Addressing Internal Security Threats with Roaming User-Based Distributed Firewalls
Full text | |||
Source | Journal of Information Systems Security Volume 5, Number 2 (2009)
Pages 26–41
ISSN 1551-0123 (Print)ISSN 1551-0808 (Online) |
||
Authors | Andy Luse — Iowa State University, USA
Kevin P. Scheibe — Iowa State University, USA
Anthony M. Townsend — Iowa State University, USA
|
||
Publisher | Information Institute Publishing, Washington DC, USA |
Abstract
A roaming, user-based distributed firewall is presented to address both internal and external security risks in an organizational environment where users move from one computer to another. Appropriate firewall settings are attached to users irrespective of the computer they work on. We demonstrate this roaming, user-based, distributed firewall, report results and discuss implications.
Keywords
Security, Networks, Distributed Firewalls
References
Bartal, Y., Mayer, A., Nissim, K., and Wool, A. (1999), “Firmato: A Novel Firewall Management Toolkit.” 1999 IEEE Symposium on Security and Privacy. May 9-12.
Bellovin, S.M. (1999), “Distributed Firewalls,” login, November:37-39.
Bennett, J. (2007), “AutoIT,” http://www.autoitscript.com/, 17 December 2007.
Blaze, M., Feigenbaum, J., Ioannidis, J., and Keromytis, A.D. (1999), “The keynote trust management system version 2,” RFC 2704.
Dimitrakos, T., Djordjevic, I., Matthews, B., Bicarregui, J., and Phillips, C. (2002), “Policy-Driven Access Control over a Distributed Firewall Architecture,” Third International Workshop on Policies for Distributed Systems and Networks. June 5-7.
DoD (Department of Defense) (1983), “Department of Defense Trusted Computer System Evaluation Criteria,” http://csrc.nist.gov/publications/history/dod85.pdf, 17, December 2007.
Ethereal (2007), “Ethereal,” http://www.ethereal.com/, 17 December 2007.
Fyodor (2007), “Nmap,” http://insecure.org/nmap/, 17 December 2007.
Gordon, L.A., Loeb, M.P., Lucyshyn, W., and Richardson, R. (2006), “2006 CSI/FBI computer crime and security survey,” Computer Security Institute, 1-28.
Harkins, D., and Carrel, D. (1998) “Internet Key Exchange (IKE),” RFC 2409.
Hwang, K., and Gangadharan, M. (2001). “Micro-Firewalls for Dynamic Network Security with Distributed Intrusion Detection.” IEEE International Symposium on Network Computing and Applications. Oct 10.
IEEE (1999), “IEEE standards for local and metropolitan area networks: virtualbridged local area networks,” IEEE Std 802.1Q-1998.
Ioannidis, S., Keromytis, A.D., Bellovin, S.M., and Smith, J.M. (2000). “Implementing a Distributed Firewall.” 7th ACM conference on Computer and communications security. Athens, Greece.
ISO (International Organization for Standardization), “Open Systems Interconnection (OSI),” http://www.iso.org/iso/iso_catalogue.htm, 17 December 2007.
Kent, S., and Atkinson, R. (1998a), “IP Authentication Header,” IETF RFC 2402.
Kent, S., and Atkinson, R. (1998b), “IP Encapsulating Security Payload,” IETF RFC 2406.
Kent, S., and Atkinson, R. (1998c), “Security Architecture for the Internet Protocol,” IETF RFC 2401.
Keromytis, A.D., Ioannidis, S., Greenwald, M.B., and Smith, J.M. (2003), “The STRONGMAN Architecture.” DARPA Information Survivability Conference and Exposition. April 22-24.
Li, M. (2003), “Policy-Based IPsec Management,” IEEE Network, 17(6):36-43.
Markham, T., Meredith, L., and Payne, C. (2003), “Distributed Embedded Firewalls with Virtual Private Groups.” DARPA Information Survivability Conference and Exposition. April 22-24.
Markham, T., and Payne, C. (2001), “Security at the Network Edge: A Distributed Firewall Architecture.” DARPA Information Survivability Conference & Exposition II.
McLoone, M., and McCanny, J.V. (2002), “A Single-Chip IPSEC Cryptographic Processor.” IEEE Workshop on Signal Processing Systems.
Meredith, L.M. (2003), “A Summary of the Autonomic Distributed Firewalls (ADF) Project.” DARPA Information Survivability Conference and Exposition.
Payne, C., and Markham, T. (2001), “Architecture and Applications for a Distributed Embedded Firewall.” 17th Annual Computer Security Applications Conference. Dec. 10-14.
Payne, C.N., and Ryder, D.K. (2003), “On the Large-Scale Deployment of a Distributed Embedded Firewall.” IEEE Systems, Man and Cybernetics Society Information Assurance Workshop. June 18-20.
Richardson, R. (2003), “CSI/FBI Computer Crime and Security Survey,” Computer Security Institute, 21.
Smith, R.N., Chen, Y., and Bhattacharya, S. (2003), “Cascade of Distributed and Cooperating Firewalls in a Secure Data Network,” IEEE Transactions on Knowledge and Data Engineering, 15 (5): 1307 - 1315.
Steiner, J.G., Neuman, C., Schiller, J.I., (1988), “Kerberos: An authentication service for open network systems.” Winter USENIX Conference.
Tenable. (2007), “Nessus: the Network Vulnerability Scanner,” http://www.nessus.org, 17 December 2007.
wikipedia.org (2006), “Confused deputy problem,” http://en.wikipedia.org/wiki/Confused_deputy_problem, 17 December 2007.