Research And Application On Network Security Device Linkage Policy

The linkage management of network security devices based on policy makessure of that the security devices work together, so that the system resources areintegrated effectively. It improves the detective accuracy and efficiency of securityincidents, thus copes with the increasingly complex network security threats. So thelinkage policy becomes the core of dynamic security devices management model.This paper bases on the policy management framework formulated by IETF andmodel of security device linkage system, further study of the description, validation,search and execution of linkage policy.First, in aspect of policy definition and description, according to the synergy ofsecurity device in the same subnet, divided the security domain as subnet. Thesecurity policy is defined as triples of the security domain, the trigger conditions andrules of enforcement. Trigger conditions represent the threats of security eventscaptured by system, while the rules of enforcement give the configuration action ofsecurity policy which need to be executed by system.Second, in aspect of policy validation. The handle of security incidents is thestart-up of linkage device process. Take the open or close of linkage device process asstate node, and take the security incident which causes the node transition as edge. Astate transition model described by direct graph for specific subnet can be constructed.So each enforcement in rule set corresponds to a change of state in direct graph. Testthe changes path of each state node through depth-first traversal on direct graph, thenfinish verification of validity, integrity, consistency, redundancy and enforceabilityfor linkage policy.Third, in aspect of policy searching. Change the problem of policy searchinginto traversal on direct graph. Take the frequency of security incidents into accountwhile creating the adjacency list for graph so that security incident with highfrequency can be detected first. Divide the graph into some subgraphs by the numberof termination nodes, the frequency of security incident can be transformed into thedissipation value of the path. Definite the heuristic function by the event’ s latestoccurrence time in AOE network. Arrange the state node through A*searchingalgorithm in the Closed table, then reconstruct the adjacency list by the result ofnodes reordering in each subgraph.Finally, in aspect of policy enforcement. Carry out remote configuration tosecurity devices by the protocol of SSH(Secure Shell) which guaranteed the securityof policy enforcement and realized the capability of devices with different SSH version.Through the experimental analysis, the policy verification algorithm proposedby this paper is better than some existing methods on complexity as it has goodefficiency. Meanwhile the policy searching method in this paper can effectivelyrespond to high frequency events. Combine with method of remote configuringsecurity device by SSH protocol, apply methods proposed in this paper inconstructing the network security device linkage system, and dealing with varioustypes of security threats effectively.