Abstract
Entities in the enterprise are deployed with a standard configuration. Over time, patches, updates, new software versions, and mistakes or malicious activity all lead to deviations across the enterprise from this standard baseline. Malicious or unknown software on a system can cause harm or unexpected behavior. To mitigate these problems where possible, and help fix them in other cases, an enterprise plan for quality of protection is needed. This involves eliminating certain actions on machines that could harm the machine itself or the enterprise. The level of protection is dependent upon the type of enclave (an enclave is defined as a collection of entities with a common set of security and assurance mechanisms in place). Certain mitigations will be exercised based upon the cyber environment and enclave, and they may be exercised in different ways when communication is needed across enclaves of differing security and assurance. Mitigations include virus scanners and disabling of devices or interfaces. These mitigations also involve identifying and fixing issues that were not stopped. This requires a central visualization of the enterprise to quickly identify potential issues and a method of remotely taking action to either fix the affected system or freeze it until further action can be taken. This chapter discusses the current approach to centralized monitoring of communication as opposed to a more distributed approach. The latter relies on a well-formed security paradigm for the enterprise. The paper concludes with a proposal for a distributed inspection system that is currently being developed and tested.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Chandersekaran C, Foltz K Simpson WR (2014) Distributed versus centralized protection schema for the enterprise. In: Proceedings world congress on engineering and computer science 2014, WCECS2014. Lecture notes in engineering and computer science, San Francisco, USA, pp 68–73
Oppliger R (1997) Internet security: FIREWALLS and beyond. Commun ACM 40(5):94
Ingham K, Forrest S (2002) A history and survey of network firewalls (pdf)
Alkharobi T, Firewalls, presentation found at http://www.ccse.kfupm.edu.sa/~talal/Sec/Firewall.pdf
Ingham K, Forrest S (2002) A history and survey of network firewalls (pdf). p 4. Retrieved 25 Nov 2011
Cheswick WR, Bellovin SM, Rubin AD (2003) Google books link. Firewalls and internet security: repelling the wily hacker
Duhigg C (2003) Virus may elude computer defenses. Washington Post
Conway R (204). Code hacking: a developer’s guide to network security. Charles River Media, Hingham, p 281. ISBN 1-58450-314-9
Chang R (2002) Defending against flooding-based distributed denial-of-service attacks: a tutorial. IEEE Commun Mag 40(10):42–43
Almeida V, Bestavros A, Crovella M, de Oliveira A (1996) Characterizing reference locality in the WWW. In: Proceedings of the fourth international conference on parallel and distributed information systems, Miami Beach, Florida, USA, 18–20 December 1996, pp 92–107
Altinel M, Bornhövd C, Krishnamurthy S, Mohan C, Pirahesh H, Reinwald B (2003) Cache tables: paving the way for an adaptive database cache. In: Proceedings of the 29th international conference on Very large data bases, Berlin, Germany, 09–12 Sept 2003, pp 718–729
Amiri K, Tewari R, Park S, Padmanabhan S (2002) On space management in a dynamic edge cache. In: Proceedings of the fifth international workshop on the web and databases (WebDB 2002) (Madison, Wisc.). ACM, New York, pp 37–42
Anton J, Jacobs L, Liu X, Parker J Zeng Z, Zhong T (2002) Web caching for database applications with Oracle web cache. In: Proceedings of the 2002 ACM SIGMOD international conference on management of data, 03–06 June 2002, Madison, Wisconsin. doi: 10.1145/564691.564762
Apache HTTP Server Project (2003) Apache HTTP server. http://httpd.apache.org/
BEA Systems (2003) Weblogic application server. http://www.bea.com
CacheFlow (1999) Accelerating e-commerce with cacheflow internet caching appliances (a CacheFlow white paper)
Cain B, Spatscheck O, May M, Barbir A (2001) Request-routing requirements for content internetworking. http://www.ietf.org/internet-drafts/draft-cain-request-routing-req-03.txt
Candan KS, Li WS, Luo Q, Hsiung WP, Agrawal D (2001) Enabling dynamic content caching for database-driven web sites. In: Proceedings of the 2001 ACM SIGMOD international conference on management of data, Santa Barbara, California, USA, 21–24 May 2001, pp 532–543. doi: 10.1145/375663.375736
