Invi-server: Reducing the attack surfaces by making protected server invisible on networks.

Computers & Security(2017)

引用 6|浏览13
暂无评分
摘要
The advantage of having remote access motivates network administrators to connect mission-critical servers (e.g., enterprise management systems) as well as public web servers via the Internet, even though connecting these mission-critical servers to the Internet is not recommended. These mission-critical or public servers are accessible from any host on the Internet, allowing cyber attackers to engage the targeted server as part of a process to discover potential exploits and unpatched vulnerabilities. Although it would be difficult to eradicate all the potential vulnerabilities in advance, accessibility to a server can be controlled to limit or minimize the chance of exposing a vulnerable surface. We aimed to address the accessibility issue by designing and prototyping an Invi-server system, in which the IP and MAC addresses of the protected secret server remain invisible from external scanning and eavesdropping trials and even from compromised internal hosts on the network. This Invi-server system can be used as a way to reduce the attack surface of a protected server while allowing authorized users to send and receive packets via the protected server. We also implemented a prototype of the Invi-server system to demonstrate that our proposed system has the ability to reduce the attack surfaces significantly without increasing network performance overhead to any significant extent.
更多
查看译文
关键词
Invisible authentication,Server security,Covert channel,Secret server,One-time password
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要