DragonFlyBSD Multimedia Resources List
Links on this page refer to multimedia resources (podcast, vodcast,
audio recordings, video recordings, photos) related to DragonFlyBSD or
of interest for DragonFlyBSD users.
This list is available as chronological
overview, as a tag cloud and
via the sources.
This list is also available as RSS feed
If you know any resources not listed here, or notice any dead links,
please send details to
Edwin Groothuis so that
it can be included or updated.
Tag: enterprise security
Matthew Burnside: Integrated Enterprise Security Mgmt
Source: New York City *BSD User Group
Added: 09 March 2007
Tags: mp3, presentation, enterprise security, matthew burnside
Integrated Enterprise Security Management
Security policies are a key component in protecting
enterprise networks. But, while there are many
diverse defensive options available, current models
and mechanisms for mechanically-enforced security
policies are limited to traditional admission-based
access control. Defensive capabilities include among
others logging, firewalls, honeypots, rollback/recovery,
and intrusion detection systems, while policy
enforcement is essentially limited to one-off access
control. Furthermore, access-control mechanisms
operate independently on each service, which can
(and often does) lead to inconsistent or incorrect
application of the intended system-wide policy. We
propose a new scheme for global security policies.
Every policy decision is made with near-global
knowledge, and re-evaluated as global knowledge
changes. Using a variety of actuators, we make the
full array of defensive capabilities available to
the global policy. Our goal is a coherent,
enterprise-wide response to any network threat.
Matthew Burnside is a Ph.D. student in the Computer
Science department at Columbia University, in New
York. He works for Professor Angelos Keromytis in
the Network Security Lab. He received his B.A and
M.Eng from MIT in 2000, and 2002, respectively. His
main research interests are in computer security,
trust management, and network anonymity.