Sciweavers

ESORICS
2007
Springer

Maintaining High Performance Communication Under Least Privilege Using Dynamic Perimeter Control

14 years 6 months ago
Maintaining High Performance Communication Under Least Privilege Using Dynamic Perimeter Control
Abstract. From a security standpoint, it is preferable to implement least privilege network security policies in which only the bare minimum of TCP/UDP ports on internal hosts are accessible from outside the perimeter. Unfortunately, organizations with such policies can no longer communicate using common multiport protocols that require randomly chosen ports for auxiliary connections. This paper introduces a new approach for maintaining such communication under least privilege while achieving maximum performance. By dynamically modifying perimeter ACLs, inbound auxiliary connections are only allowed through the perimeter at exactly the times required. These modifications are made transparently to external users and with minimal changes to internal configuration. A prototype implementation of the Dynamic Perimeter Enforcement system, called Diaper, has been implemented and tested with several applications. Key words: Firewalls, grids, high performance networking, multiport protocols, ...
Paul Z. Kolano
Added 07 Jun 2010
Updated 07 Jun 2010
Type Conference
Year 2007
Where ESORICS
Authors Paul Z. Kolano
Comments (0)