Network Hardening
暂无分享,去创建一个
In defending networks against potential intrusions, certain vulnerabilities may seem acceptable risks when considered in isolation, whereas an intruder may combine such vulnerabilities for a multi-step intrusion and successfully infiltrate a seemingly well-guarded network. Relying on human analyst’s experiences and skills to identify such a threat is error-prone and renders the task of network hardening an art, rather than a science. Existing tools based on attack graphs can reveal such threats by enumerating all possible attack paths leading to critical resources, but they cannot provide a direct solution to remove the threats. In this book, we introduce automated solutions for hardening a network against sophisticated multi-step intrusions. Specifically, we first review necessary background information on related concepts, such as attack graphs and their application to network hardening. We then describe a network hardening technique to generate hardening solutions comprised of initially satisfied conditions, which makes the solution more enforceable. Following a discussion of the complexity issues, we devise an improved technique that takes into consideration the dependencies between hardening options and employs a near-optimal approximation algorithm to scale linearly with the size of the inputs, whose performance is validated experimentally.
[1] Elliott Mendelson,et al. Introduction to Mathematical Logic , 1979 .
[2] Yi Zhang,et al. Two Formal Analysis of Attack Graphs: Two Formal Analysis of Attack Graphs , 2010 .
[3] Duminda Wijesekera,et al. Scalable, graph-based network vulnerability analysis , 2002, CCS '02.
[4] Sushil Jajodia,et al. Efficient minimum-cost network hardening via exploit dependency graphs , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..