Security Administration in an Open Networking Environment
Karen A. Casella
Sun Microsystems, Incorporated
Abstract
As networking technologies evolve and business needs change,
traditionally isolated and secure communication networks are
giving way to more open computing environments. Security, network
and systems administrators must therefore concern themselves not
only with firewall and boundary security, but also with
individual system security. Security administration in a large
open network is a challenging assignment and requires a
combination of auditing, assessment and compliance mechanisms.
For very large networks, automation is another variable which is
critical to consider in this equation. There are several tools
available to assess the security of networks and systems;
however, there are few freely available solutions for addressing
the problems that these analysis tools detect.
This paper describes the changing network security paradigm
and discusses what tools are available for identifying security
vulnerabilities in an open network environment. It goes on to
state the problem that we faced at Sun and describes the suite of
tools that we have designed and implemented as a solution,
focusing on the automation of system security assessment and
compliance. Finally, SunSWAT, the Sun Security Weakness Attack
Tool, is introduced and its evolution from a single shell script
designed to respond to the results of a network security audit,
into a system for improving system security, implementing
enterprise security standards and auditing to those standards, is
discussed.
Download the full text of this paper:
ASCII (30,067 bytes)
POSTSCRIPT (128,609 bytes)
PDF (57,909 bytes)
To Become a USENIX Member, please see our
Membership Information.