Abstract
Decision Support System for Network Security Management is a system that evaluates the security of a network domain consists of various components and that supports a security manager in making decisions about security management of the network based on the evaluation. It helps the security manager to make a decision about how to change the configuration of the network to prevent the attack due to the security vulnerabilities of the network. Decision Support System for Network Security Management checks the current status of the network, predicts the possible intrusion and supports decision-making about security management to prevent the intrusion in advance. In this paper we analyze the requirements of the Decision Support System for Network Security Management that automates the security evaluation of the network and that supports decision-making about security management to secure the network, and we propose a design for it that satisfies the requirements. We also provide a prototype that implements the basic functions of our design.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
ISS, “Network and Host-based Vulnerability Assessment,” http://documents.iss.net/whitepapers/nva.pdf
ISS, “Securing Operating Platforms: A solution for tightening system security,” 1997.1.
AXENT Home Page, http://www.axent.com
ISS Home Page, http://www.iss.net
Kane Security Analyst Product Home Page, http://www.mantech.co.kr/ksa.html
J.S. Lee, S.C. Kim, J.T. Lee, K.B. Kim and S.W. Sohn, “Design of the Security Evaluation System for the prevention of hacking incidents under large-scale network environment,” Proceedings of the 12 th Workshop on Information Security and Cryptography, pp. 160–176, Chun-An, 2000.9.
J.S. Lee, S.C. Kim, K.B. Kim and S.W. Sohn, “Design of the Security Evaluation System for the automatic security analysis of the large-scale network,” Proceedings of the 5 th Conference on Communication Software, pp. 172–176, Sok-Cho, 2000.7.
Larry J. Hughes, Jr., Actually Useful Internet Security Techniques, New Riders Publishing, 1995.
S. J. Shin, J. W. Yoon and B. M. Lee, “A Prototype Design of Expert System for Automated Risk Analysis tool,” Proceedings of the 10 th Workshop on Information Security and Cryptography, pp. 383–395, 1998.
S.W. Kim, H. J. Jang and B. Park, “Dynamic Monitoring based on Security Agent,” Proceedings of the 10 th Workshop on Information Security and Cryptography, pp.518–530, 1998.
Sundaram. Aurobindo, “An Introduction to Intrusion Detection,” ACM CROSSROADS Issue 2.4, 1996.4.
Simson Garfinkel & Gene Spafford, Practical UNIX & Internet Security, O’REILLY, Second Edition, April 1996.
IETF RFC2401, “Security Architecture for the Internet Protocol”, November 1998.
IETF RFC2402, “IP Authentication Header (AH)”, November 1998.
IETF RFC2406, “IP Encapsulating Security Payload (ESP)”, November 1998.
IETF RFC2408, “ISAKMP”, November 1998.
IETF Internet-Draft, “Security Policy Protocol”.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lee, J.S., Kim, S.C. (2001). Design of the Decision Support System for Network Security Management to Secure Enterprise Network. In: Davida, G.I., Frankel, Y. (eds) Information Security. ISC 2001. Lecture Notes in Computer Science, vol 2200. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45439-X_35
Download citation
DOI: https://doi.org/10.1007/3-540-45439-X_35
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42662-2
Online ISBN: 978-3-540-45439-7
eBook Packages: Springer Book Archive