Fall 2005 Internet2 Member Meeting

Use Internet2 SiteID

Already have an Internet2 SiteID?
Sign in here.

Internet2 SiteID

Network Architecture for Automatic Security and Policy Enforcement

Time 09/20/05 04:30PM-05:30PM

Session Abstract

One of the major security threats facing University and other large-scale end-user networks, especially those supporting residential or dormitory accesses, are the thousands of privately owned and unmanaged computers directly connected to an institution's relatively open, high-speed Internet connections. Security policy enforcement is often lax due to a lack of central control over end-user computers and an inability to tie the actions of these computers to particular individuals.

This talk will begin with an overview of various approaches for automating technical policy enforcement as a condition for network access in colleges and universities, including approaches which allow for host isolation into specialized networks, captive-portal-like remediation systems, and other forms of conditional network access.

Following this overview, we will discuss a generalized description of how networks can enforce various use policies. This description will include a conceptual model of the network components, both in and out of band, that are required to determine a host's network access level as well as those configuration elements, specific to each component, that might allow or deny an end stations network access.

The overview, description, and model are all based on the work being done as part of the Internet2 SALSA-NetAuth working group.


Speaker Eric Gauthier Boston University

Speaker Kevin Amorin Harvard University

Presentation Media

Secondary tracks Security for Advanced Networks and Applications Middleware

gold Sponsors

silver Sponsors

bronze Sponsors

supporter Sponsors

Food and Beverage Sponsors