Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision | |||
|
en:security [2019/08/30 17:13] Thomas Lukaseder [Concept of the DDoS Mitigation Setup] |
en:security [2019/09/23 17:51] (current) Thomas Lukaseder |
||
|---|---|---|---|
| Line 29: | Line 29: | ||
| For testing purposes, a local test setup was implemented as shown in the figure on the left. The system consists of the local setup of the mitigation system without the NetFlow data export which is evaluated separately. Additionally, the system entails a web server functioning as an attack target in test runs, one machine simulating attacks, and one machine simulating regular clients. | For testing purposes, a local test setup was implemented as shown in the figure on the left. The system consists of the local setup of the mitigation system without the NetFlow data export which is evaluated separately. Additionally, the system entails a web server functioning as an attack target in test runs, one machine simulating attacks, and one machine simulating regular clients. | ||
| + | ===== Zero Trust Network Management ===== | ||
| + | {{:de:architecture.png?nolink&400 |}} | ||
| + | |||
| + | We are working on a platform for zero trust network management as part of the project extension (bwNET100G+ Extension). The currently predominant perimeter security model is failing more and more often to provide sufficient protection against attackers. We analyse to what extent the zero trust model that is popular in some commercial networks can also be applied to the open and heterogeneous research network of a German university or the BelWü as a whole. The concept presented herein to implement such an identity-based network model focuses in particular on the components which are necessary for authentication and authorization. The feasibility of the model is demonstrated by a self-implemented prototype that protects access control | ||