Title :
Network security policy for large-scale VPN
Author :
Shan, Rongsheng ; Li, Shenghong ; Wang, Mingzheng ; Li, Jianhua
Author_Institution :
Dept. of Electron. Eng., Shanghai Jiao Tong Univ., China
Abstract :
In the current VPN, manual security policy configuration is usually inefficient and error-prone. The paper studies the problem of conflicts among policies in different domains of a large-scale VPN. In this paper, a new trusted domain and a novel security transmission model as the fundament of the security theory of VPN are defined, and based on them, the exact definition of security transmission requirements and the corresponding effective security policies for a large-scale VPN are proposed. In addition, this paper gives the principles of policy verification for the purpose of checking the consistence of security policies in the whole network environment.
Keywords :
Internet; telecommunication security; virtual private networks; large-scale VPN; network environment; network security policy; security policy configuration; security transmission; trusted domain; virtual private network; Availability; Data security; Electronic commerce; Information security; Large-scale systems; Maintenance; National security; Protection; Protocols; Virtual private networks;
Conference_Titel :
Communication Technology Proceedings, 2003. ICCT 2003. International Conference on
Print_ISBN :
7-5635-0686-1
DOI :
10.1109/ICCT.2003.1209071
