The detection of attacks on large administrative network domains is nowadays generally accomplished centrally by analyzing the\ndata traffic on the uplink to the Internet. The first phase of an infection is usually difficult to observe. Often attackers use e-mail\nattachments or external media, such as USB sticks, hardware with preinstalled malware, or contaminated mobile devices to infect\ntarget systems. In such scenarios, the initial infection cannot be blocked at the network level. The lateral movement of attack\nprograms (exploits) through internal networks and the exfiltration of data, however, which are the main purpose of targeted\nattacks, run always over the network. Security measures against such internal network attacks require a comprehensive\nmonitoring concept that spans the entire network to its edge. Especially for preventive measures, this means providing a security\nconcept for local area networks (LANs). In this paper, we propose based on an analysis of typical LAN-based attacks an approach\nfor preventing these attacks for both IPv4 and IPv6 networks. It applies the software-defined networking (SDN) paradigm for\ncentralizing the related network decisions in a central authorityâ??the SDN controllerâ??that manages all network connections and\nhence the associated data flows.
Loading....