Abstract
We present the design and implementation of a novel cybersecurity architecture for a Linux community public cloud supporting education and research. The approach combines first packet authentication and transport layer access control gateways to block fingerprinting of key network resources. Experimental results are presented for two interconnected data centers in New York. We show that this approach can block denial of service attacks and network scanners, and provide geolocation attribution based on a syslog classifier.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
McCarthy, S.: Pivot Table: U.S. Education IT Spending Guide, version 1, 2013–2018. IDC publication GI255747, April 2015. http://www.idc.com/getdoc.jsp?containerId=GI255747
Lowendahl, J., Thayer, T., Morgan, G.: Top ten business trends impacting higher education. Gartner Group white paper, January 2016. https://www.gartner.com/doc/3186325/top–business-trends-impacting
Grama, J.: Data breaches in higher education. Educause Center for Analysis and Research, May 2014. https://library.educause.edu/resources/2014/5/just-in-time-research-data-breaches-in-higher-education
Fireye white paper: Cyber threats to the education industry, March 2016. https://www.fireeye.com/content/dam/fireeye-www/current-threats/pdfs/ib-education.pdf
Stoneburner, G., Goguen, A., Feringa, A.: Risk management guide for IT systems. NIST special publication 800-30, September 2012. http://csrc.nist.gov/publications/PubsSPs.html#800-30
Guilen, A., Rutten, P.: Driving Digital Transformation through Infrastructure Built for Open Source: How IBM LinuxONE Addresses Agile Infrastructure Needs of Next Generation Applications. IDC white paper, December 2016. https://public.dhe.ibm.com/common/ssi/ecm/lu/en/lul12345usen/LUL12345USEN.PDF. Last accessed 22 Oct 2016
DeCusatis, C., Liengtiraphan, P., Sager, A., Pinelli, M.: Implementing zero trust cloud networks with transport access control and first packet authentication. In: Proceedings of IEEE International Conference on Smart Cloud, New York, NY, 18–21 November 2016
Amazon Web Services Identity and Access Management, April 2016. https://aws.amazon.com/iam/. Last Accessed 20 May 2016
BlackRidge white paper: Dynamic network segmentation, August 2012. http://www.blackridge.us/images/site/page-content/BlackRidge_Dynamic_Network_Segmentation.pdf
Acknowledgments
The authors gratefully acknowledge support of the National Science Foundation grant Cloud Computing – Data, Networking, Innovation (CC-DNI), area 4, 15-535, also known as “SecureCloud”.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
DeCusatis, C., Liengtiraphan, P., Sager, A. (2018). Advanced Intrusion Prevention for Geographically Dispersed Higher Education Cloud Networks. In: Auer, M., Zutin, D. (eds) Online Engineering & Internet of Things. Lecture Notes in Networks and Systems, vol 22. Springer, Cham. https://doi.org/10.1007/978-3-319-64352-6_13
Download citation
DOI: https://doi.org/10.1007/978-3-319-64352-6_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-64351-9
Online ISBN: 978-3-319-64352-6
eBook Packages: EngineeringEngineering (R0)