for hierarchical, decentralized management of the physical configuration in the internet. In Proc. of Kommunikation in verteilten Systemen 1995 (KiVS '95), Springer (1995)Google Scholar
- 14.Sloman, M. (ed.): Network and Distributed Systems Management. Addison-Wesley (1994)Google Scholar
- 15.Wies, R.: Using a classification of management policies for policy specification and policy transformation. In Proc. of the Fourth International Symposium on Integrated Management, Chapman & Hall (1995)Google Scholar
- 16.Wirth, N.: Programming in Modula 2. Springer, 3rd edn. (1985)Google Scholar
- 17.Woo, T. Y. C., Lam, S. S.: Authorization in distributed systems: A formal approach. In Proc. of the 13th IEEE Symposium on Research in Security and Privacy, Oakland, California (1992) 33–50Google Scholar