Developing Security-Enhanced Model For Enterprise Network

Abstract

Enterprise network (EN) supports thousands of users across different locations, it interconnects many networks that are geographically distributed through vast distance. EN hosts hundreds of servers that provide several services such as web applications, databases, E-mail, and others. ENs are different from other networks such as LAN, MAN, and WAN, this difference is represented in its size, resource management, and security. It includes a large number of LAN and WAN networks, it uses different communication protocols to interconnect LANs. EN facilities system and device interoperability, it is tightly controlled to support internal and external enterprise data management. Usually, EN integrates different operating systems such as Windows, Linux, mainframes, smart phones and tablets. Moreover EN integrates a large number of communication protocols and services. Security threats represent a big problem to enterprise network, they try to damage enterprise confidentiality, integrity, and availability. Advanced Persistent Threat APT are complex attacks that target governments, organizations, companies, and hence ENs. Security provides protection against attacks, hacking, and data theft, while failover technique provides a high available services of EN. Other techniques such as fault tolerance and load balancing are used to maintain a robust EN. As EN needs to maintain a continuous communication between users, servers, and networks, the task of providing performance, reliability, scalability, redundancy, and security become large and complicated. In this research thesis, we propose a security-enhanced model of enterprise network (SEEN).SEEN is one of few security model that are proposed for protection against APT attacks. The proposed model provides security at different layers of the OSI reference model. It uses devices and software tools to achieve this purpose. We integrate both hardware and software solutions in the proposed model, most previous proposed security model lack this integration. In our thesis, we perform a defense evaluation for the proposed security model, the results show that it is able to detect and prevent a large number of attacks and malicious codes as well as Aurora attack in an effective way. Performance evaluation shows that applying proposed security model has little effects on bandwidth utilization and hence network performance.