Work in Progress: Bro-LAN Pervasive Network Inspection and Control for LAN Traffic
Weaver, Nicholas
Paxson, Vern
Sommer, Robin
This paper appears in: Securecomm and Workshops, 2006
Publication Date: Aug. 28 2006-Sept. 1 2006
On page(s): 1-2
Location: Baltimore, MD,
ISBN: 1-4244-0423-1
INSPEC Accession Number: 9453920
Digital Object Identifier: 10.1109/SECCOMW.2006.359568
Current Version Published: 2007-05-15
Abstract
Network intrusion detection and prevention systems (NIDS and NIPS) have to date focused on protecting external access links, or, when internally deployed, links between major enclaves in an enterprise. As previously argued, major threats (worms, insiders, and attackers with a toehold) come from inside the local network, rather than outside. Recently, two approaches have arisen to address this threat: ubiquitous deployment of end system monitors and custom hardware to replace switching infrastructure. This paper presents a third way: exploiting the VLAN capabilities of modern switches to enforce that all LAN communications must traverse and meet the approval of an intrusion detection monitor that operates separately from the switches. This architecture can realize two key benefits: (1) deployment and operation in today's enterprise networks without requiring replacement of existing network infrastructure, and (2) the use of highly flexible, commodity PCs for LAN monitoring, rather than algorithms embedded in difficult-to-reprogram custom hardware
Index
Terms
Available to subscribers and IEEE members.
References
Available to subscribers and IEEE members.
Citing Documents
Available to subscribers and IEEE members.
Cart
