USENIX Technical Program - Abstract - 13th Systems Administration Conference - LISA '99
Managing Security in Dynamic Networks
Alexander V. Konstantinou, Yechiam Yemini, Columbia University; Sandeep Bhatt, and S. Rajagopalan, Telcordia Technologies (formerly Bellcore)
Abstract
This paper describes our initial steps towards self-configuring
mechanisms for automating high-level security and service policies in
dynamic networks. We build on the NESTOR system developed at Columbia
University for instrumenting and monitoring constraints on network
elements and services such as DHCP, DNS zones, host-based access
controls, firewalls, and VLAN switches.
Current paradigms for configuration management require that changes
be propagated either manually or via low-level scripts suited to
static networks. Our longer-term goal is to provide fully automated
techniques which work for dynamic networks in which changes are
frequent and often unanticipated. Automated approaches, such as ours,
are the only viable solution for global and dynamic networks and
services. In this paper, we focus on one specific scenario to
illustrate our ideas: providing transparent and secure access to
selected services from a mobile laptop. The challenge is that
reconfiguration must satisfy the security policies of two independent
corporate networks.
|