Grid of Security: A Decentralized Enforcement of the Network Security

Abstract

Network security is in a daily evolving domain. Every day, new attacks, viruses, and intrusion techniques are released. Hence, network devices, enterprise servers, or personal computers are potential targets of these attacks. Current security solutions like firewalls, intrusion detection systems (IDS), and virtual private networks (VPN) are centralized solutions, which rely mostly on the analysis of inbound network connections. This approach notably forgets the effects of a rogue station, whose communications cannot be easily controlled unless the administrators establish a global authentication policy using methods like 802.1x to control all network communications among each device. To the best of the authors’ knowledge, a distributed and easily manageable solution for the global security of an enterprise network does not exist. In this chapter, they present a new approach to deploy a distributed security solution where communication between each device can be control in a collaborative manner. Indeed, each device has its own security rules, which can be shared and improved through exchanges with others devices. With this new approach, called grid of security, a community of devices ensures that a device is trustworthy and that communications between devices progress in respect of the control of the system policies. To support this approach, the authors present a new communication model that helps structuring the distribution of security services among the devices. This can secure both ad-hoc, local-area or enterprise networks in a decentralized manner, preventing the risk of a security breach in the case of a failure.