TY - GEN
T1 - Managing security in dynamic networks
AU - Konstantinou, Alexander V.
AU - Yemini, Yechiam
AU - Bhatt, Sandeep
AU - Rajagopalan, S.
N1 - Publisher Copyright:
© 1999 by The USENIX Association All Rights Reserved.
PY - 1999
Y1 - 1999
N2 - This paper describes our initial steps towards self-configuring mechanisms for automating high-level security and service policies in dynamic networks. We build on the NESTOR system developed at Columbia University for instrumenting and monitoring constraints on network elements and services such as DHCP, DNS zones, host-based access controls, firewalls, and VLAN switches. Current paradigms for configuration management require that changes be propagated either manually or via low-level scripts suited to static networks. Our longer-term goal is to provide fully automated techniques which work for dynamic networks in which changes are frequent and often unanticipated. Automated approaches, such as ours, are the only viable solution for global and dynamic networks and services. In this paper, we focus on one specific scenario to illustrate our ideas: providing transparent and secure access to selected services from a mobile laptop. The challenge is that reconfiguration must satisfy the security policies of two independent corporate networks.
AB - This paper describes our initial steps towards self-configuring mechanisms for automating high-level security and service policies in dynamic networks. We build on the NESTOR system developed at Columbia University for instrumenting and monitoring constraints on network elements and services such as DHCP, DNS zones, host-based access controls, firewalls, and VLAN switches. Current paradigms for configuration management require that changes be propagated either manually or via low-level scripts suited to static networks. Our longer-term goal is to provide fully automated techniques which work for dynamic networks in which changes are frequent and often unanticipated. Automated approaches, such as ours, are the only viable solution for global and dynamic networks and services. In this paper, we focus on one specific scenario to illustrate our ideas: providing transparent and secure access to selected services from a mobile laptop. The challenge is that reconfiguration must satisfy the security policies of two independent corporate networks.
UR - http://www.scopus.com/inward/record.url?scp=84949652988&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84949652988&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:84949652988
T3 - Proceedings of the 13th Conference on Systems Administration, LISA 1999
SP - 109
EP - 121
BT - Proceedings of the 13th Conference on Systems Administration, LISA 1999
T2 - 13th Systems Administration Conference, LISA 1999
Y2 - 7 November 1999 through 12 November 1999
ER -