Dynamic Virtual LANs for Adaptive Network Security

The NATO Undersea Research Centre (formerly SACLANTCEN), the research establishment of the Allied Command Transformation (ACT) strongly relies on Network Centric technologies and capabilities to improve the effectiveness of its scientific research. This requires architectures for the interconnection and data sharing that are flexible, scalable, and built on open standards, to ensure transparent interoperability between shore laboratories (both NATO and national) and assets located at sea (research vessels, buoys, autonomous vehicles, sensors and acquisition systems), all connected using a wide range of communications media (e.g. SATCOM, wireless ad-hoc networks, acoustical undersea communications). In addition to that, to fulfil its mission, the Centre has an extensive cooperation program with scientists and researchers, consultants and contractors, civil and military personnel coming, for a limited time period, from several NATO nations. It is a common requirement for them to be temporary connected to the Intranet and to the external Internet: this requirement presents important issues about the security within the internal network; access to networking resources must be controlled while preserving the relative “openness” of a research centre. This paper presents some of the concepts and architectures developed to control the access to network resources and to react to internal attacks.