论文信息 - Neue Herausforderungen für den Schutz kritischer Infrastrukturkomponenten in zukünftigen IP-Netzen

Neue Herausforderungen für den Schutz kritischer Infrastrukturkomponenten in zukünftigen IP-Netzen

IP-basierte Kommunikationsnetze sind zu einer wichtigen Basisinfrastruktur für unsere Gesellschaft geworden, und mit dem Trend zu "Next Generation Networks" und "Triple Play" ist dies mit der Migration weiterer Basisdienste auf diese Infrastruktur verbunden. In gleichem Maße haben sich auch die Bedrohungen der Infrastruktur und der daran angeschlossenen Endsysteme weiterentwickelt, sowohl quantitativ als auch technisch und organisatorisch. Damit bekommen Schutzmaßnahmen und Sicherheitsarchitekturen grundlegende Bedeutung. In diesem Beitrag sollen deshalb zunächst die aktuellen Bedrohungen aufgezeigt und diskutiert werden, um anschließend einen neuartigen Ansatz für den Schutz kritischer Infrastrukturkomponenten vorzustellen.In parallel to the establishment of IP-based communication networks as a crucial infrastructure for our society, the threats against this infrastructure and the end systems connected to it have evolved at the same pace as well – both with respect to their quantity and their technical and organisational sophistication. With the trend towards "Next Generation Networks" and "Triple Play" and the migration of additional basic services associated with it, the improvement of security architectures and protective mechanisms becomes increasingly important. In this contribution we will, therefore, first outline and discuss the current threats for IP-networks before introducing a novel approach for the protection of critical infrastructure components.

Birger Tödtmann | Erwin P. Rathgeb | Stephan Riebach

[1] Ehab Al-Shaer,et al. Discovery of policy anomalies in distributed firewalls , 2004, IEEE INFOCOM 2004.

[2] Jürgen Quittek,et al. NEC's Simple Middlebox Configuration (SIMCO) Protocol Version 3.0 , 2006, RFC.

[3] Paul Ferguson,et al. Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing , 1998, RFC.

[4] Erwin P. Rathgeb,et al. The Honeynet quarantine: reducing collateral damage caused by early intrusion response , 2005 .

[5] Birger Tödtmann,et al. Risk Assessment of Production Networks Using Honeynets - Some Practical Experience , 2005, ISPEC.

[6] Chae Sub Lee,et al. Realization of the next-generation network , 2005, IEEE Communications Magazine.

[7] Birger Tödtmann,et al. Anticipatory Distributed Packet Filter Configuration for Carrier-Grade IP-Networks , 2006, Networking.

[8] Matt Bishop. Introduction to Computer Security , 2004 .

[9] Avishai Wool,et al. Firmato: a novel firewall management toolkit , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[10] Peter J. Denning,et al. Data Security , 1979, CSUR.

[11] Jack Koziol. Intrusion Detection with Snort , 2003 .

[12] Birger Tödtmann,et al. Efficient Deployment of Honeynets for Statistical and Forensic Analysis of Attacks from the Internet , 2005, NETWORKING.