Title :
Protection of distributed internetworked computers
Author :
Pierson, Lyndon G. ; Robertson, Perry J. ; Van Randwyk, Jamie ; Toole, Timothy J.
Author_Institution :
Sandia Nat. Labs., Albuquerque, NM, USA
Abstract :
Current methods of enforcing security policy depend on security patches, anti-virus protections, and configuration control, all updated in the end user´s computer at ever decreasing intervals. This research is producing a method of hardening the corporate computer infrastructure by prototyping a mixed hardware and software architecture that enforces policies by pushing distributed security functions closer to the end user´s computer, but without modifying, relying on or reconfiguring the end user´s computer itself. Previous research has developed highly secure network components. Because it is impractical to replace our entire infrastructure with secure, trusted components, this paper investigates how to improve the security of a heterogeneous infrastructure composed of both trusted and untrusted components.
Keywords :
computer network management; internetworking; security of data; telecommunication security; computer network protection; corporate computer infrastructure; cryptographically protected processor; distributed internetworked computer; distributed security function; hardware architecture; heterogeneous computer infrastructure; programmable security function; secure computer network architecture; security policy; software architecture; Computer networks; Computer security; Cryptography; Distributed computing; Hardware; Internet; Monitoring; National security; Protection; Switches; Computer Network Protection; Cryptographically Protected Processor; Programmable Security Functions; Secure computer network architecture;
Conference_Titel :
Security Technology, 2005. CCST '05. 39th Annual 2005 International Carnahan Conference on
Print_ISBN :
0-7803-9245-0
DOI :
10.1109/CCST.2005.1594882