Challenger J, Dantzig P, Iyengar A (1999) A scalable system for consistently caching dynamic web data. In: Proceedings of the 18th annual joint conference of the IEEE computer and communications societies (INFOCOM) (New York, NY). IEEE Computer Society Press, Los Alamitos, California, pp 294–303
Cunha C, Bestavros A, Crovella M (1995) Characteristics of WWW Client-based traces. Boston University, Boston
ESI Consortium (2001) Edge side includes http://www.esi.org
Gadde S, Rabinovich M, Chase J (1997) Reduce, reuse, recycle: an approach to building large internet caches. In: Proceedings of the 6th workshop on hot topics in operating systems (HotOS-VI), 05–06 May 1997, p 93
Gamma E, Helm R, Johnson R, Vlissides J (1995) Design patterns: elements of reusable object-oriented software. Addison-Wesley Longman Publishing Co. Inc, Boston
Simpson WR, Chandersekaran C, Trice A (2008) A persona-based framework for flexible delegation and least privilege. In: Electronic digest of the 2008 system and software technology conference, Las Vegas, Nevada, USA May 2008, pp 12–18
Simpson WR, Chandersekaran C, Trice A (2008) Cross-domain solutions in an era of information sharing. In: The 1st international multi-conference on engineering and technological innovation: IMET2008, vol I, Orlando, FL., USA, June 2008, pp 313–318
Chandersekaran C, Simpson WR (2008) The case for bi-lateral end-to-end strong authentication. World Wide Web consortium (W3C) workshop on security models for device APIs, London, England, December 2008, 4 pp
Simpson WR, Chandersekaran C (2009) Information sharing and federation. In: The 2nd international multi-conference on engineering and technological innovation: IMETI 2009, vol I, Orlando, FL., USA, July 2009, pp 300–305
Chandersekaran C Simpson WR (2010) A SAML framework for delegation, attribution and least privilege. In: The 3rd international multi-conference on engineering and technological innovation: IMETI 2010, vol 2, Orlando, FL., July 2010, pp 303–308
Simpson WR, Chandersekaran C (2010) Use case based access control. In: The 3rd international multi-conference on engineering and technological innovation: IMETI 2010, vol 2, Orlando, FL., USA, July 2010, pp 297–302
Chandersekaran C Simpson WR (2012) A model for delegation based on authentication and authorization. In: The first international conference on computer science and information technology (CCSIT-2011). Lecture notes in computer science, Springer, Berlin-Heidelberg, 2–4 Jan 2012, Bangalore, India, 20 pp
Simpson WR, Chandersekaran C (2011) An agent based monitoring system for web services. In: The 16th international command and control research and technology symposium: CCT2011, vol II, Orlando, FL., USA, April 2011, pp 84–89
Simpson WR, Chandersekaran C (2011) An agent-based web-services monitoring system. Int J Comput Technol Appl (IJCTA) 2(9):675–685
Simpson WR, Chandersekaran C Wagner R (2011) High assurance challenges for cloud computing. In: Proceedings world congress on engineering and computer science 2011 WCECS 2011. Lecture notes in engineering and computer science, 19–21 Oct 2011, San Francisco, USA, pp 61–66
Chandersekaran C, Simpson WR (2012) Claims-based enterprise-wide access control. In: Proceedings world congress on engineering 2012. Lecture notes in engineering and computer science, WCE 2012, pp 524–529
Simpson WR, Chandersekaran C (2012) Assured content delivery in the enterprise. In: Proceedings world congress on engineering 2012, WCE 2012. Lecture notes in engineering and computer science, 4–6 July 2012, London, UK, pp 555–560
Simpson WR, Chandersekaran C (2012) Enterprise high assurance scale-up. In: Proceedings world congress on engineering and computer science 2012, WCECS 2012. Lecture notes in engineering and computer science, 24–26 Oct 2012, San Francisco, USA, pp 54–59
Chandersekaran C Simpson WR (2012) A uniform claims-based access control for the enterprise. Int J Sci Comput 6(2):1–23. ISSN: 0973–578X
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer Science+Business Media Dordrecht
About this paper
Cite this paper
Simpson, W.R. (2015). Distributed Protection for the Enterprise. In: Kim, H., Amouzegar, M., Ao, Sl. (eds) Transactions on Engineering Technologies. Springer, Dordrecht. https://doi.org/10.1007/978-94-017-7236-5_12
Download citation
DOI: https://doi.org/10.1007/978-94-017-7236-5_12
Published:
Publisher Name: Springer, Dordrecht
Print ISBN: 978-94-017-7235-8
Online ISBN: 978-94-017-7236-5
eBook Packages: EngineeringEngineering (R0)