Title :
A Novel Architecture for Enterprise Network Security
Author :
Chen, Chao ; Wang, Ke ; Dai, Yiqi
Author_Institution :
Dept. of Comput. Sci. & Technol., Tsinghua Univ., Beijing, China
Abstract :
The security and trustworthiness of enterprise networks have been a major concern in the research and practice of Intranet security. The security of endpoints and their network access are inevitably two important factors regarding enterprise network security. In this paper we present a novel architecture to enforce controls on endpoint application execution and network access, in which the policy decision point (PDP) and policy enforcement point (PEP) are introduced. A hybrid mechanism is proposed such that the control of application and network access of endpoints are integrated. Security analysis and performance evaluation prove that the proposed architecture maintains a balance between security and flexibility of enterprise network control.
Keywords :
business communication; computer network security; intranets; enterprise network security; enterprise network trustworthiness; intranet security; policy decision point; policy enforcement point; Access control; Chaos; Computational intelligence; Computer architecture; Computer security; Control systems; Internet; Sections; Switches; System analysis and design; application-network access control; enterprise network; policy decision point; policy enforcement point;
Conference_Titel :
Computational Intelligence and Security, 2009. CIS '09. International Conference on
Conference_Location :
Beijing
Print_ISBN :
978-1-4244-5411-2
DOI :
10.1109/CIS.2009.141
