Grid of Security: A Decentralized Enforcement of the Network Security

Grid of Security: A Decentralized Enforcement of the Network Security

Olivier Flauzac (University of Reims Champagne-Ardenne, France), Florent Nolot (University of Reims Champagne-Ardenne, France), Cyril Rabat (University of Reims Champagne-Ardenne, France) and Luiz-Angelo Steffenel (University of Reims Champagne-Ardenne, France)
DOI: 10.4018/978-1-4666-0978-5.ch022
OnDemand PDF Download:
List Price: $37.50


Network security is in a daily evolving domain. Every day, new attacks, viruses, and intrusion techniques are released. Hence, network devices, enterprise servers, or personal computers are potential targets of these attacks. Current security solutions like firewalls, intrusion detection systems (IDS), and virtual private networks (VPN) are centralized solutions, which rely mostly on the analysis of inbound network connections. This approach notably forgets the effects of a rogue station, whose communications cannot be easily controlled unless the administrators establish a global authentication policy using methods like 802.1x to control all network communications among each device. To the best of the authors’ knowledge, a distributed and easily manageable solution for the global security of an enterprise network does not exist. In this chapter, they present a new approach to deploy a distributed security solution where communication between each device can be control in a collaborative manner. Indeed, each device has its own security rules, which can be shared and improved through exchanges with others devices. With this new approach, called grid of security, a community of devices ensures that a device is trustworthy and that communications between devices progress in respect of the control of the system policies. To support this approach, the authors present a new communication model that helps structuring the distribution of security services among the devices. This can secure both ad-hoc, local-area or enterprise networks in a decentralized manner, preventing the risk of a security breach in the case of a failure.
Chapter Preview

The Security Problem

Today, the Internet is far from being a secure environment. The continuous growth of security risks (intrusions, virus, spywares, information stealing) forces enterprises and network administrators to expend a considerable amount of time and money to improve security aspects from their networks, usually through the association of multiple techniques and tools. Despite the fact that defining and deploying security policies if a study field that rapidly advanced in the last years, most of the proposed solutions are still based on centralized servers.

In our approach, we try to better represent the constraints from the real world by starting our models with a typical enterprise network, connected to the Internet. In this model, all network devices connected to the enterprise network constitute what we call a “confidence zone”. By default, the confidence zone is delimited by the equipment directly connected to the Internet, i.e. those devices with a public IPv4 interface. Formally, a confidence zone includes all communicating devices in a network where the global security is under mutual control. Therefore, a confidence zone can be extended across a WAN link or reduced to a few devices if the devices find a common agreement on the security policies.

Complete Chapter List

Search this Book: