TY - GEN
T1 - Using security policies to automate placement of network intrusion prevention
AU - Talele, Nirupama
AU - Teutsch, Jason
AU - Jaeger, Trent
AU - Erbacher, Robert F.
PY - 2013/12/1
Y1 - 2013/12/1
N2 - System administrators frequently use Intrusion Detection and Prevention Systems (IDPS) and host security mechanisms, such as firewalls and mandatory access control, to protect their hosts from remote adversaries. The usual techniques for placing network monitoring and intrusion prevention apparatuses in the network do not account for host flows and fail to defend against vulnerabilities resulting from minor modifications to host configurations. Therefore, despite widespread use of these methods, the task of security remains largely reactive. In this paper, we propose an approach to automate a minimal mediation placement for network and host flows. We use Intrusion Prevention System (IPS) as a replacement for certain host mediations. Due to the large number of flows at the host level, we summarize information flows at the composite network level, using a conservative estimate of the host mediation. Our summary technique reduces the number of relevant network nodes in our example network by 80% and improves mediation placement speed by 87.5%. In this way, we effectively and efficiently compute network-wide defense placement for comprehensive security enforcement.
AB - System administrators frequently use Intrusion Detection and Prevention Systems (IDPS) and host security mechanisms, such as firewalls and mandatory access control, to protect their hosts from remote adversaries. The usual techniques for placing network monitoring and intrusion prevention apparatuses in the network do not account for host flows and fail to defend against vulnerabilities resulting from minor modifications to host configurations. Therefore, despite widespread use of these methods, the task of security remains largely reactive. In this paper, we propose an approach to automate a minimal mediation placement for network and host flows. We use Intrusion Prevention System (IPS) as a replacement for certain host mediations. Due to the large number of flows at the host level, we summarize information flows at the composite network level, using a conservative estimate of the host mediation. Our summary technique reduces the number of relevant network nodes in our example network by 80% and improves mediation placement speed by 87.5%. In this way, we effectively and efficiently compute network-wide defense placement for comprehensive security enforcement.
UR - http://www.scopus.com/inward/record.url?scp=84893143999&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84893143999&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-36563-8_2
DO - 10.1007/978-3-642-36563-8_2
M3 - Conference contribution
AN - SCOPUS:84893143999
SN - 9783642365621
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 17
EP - 32
BT - Engineering Secure Software and Systems - 5th International Symposium, ESSoS 2013, Proceedings
T2 - 5th International Symposium on Engineering Secure Software and Systems, ESSoS 2013
Y2 - 27 February 2013 through 1 March 2013
ER -