Information Technology Reference
In-Depth Information
Fig. 1.
Network topology
5.2
Experiment Verification and Analysis
The refinement of composition policies including intrusion detection, vulnerabilities
detection, and access control.
Scenario: It was assumed that the attacker Host0 (IP Address 192.168.4.2) can
access FTP server in DMZ, and bypass the Firewall2 and access DB server6 to conduct
a DoS attack according to the configuration vulnerability of firewall. We deployed
IDS, Vulnerability scan and Firewall1 to protect database server that provides services,
when Dos attack was detected. The high-level policy goals are described by CNDIDL
as follow:
PolicyGoal
1{
Extranet Unauthorized user
,
(
) , {
DMZ Net
,
2 } , {
FTPservice DBservice
,
} ,
TCP access
,{int
rusion
_ det
ect vul
,
_
scan
,
¬
access
_
control
},
{
seq
_
and
(int
rusion
_ det
ect vul
,
_
scan
),
seq
_
and vul
(
_
scan
,
¬
access
_
control
)}}
The description text for high-level policy goals includes a composition policy goal
that describes intrusion detection and access control for FTP server2 and DB server6.
Our policy refinement methods were used to transform high-level defense policy goals
to operational-level defense policies. The operational-level defense policies are shown
as follow:
PolicyOperation
IDS
1{
1(
alert TCP
192.168.4.2 / 24 192.168.1.0 / 24 21,"
bufferoverflow
";
alert TCP
192.168.4.2 / 24 192.168.3.0 / 24 1521,"
dos
"; )},
PolicyOperation
2{
Vul
_
Base scan
(
192.168.1.0 / 24;
scan
192.168.3.0
/ 24; )},
PolicyOperation
3{
firewall
1
(
deny TCP
deny TCP
192.168.4.2 / 24 192.168.1.3 / 24 21;
192.168.4.2 / 24 192.168.3.2 / 24 1521; )
inpara
: {int
erface
: 4}},
policy
_
relations
:
seq
_
and
(1, 2);
seq
_
and
(2, 3)
The description text for operational-level policy includes three operational policies
and relation of “sequence and”. These operational policies specify the availability
requirements that guarantee that the server can provide services under the attacks of