Lightweight Vulnerability Management System
スポンサーリンク
概要
- 論文の詳細を見る
To secure a network, ideally, all software in the computers should be updated. However, especially in a server farm, we have to cope with unresolved vulnerabilities due to software dependencies. Therefore, it is necessary to understand the vulnerabilities inside the network. Existing methods require IP reachability and dedicated software to be installed in the managed computers. In addition, existing approaches cannot detect vulnerabilities of underlying libraries and uniformly control the communication between computers based only on the vulnerability score. We propose a lightweight vulnerability management system (LWVMS) based on a self-enumeration approach. This LWVMS allows administrators to configure their own network security policy flexibly. It complies with existing standards, such as IEEE802.1X and EAP-TLS, and can operate in existing corporate networks. Since LWVMS does not require IP reachability between the managed server and management servers, it can reduce the risk of invasion and infection in the quarantine phase. In addition, LWVMS can control the connectivity based on both the vulnerabilities of respective components and the network security policy. Since this system can be implemented by a slight modification of open-source software, the developers can implement this system to fit their network more easily.
著者
-
Yamaguchi Suguru
Graduate School Of Information Science Nara Institute Of Science And Technology
-
Okuda Takeshi
Graduate School Of Information Science Nara Institute Of Science And Technology
関連論文
- Reducing Processor Usage on Heavily-Loaded Network Servers with POSIX Real-Time Scheduling Control(System Programs)
- Basic Trust Calculation to Prevent Spam in VoIP Network based on Call Duration : Single Hop Consideration
- Performance Study and Deployment Strategies on the Sender-Initiated Multicast(Internet Technology V)
- Multi-Path Transmission Algorithm for End-to-End Seamless Handover across Heterogeneous Wireless Access Networks(Mobile Networking)(Internet Technology IV)
- Proposal for Adaptive Bandwidth Allocation Using One-Way Feedback Control for MPLS Networks(Switching for Communications)
- Handover Management for VoWLAN Based on Estimation of AP Queue Length and Frame Retries
- Preliminary Field-Trial for QoS Routing and Dynamic SLA (Special Issue on Internet Technology)
- Proactive AP Selection Method Considering the Radio Interference Environment
- Improvement of Consistency among AS Policies in IRR Databases(Distributed System Operation and Management)
- LI_015 Region Extraction with Cooperative Active Contours
- Delegated Validation System for Secure Authentication in WLAN Roaming
- Delegated Validation System for Secure Authentication in WLAN Roaming
- Cached Shortest-Path Tree : An Approach to Reduce the Influence of Intra-Domain Routing Instability(Network)
- Cached Shortest-Path Tree : An Approach to Reduced the Influence of Intra-Domain Routing Instability
- Lightweight Vulnerability Management System
- Lightweight Vulnerability Management System
- Hose Bandwidth Allocation Method to Achieve a Minimum Throughput Assurance Service for Provider Provisioned VPNs
- An Implementation Design of a WLAN Handover Method Based on Cross-Layer Collaboration for TCP Communication
- Improvement of Consistency among AS Policies in IRR Databases