Maintaining High Performance Communication Under Least Privilege Using Dynamic Perimeter Control
نویسنده
چکیده
From a security standpoint, it is preferable to implement least privilege network security policies in which only the bare minimum of TCP/UDP ports on internal hosts are accessible from outside the perimeter. Unfortunately, organizations with such policies can no longer communicate using common multiport protocols that require randomly chosen ports for auxiliary connections. This paper introduces a new approach for maintaining such communication under least privilege while achieving maximum performance. By dynamically modifying perimeter ACLs, inbound auxiliary connections are only allowed through the perimeter at exactly the times required. These modifications are made transparently to external users and with minimal changes to internal configuration. A prototype implementation of the Dynamic Perimeter Enforcement system, called Diaper, has been implemented and tested with several applications.
منابع مشابه
Addressing the Tension Between Strong Perimeter Control an Usability
This paper descriies a strong perimeter control system for a general purpose processing system, with the perimeter control system taking significant steps to address usability issues, thus mitigating the tension between strong perimeter protection and usability. A secure front end enforces two-factor authentication for all interactive access to an enclave that contains a large supercomputer and...
متن کاملA Comparative Study on Seismic Performance of Hexagrid, Diagrid and Tubular Structural Systems
Hexagrid structural system is an innovated system with structural behavior which is similar to a tubular system. In this paper, a numerical study is conducted to estimate the seismic performance of horizontal hexagrid concerning the combined horizontal and vertical hexagrid, tubular and diagrid structural systems. First 30 and 50 story buildings are modeled using ETABS, then pushover and nonlin...
متن کاملResearch of Least Privilege for Database Administrators
Traditional database administrator (DBA) privileges are too high, which causes insider security threat problem. To solve this problem, an extended Role Based Access Control (RBAC) rights management model for DBA was brought out in this paper. Combined with the principle of least privilege security, this paper proposes a scheme which contains three management roles separation and dynamic constra...
متن کاملEffects of the Custom Mold with a Raised Ridge around the Perimeter Foot Orthoses on Dynamic Postural Control in Chronic Ankle Instability
Background and Objectives: Among the foot orthoses prescribed to improve postural control in chronic ankle instability, foot orthoses designed to affect both types of mechanical and functional instability have a limited research background. In the present study, a type of foot orthosis named the custom mold with a raised ridge around the perimeter was designed, and manufactured, and its effect ...
متن کاملSpecifying and enforcing the principle of least privilege in role-based access control
The principle of least privilege in role-based access control (RBAC) is an important area of research. There are two crucial issues related to it: the specification and the enforcement. We believe that existing least privilege specification schemes are not comprehensive enough and few of the enforcement methods are likely to scale well. In this paper, we formally define the basic principle of l...
متن کامل