Advanced Intrusion Prevention for Geographically Dispersed Higher Education Cloud Networks
We present the design and implementation of a novel cybersecurity architecture for a Linux community public cloud supporting education and research. The approach combines first packet authentication and transport layer access control gateways to block fingerprinting of key network resources. Experimental results are presented for two interconnected data centers in New York. We show that this approach can block denial of service attacks and network scanners, and provide geolocation attribution based on a syslog classifier.
KeywordsAuthentication Identity management Attribution
The authors gratefully acknowledge support of the National Science Foundation grant Cloud Computing – Data, Networking, Innovation (CC-DNI), area 4, 15-535, also known as “SecureCloud”.
- 1.McCarthy, S.: Pivot Table: U.S. Education IT Spending Guide, version 1, 2013–2018. IDC publication GI255747, April 2015. http://www.idc.com/getdoc.jsp?containerId=GI255747
- 2.Lowendahl, J., Thayer, T., Morgan, G.: Top ten business trends impacting higher education. Gartner Group white paper, January 2016. https://www.gartner.com/doc/3186325/top–business-trends-impacting
- 3.Grama, J.: Data breaches in higher education. Educause Center for Analysis and Research, May 2014. https://library.educause.edu/resources/2014/5/just-in-time-research-data-breaches-in-higher-education
- 4.Fireye white paper: Cyber threats to the education industry, March 2016. https://www.fireeye.com/content/dam/fireeye-www/current-threats/pdfs/ib-education.pdf
- 5.Stoneburner, G., Goguen, A., Feringa, A.: Risk management guide for IT systems. NIST special publication 800-30, September 2012. http://csrc.nist.gov/publications/PubsSPs.html#800-30
- 6.Guilen, A., Rutten, P.: Driving Digital Transformation through Infrastructure Built for Open Source: How IBM LinuxONE Addresses Agile Infrastructure Needs of Next Generation Applications. IDC white paper, December 2016. https://public.dhe.ibm.com/common/ssi/ecm/lu/en/lul12345usen/LUL12345USEN.PDF. Last accessed 22 Oct 2016
- 7.DeCusatis, C., Liengtiraphan, P., Sager, A., Pinelli, M.: Implementing zero trust cloud networks with transport access control and first packet authentication. In: Proceedings of IEEE International Conference on Smart Cloud, New York, NY, 18–21 November 2016Google Scholar
- 8.Amazon Web Services Identity and Access Management, April 2016. https://aws.amazon.com/iam/. Last Accessed 20 May 2016
- 9.BlackRidge white paper: Dynamic network segmentation, August 2012. http://www.blackridge.us/images/site/page-content/BlackRidge_Dynamic_Network_Segmentation.pdf