Security for Active Network

Networking/Security Forums -> General Security Discussion

Author: binhnn PostPosted: Tue Apr 08, 2003 12:22 pm    Post subject: Security for Active Network
    ----
Active network is a novel approach toward new network architectures. However, due to its technic of enabling programming environment, it faces with some security issue.

I am doing some research to discush these issues and solve some related problems. If you are interested in this field, please let me know so we can exchange useful information.

Regards,
Nguyen Nhat Binh

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Tue Apr 08, 2003 12:30 pm    Post subject:
    ----
I presume you are talking about Active Directory, and also we are not here to do your homework for you Very Happy

If you have a specific question please ask, if you don't I suggest you do some reading/research first.

We are here for when you have exhausted all possible resources available to you.

Thanks

ST

Author: binhnn PostPosted: Tue Apr 08, 2003 5:52 pm    Post subject:
    ----
Dear ShaolinTiger,

Actually not AD. If I need to do something with AD, simply get some PCs, event VMWARE, install and play around with them.

What I mention here is Active Network in which, the routers and switches can perform customized computations on the messages flowing though them.

Dual to it mechanism, we have to face with some security issues. It is not simple just as you think.

If you like answering questions, I have some for you:

1 Do you think we could bring our network at risk by enabling a programable environment?
2 What is the right life circle of developing security policy?

Best regards,
Nguyen Nhat Binh.

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Tue Apr 08, 2003 6:08 pm    Post subject:
    ----
Ah ok sorry.

You really mean Active Networks, as in packet management and intelligent routing/information injection.

What area of Active Networks are you looking at?

Application-specific multicast? information fusion? or just simply leveraging network-based computation and storage.

Indeed the pace of innovation increases but so do the security risks, by decoupling network services from the underlying hardware you are allowing many more weak points into the infrastructure, you do however allow new services (including security based services) to be loaded into the infrastructure on demand.

As an answer to your questions...

1) Yes
2) Depends totally on the situation/company the policy is being designed for.


Last edited by ShaolinTiger on Tue Apr 08, 2003 6:09 pm; edited 1 time in total

Author: binhnn PostPosted: Wed Apr 09, 2003 11:41 am    Post subject:
    ----
Dear ST,
Thank you for answering my questions.
For the second question, my expectation is more philosophic answer like

Depends totally on the situation/company the policy is being designed for (your answer)

Analyze the need
Design the policy
Re-evaluate the risk
Plan for the next cycle

Anyway, we will discuss further more later.
Regards,
Binh.

Author: binhnn PostPosted: Wed Jun 18, 2003 9:22 am    Post subject:
    ----
Now I want to discuss further more about how to develop the right solution for security.
We would follow a very strict life cycle including the following steps:

Risk analyzing
- identify assets
- assign value
- assess liabilities
Policy developing
- identify owners
- set requirements for securing data
Implementation
- select/develop technologies
- set management process
Administration
- educate users
- set procedures to minimize risks

I will discuss with you the details of each step. Note that the last step starts another life cycle rather than stops the current one.

Any suggestion will be welcome,
Nguyen Nhat Binh.



Networking/Security Forums -> General Security Discussion


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group