From a security standpoint, it is preferable to implement least privilege network security policies in which only the bare minimum of TCP/UDP ports on internal hosts are accessible from outside the perimeter. Unfortunately, organizations with such policies can no longer communicate using common multiport protocols that require randomly chosen ports for auxiliary connections. This paper introduces a new approach for maintaining such communication under least privilege while achieving maximum performance. By dynamically modifying perimeter ACLs, inbound auxiliary connections are only allowed through the perimeter at exactly the times required. These modifications are made transparently to external users and with minimal changes to internal configuration. A prototype implementation of the Dynamic Perimeter Enforcement system, called Diaper, has been implemented and tested with several applications. © Springer-Verlag Berlin Heidelberg 2007.
CITATION STYLE
Kolano, P. Z. (2007). Maintaining high performance communication under least privilege using dynamic perimeter control. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 4734 LNCS, pp. 38–54). Springer Verlag. https://doi.org/10.1007/978-3-540-74835-9_4
Mendeley helps you to discover research relevant for your work.