Abstract
The security of a network depends heavily on the ability to manage the available security mechanisms effectively and efficiently. Concepts axe needed to organize the security management of large networks. Crucial is the possibility to cope with frequent changes of the configuration and with the complexity of networks consisting of thousands of users and components.
In the presented concept the network is divided into several administrative domains that are managed rather independent from each other. Each domain defines its own security policy. These are combined giving the global security policy. To enforce it, different security mechanisms — both network based and host based — can be used. Their configuration can be derived from the global security policy automatically.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
References
Brüggemann, H. H.: Spezifikation von objektorientierten Rechten. DuD-FachbeitrÄge, Vieweg, Wiesbaden (1997)
Chapman, D. B., Zwicky, E. D.: Building Internet Firewalls. O'Reilly (1995)
Cheswick, W. R., Bellovin, S. M.: Firewalls and Internet Security: Repelling the Wily Hacker. Addison-Wesley (1994)
Falk, R.: Formale Spezifikation von Sicherheitspolitiken für Paketfilter. In G. Müller, K. Rannenberg, M. Reitenspie\, H. Stiegler (eds.), Proc. of VerlÄ\liche IT-Systeme (VIS '97), DuD-FachbeitrÄge, Vieweg, Braunschweig and Wiesbaden (1997) 97–112
Fremont, A.: NetPartitioner 3.0, white paper, solsoft. http://www.solsoft.fr/np/whitepapernp.pdf (1998)
Garfinkel, S., Spafford, G.: Practical UNIX and Internet Security. O'Reilly, 2nd edn. (1996)
Hegering, H.-G., Abeck, S.: Integrated Network and Systems Management. Addison-Wesley (1994)
Hughes, L. J.: Actually Useful Internet Security Techniques. New Riders Publishing (1995)
Information processing systems — open systems interconnection — basic reference model — OSI management framework (part 4), ISO 7498-4/CCITT X.700 (1989)
Konopka, R., Trommer, M.: A multilayer-architecture for SNMP-based, distributed and hierarchical management of local area networks. In Proc. of the 4th International Conference on Computer Communications and Networks, Las Vegas (1995)
Unix host and network security tools. http://csrc.ncsl.nist.gov/tools/tools.htm (1996)
Rose, M. T.: The Simple Book. Prentice Hall, 2nd edn. (1996)
Schaller, H. N.: A concept for hierarchical, decentralized management of the physical configuration in the internet. In Proc. of Kommunikation in verteilten Systemen 1995 (KiVS '95), Springer (1995)
Sloman, M. (ed.): Network and Distributed Systems Management. Addison-Wesley (1994)
Wies, R.: Using a classification of management policies for policy specification and policy transformation. In Proc. of the Fourth International Symposium on Integrated Management, Chapman & Hall (1995)
Wirth, N.: Programming in Modula 2. Springer, 3rd edn. (1985)
Woo, T. Y. C., Lam, S. S.: Authorization in distributed systems: A formal approach. In Proc. of the 13th IEEE Symposium on Research in Security and Privacy, Oakland, California (1992) 33–50
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1998 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Falk, R., Trommer, M. (1998). Integrated management of network and host based security mechanisms. In: Boyd, C., Dawson, E. (eds) Information Security and Privacy. ACISP 1998. Lecture Notes in Computer Science, vol 1438. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0053719
Download citation
DOI: https://doi.org/10.1007/BFb0053719
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-64732-4
Online ISBN: 978-3-540-69101-3
eBook Packages: Springer Book Archive