Ethane: A Protection Architecture for Enterprise Networks [1/5]

Опубликовано 7 сентября 2016, 16:29

Connectivity in enterprise networks is provided by technologies not designed to offer protection. As a response to growing security demands, network designers have attempted to retrofit access controls onto an otherwise permissive architecture using various interdiction mechanisms such as ACLs, packet filters, and other middleboxes. This has lead to enterprise networks that are inflexible, fragile, and difficult to manage. To address these limitations, we offer Ethane, a backwards compatible network architecture where connectivity is restricted by default and only granted to senders on request. All routing and access control decisions are made by a logically-centralized server that grants access to services by explicitly setting up routes, according to declarative access control policies (e.g., Alice