Title :
Security for infinite networks
Author :
Nelson, Ruth ; Hosmer, Hilary
Author_Institution :
Information Syst. Security, Watertown, MA, USA
Abstract :
Although network security theory forbids many connections to large networks as being too risky, the reality is that large numbers of sensitive systems are connected to the Internet and that connectivity is increasing at a rapid rate. Firewalls and host protection mechanisms are used in a somewhat arbitrary fashion, depending more on the availability of products than on a clear understanding of security principles. We need to expand security theory to protect large networks. This paper proposes a new paradigm for security in large networks, based on an understanding of the sometimes conflicting requirements for security, connectivity and functionality. The paradigm, called FICS-IT (Functional, Information, and Connection Security for Information Technology), consists of a philosophy, an approach, a framework and a collection of components. It is based on an understanding of security as risk management and includes: local resource control; multiple, tailored security policies; layered, functional access control; and recognition of heterogeneity in architecture, ownership and policy
Keywords :
risk management; security of data; wide area networks; FICS-IT; Internet; architecture; connectivity; firewalls; functionality; heterogeneity; host protection mechanisms; infinite networks; large networks; layered functional access control; local resource control; multiple tailored security policies; network security theory; ownership; policy; product availability; risk management; risky connections; sensitive systems; Access control; Centralized control; Computer networks; Contracts; Control systems; Data security; Information security; Information systems; Protection; Risk management;
Conference_Titel :
New Security Paradigms Workshop, 1995. Proceedings
Conference_Location :
La Jolla, CA
Print_ISBN :
0-8186-7318-4
DOI :
10.1109/NSPW.1995.492339
