Changes between Version 11 and Version 12 of WikiStart


Ignore:
Timestamp:
Aug 30, 2012 5:50:26 PM (5 years ago)
Author:
psaiteja
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • WikiStart

    v11 v12  
    11= Virtual Secure Network = 
    22 
    3 A Virtual Secure Network (VSN) is a novel network service, providing safe and secure web content to remote users. The VSN architecture can be used to offer security protections (like firewalls, Antivirus scanners, IDSs and IPSs) as a service from the cloud - with added benefits of low cloud cost for VSN management and better performance for the end users.   
    4  
     3A Virtual Secure Network (VSN) is a novel network service, providing remote users the security benefit of being behind a managed secure (corporate/cloud) network, while providing Internet performance more typical of an (insecure) direct connection. A VSN is analogous to a Virtual Private Network (VPN), in that it offers security protections like firewalls, multiple Antivirus scanners, IDSs and IPSs to the remote users, however VSN guarantees additional benefits of low cost for the management and better performance for the end users. Employing VSN architecture in the cloud to offer security protections as a subscription service can guarantee lower cloud costs and better user experience.     
    54 
    65== Why VSN? == 
    76 
    8 A corporate network typically has IDSes, firewalls, and malware scanners to protect the machines on the network from attack. However, employees may use devices with sensitive data in remote locations. This leaves the company with a choice: either have the remote users VPN their traffic back to the corporate network for protection; or let its employees connect directly to the (insecure) Internet. The former choice can be very slow for users as well as costly for the organization, while the latter increases the security risk. [[BR]] 
    9 We address this problem by providing a novel network service called Virtual Secure Network (VSN). A VSN server provides remote clients the security benefit of being behind a corporate network, while providing Internet performance more typical of an (insecure) direct connection. The VSN service concept can also be extended to cloud-based security services - providing the security offerings as a subscription service. 
     7A corporate network typically has IDSes, firewalls, and malware scanners to protect the machines on the network from attack. However, employees may use devices with sensitive data in remote locations. This leaves the company with a choice: either have the remote users VPN their traffic back to the corporate network for protection; or let its employees connect directly to the (insecure) Internet. The former choice can be very slow for users as well as costly for the organization, while the latter increases the security risk. Many companies though aware of the security risks, allow company devices to directly connect to the internet when outside the company network to reduce costs. Highly protective companies (like the government offices) force users to use all-time-VPN without providing any enhancements to improve the user experience. We address this problem by proposing a novel network service called Virtual Secure Network (VSN), which tries to reduce the enterprise costs and improve the user experience simultaneously. 
    108 
    119== Briefly, how does VSN work? == 
    1210 
    13 The VSN server intelligently pushes hashes of secure content to clients. Clients that want to obtain content on the hashlist do so directly over the Internet but have the same security assurances as though they were in the corporate network. Any new content (not in the hashlist) would be requested through the VSN server. 
     11A VPN of an enterprise generally has two use cases. 
     121. Extend already deployed company network and host protections to remote users.  
     132. Allow remote users to access internal network resources or services.  
     14 
     15Our VSN service focuses only on the initial use case of VPN, and does not alter the second use case in anyway. A VSN tries to guarantee better user experience and reduced costs as compared to the case when all-time-VPN is enforced. 
     16 
     17=== Core Idea === 
     18Our approach is based on the fact that there is considerable overlap in the content that different users are interested in. If an object (such as a web page) passes all the security screenings deployed, without triggering any alarms, we can consider the object to be safe as per the current security configuration (i.e., with respect to the deployed IPS/antivirus signature databases and detection engines). If another user requests the same object and the object's content has not changed since the last screening, then the object can safely be retrieved directly from the Internet. But in order to deploy such an approach, the user needs a mechanism to determine whether the to-be-requested object has passed the security screenings previously. To allow the user to make a local determination, we propose a novel scheme based on distributing hashes of previously tested content to the users. Clients that want to obtain content on the hashlist do so directly over the Internet but have the same security assurances as though they were in the corporate network. Any new content (not in the hashlist) would be requested through the VSN server. 
     19 
     20[[Image(htdocs:VSNarchitecture.jpg)]] 
    1421 
    1522== How to obtain current VSN implementations? == 
     
    2431You need to have JAVA JDK pre-installed.  
    2532 
    26 For now, you need to compile and run the code. The VSN client and VSN server ports are fixed to 5555 and 5556, and both need to run on the same machine. If the server needs to run on a different machine or if you want to use different port numbers, you need to modify the server IP and port variables in the VSN client code and the listening IP in the server code. We are working on it to make it easy by passing the IP and port details as command line arguments, and in future bundling the code into a simple jar file with GUI.   
     33For now, you need to compile and run the code. In future, we plan to release an executable version of the VSN client and server codes. The VSN client and VSN server ports are fixed to 5555 and 5556, and both need to run on the same machine. If the server needs to run on a different machine or if you want to use different port numbers, you need to modify the server IP and port variables in the VSN client code and the listening IP in the server code. We are working on it to make it easy by passing the IP and port details as command line arguments, and in future bundling the code into a simple jar file with GUI.   
    2734 
    2835For compiling the server/client code on WINDOWS, use the following command with appropriate path substitutions: 
     
    4350 
    4451== People == 
    45 Sai Teja Peddinti[http://cis.poly.edu/~psaiteja/] 
    46 Justin Cappos[http://www.poly.edu/user/jcappos] 
    47 Keith Ross[http://cis.poly.edu/~ross/] 
     52* [http://cis.poly.edu/~psaiteja/ Sai Teja Peddinti] 
     53* [http://www.poly.edu/user/jcappos Justin Cappos] 
     54* [http://cis.poly.edu/~ross/ Keith Ross] 
    4855