sane a protection architecture for enterprise networks
play

SANE: A Protection Architecture for Enterprise Networks Presented - PowerPoint PPT Presentation

SANE: A Protection Architecture for Enterprise Networks Presented By: Luke St.Clair How do you set up a network? Routers Firewalls NAT VLAN Problems? What happens when... You need to add a computer A computer moves You want to add


  1. SANE: A Protection Architecture for Enterprise Networks Presented By: Luke St.Clair

  2. How do you set up a network? Routers Firewalls NAT VLAN

  3. Problems?

  4. What happens when... You need to add a computer A computer moves You want to add someone to a logical “group” with access decisions in more than one layer/PEP

  5. Can We Wipe the Slate Clean? Existing networks, ways of doing things On what sort of scale? Are some places better?

  6. The Claim... Partially funded by the Stanford Clean Slate Program You can do this in businesses Central Handful of Services Everything is authenticated (hosts, users) “new networks are regularly built from scratch”

  7. If We Could Start From Scratch... What would you want? How would you get it?

  8. One Idea... Do everything at the link layer this prevents subversion can it deal with the application level? Onion routing, after authentication

  9. How does this work? Some central authority knows everything (DC) Knows topology everyone can reach him does “authentication” IP addresses aren’t used within the network

  10. How do you find out what’s on the Network Tell the guy who knows everything he’ll give you the capability to talk then you can talk Can’t broadcast directly - have to broadcast to DC, who checks for conformity What does this compare to today?

  11. Lots of edge conditions... But I won’t completely bore you with those... Malicious switches Revocation state DoS Mobility/Anti-Mobility Flooding And so much more...

  12. So... Can it work? Why/Why not?

Recommend


More recommend