David Pisano - MITRE
Apr 24, 2013
Download: MP4 Video
Watch in your Browser
Watch on YouTube
"Identity-Based Internet Protocol Network"
The Identity-Based Internet Protocol (IBIP) Network project is experimenting with a new enterprise oriented network architecture using standard Internet Protocol to encode identity (ID) information into the IP packet by a new edge security device referred to as the IBIP policy enforcement point (PEP). This is a variant of a network admission control process that establishes user and host identities as well as provides optional information on host visibility, organizational affiliation, current role, and trust metric (associated with the user and host endpoints). Our motivation is to increase our security posture by leveraging identity, reducing our threat exposure, enhancing situational understanding of our environment, and simplifying network operations. In addition to authentication, we leverage strong anti-spoofing technology to improve accountability. We reduce our threat surface by “hiding” our client hosts and making all infrastructure devices inaccessible. Any attempt to access a hidden host or infrastructure device results in a policy violation attributable to the user/host that caused the violation and provides enhanced situational awareness of such activities. Our servers can also have a “permissible use” policy that ensures that the server only operates across the network per that policy. Finally, as users log in and servers are added to the network, all dynamic configurations for access control initiated by such changes are automatically carried out without manual intervention, thereby reducing potential vulnerabilities caused by human errors.1
1.Extracted from “Nakamoto, G.; Durst, R.; Growney, C.; Andresen, J.; Ma, J.; Trivedi, N.; Quang, R.; Pisano, D., "Identity-Based Internet Protocol Networking," MILITARY COMMUNICATIONS CONFERENCE, 2012 - MILCOM 2012 , vol., no., pp.1,6, Oct. 29 2012-Nov. 1 2012.
About the Speaker
David Pisano is a Senior Network Engineer at the MITRE Corporation, where he has been employed for the last two and a half years. David has devoted most of this time working on networking and networking security challenges. He has been a contributor to The Honeynet Project since 2009. Prior to joining MITRE David earned a Masters in Networking and Systems Administration at the Rochester Institute of Technology (R.I.T.) David completed his undergraduate degree in Applied Networking and Systems Administration with a minor in Criminal Justice, also at R.I.T. David is coauthor on two papers on networking and networking security published in peer-reviewed journals.
Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M.
STEW G52 (Suite 050B), West Lafayette Campus. More information...