Abstract:
Designing network security perimeters to nullify security threats, is the objective of giants involved in the development of security applications and devices. An organization, not compromising on security, dedicates a hefty budget proportion for deploying security plans and updates. Fighting and chasing the modern attackers 24x7 has enforced thoughts of redesigning security framework. Existing perimeter is layered of border routers, firewalls, IDS, IPS, VPN devices, software architecture over DMZ s and subnets, beside server and host filters and antivirus applications. These are not fully customizable against adversaries in providing strong security framework. The current deployment nature of security perimeter where these layered components are prone to various egress and ingress nasty activities raises some serious questions. The traditional perimeters do not provide sufficient security to overcome these limitations in order to provide uncompromised security nodes. To address security needs efficiently, at critical knots within a network, we introduce a security framework. The proposed framework focuses three key areas related to defense-in-depth; (1) maximizing synchronization among layered security services (2) modularizing various services for better endpoint security (3) reducing traffic while providing secure mechanism for passive updates in traditional networks. The authors show through analysis and emulation that their proposed framework meets the unique security needs of network infrastructure in a better way.
Page(s):
2-6
DOI:
DOI not available
Published:
Journal: Engineer (Pakistan Engineering Council), Volume: 0, Issue: 9, Year: 2007