SBIR-STTR Award

This proposal addresses two fundamental gaps in network security: the security administrator's inability to know what is happening on his network and the ease by which attackers can circumvent existing network monitoring tools such as the Network Security Monitor (NSM). Without filling these gaps, we cannot claim that we have control over, or integrity within, our computer and communication infrastructure. We introduce three broad classes of threats: new servers, rogue servers, and masquerading servers; and demonstrate how easily they can be introduced into your environment and how they easily compromise the integrity of firewalls, network monitors, and TCP wrapper. We then discuss how Network Radar can be used to fill these gaps and reestablish integrity within your network.

This proposal addresses several fundamental gaps in network security. First, the complexity of today's networks, users' ability to install their own software, and undocumented software features conspire to prevent security administrators from knowing what is actually happening on their networks. Second, by simply placing network servers at unusual ports, attackers can easily circumvent the security provided by filtering firewalls and network security monitors such as ASIM and NID. And third, by hopping through multiple hosts, attackers can easily frustrate a security administrator's attempt to track down the source of the attack.We shall develop an integrated suite of network monitoring tools which will address these as well as other gaps in network security. These tools, collectively called Network Radar, will work in concert to provide a comprehensive monitoring capability, and this capability will allow security administrators to establish and maintain control over and integrity within their networks.

Keywords:
NSM ASIM NCSR RADAR MONITORING NETWORK