SLIDE 1
SANE: A Protection Architecture for Enterprise Networks Presented - - PowerPoint PPT Presentation
SANE: A Protection Architecture for Enterprise Networks Presented - - PowerPoint PPT Presentation
SANE: A Protection Architecture for Enterprise Networks Presented By: Luke St.Clair How do you set up a network? Routers Firewalls NAT VLAN Problems? What happens when... You need to add a computer A computer moves You want to add
SLIDE 2
SLIDE 3
Problems?
SLIDE 4
What happens when...
You need to add a computer A computer moves You want to add someone to a logical “group” with access decisions in more than one layer/PEP
SLIDE 5
Can We Wipe the Slate Clean?
Existing networks, ways of doing things On what sort
- f scale?
Are some places better?
SLIDE 6
The Claim...
Partially funded by the Stanford Clean Slate Program You can do this in businesses Central Handful of Services Everything is authenticated (hosts, users) “new networks are regularly built from scratch”
SLIDE 7
If We Could Start From Scratch...
What would you want? How would you get it?
SLIDE 8
One Idea...
Do everything at the link layer this prevents subversion can it deal with the application level? Onion routing, after authentication
SLIDE 9
How does this work?
Some central authority knows everything (DC) Knows topology everyone can reach him does “authentication” IP addresses aren’t used within the network
SLIDE 10
How do you find out what’s on the Network
Tell the guy who knows everything he’ll give you the capability to talk then you can talk Can’t broadcast directly - have to broadcast to DC, who checks for conformity What does this compare to today?
SLIDE 11
Lots of edge conditions...
But I won’t completely bore you with those... Malicious switches Revocation state DoS Mobility/Anti-Mobility Flooding And so much more...
SLIDE 12