Integrated management of network and host based security mechanisms

  • Rainer Falk
  • Markus Trommer
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1438)


The security of a network depends heavily on the ability to manage the available security mechanisms effectively and efficiently. Concepts axe needed to organize the security management of large networks. Crucial is the possibility to cope with frequent changes of the configuration and with the complexity of networks consisting of thousands of users and components.

In the presented concept the network is divided into several administrative domains that are managed rather independent from each other. Each domain defines its own security policy. These are combined giving the global security policy. To enforce it, different security mechanisms — both network based and host based — can be used. Their configuration can be derived from the global security policy automatically.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Brüggemann, H. H.: Spezifikation von objektorientierten Rechten. DuD-FachbeitrÄge, Vieweg, Wiesbaden (1997)Google Scholar
  2. 2.
    Chapman, D. B., Zwicky, E. D.: Building Internet Firewalls. O'Reilly (1995)Google Scholar
  3. 3.
    Cheswick, W. R., Bellovin, S. M.: Firewalls and Internet Security: Repelling the Wily Hacker. Addison-Wesley (1994)Google Scholar
  4. 4.
    Falk, R.: Formale Spezifikation von Sicherheitspolitiken für Paketfilter. In G. Müller, K. Rannenberg, M. Reitenspie\, H. Stiegler (eds.), Proc. of VerlÄ\liche IT-Systeme (VIS '97), DuD-FachbeitrÄge, Vieweg, Braunschweig and Wiesbaden (1997) 97–112Google Scholar
  5. 5.
    Fremont, A.: NetPartitioner 3.0, white paper, solsoft. (1998)Google Scholar
  6. 6.
    Garfinkel, S., Spafford, G.: Practical UNIX and Internet Security. O'Reilly, 2nd edn. (1996)Google Scholar
  7. 7.
    Hegering, H.-G., Abeck, S.: Integrated Network and Systems Management. Addison-Wesley (1994)Google Scholar
  8. 8.
    Hughes, L. J.: Actually Useful Internet Security Techniques. New Riders Publishing (1995)Google Scholar
  9. 9.
    Information processing systems — open systems interconnection — basic reference model — OSI management framework (part 4), ISO 7498-4/CCITT X.700 (1989)Google Scholar
  10. 10.
    Konopka, R., Trommer, M.: A multilayer-architecture for SNMP-based, distributed and hierarchical management of local area networks. In Proc. of the 4th International Conference on Computer Communications and Networks, Las Vegas (1995)Google Scholar
  11. 11.
    Unix host and network security tools. (1996)Google Scholar
  12. 12.
    Rose, M. T.: The Simple Book. Prentice Hall, 2nd edn. (1996)Google Scholar
  13. 13.
    Schaller, H. N.: A concept for hierarchical, decentralized management of the physical configuration in the internet. In Proc. of Kommunikation in verteilten Systemen 1995 (KiVS '95), Springer (1995)Google Scholar
  14. 14.
    Sloman, M. (ed.): Network and Distributed Systems Management. Addison-Wesley (1994)Google Scholar
  15. 15.
    Wies, R.: Using a classification of management policies for policy specification and policy transformation. In Proc. of the Fourth International Symposium on Integrated Management, Chapman & Hall (1995)Google Scholar
  16. 16.
    Wirth, N.: Programming in Modula 2. Springer, 3rd edn. (1985)Google Scholar
  17. 17.
    Woo, T. Y. C., Lam, S. S.: Authorization in distributed systems: A formal approach. In Proc. of the 13th IEEE Symposium on Research in Security and Privacy, Oakland, California (1992) 33–50Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1998

Authors and Affiliations

  • Rainer Falk
    • 1
  • Markus Trommer
    • 1
  1. 1.Chair for Data ProcessingTU MünchenMunichGermany

Personalised recommendations