Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
ESORICS
2007
Springer
2007
Springer
Maintaining High Performance Communication Under Least Privilege Using Dynamic Perimeter Control
Abstract. From a security standpoint, it is preferable to implement least privilege network security policies in which only the bare minimum of TCP/UDP ports on internal hosts are accessible from outside the perimeter. Unfortunately, organizations with such policies can no longer communicate using common multiport protocols that require randomly chosen ports for auxiliary connections. This paper introduces a new approach for maintaining such communication under least privilege while achieving maximum performance. By dynamically modifying perimeter ACLs, inbound auxiliary connections are only allowed through the perimeter at exactly the times required. These modifications are made transparently to external users and with minimal changes to internal configuration. A prototype implementation of the Dynamic Perimeter Enforcement system, called Diaper, has been implemented and tested with several applications. Key words: Firewalls, grids, high performance networking, multiport protocols, ...
Real-time TrafficAuxiliary Connections | ESORICS 2007 | Multiport Protocols | Privilege Network Security | Security Privacy |
| Added | 07 Jun 2010 |
| Updated | 07 Jun 2010 |
| Type | Conference |
| Year | 2007 |
| Where | ESORICS |
| Authors | Paul Z. Kolano |
Comments (0)
Researcher Info
|
