Design a Resilient Network Infrastructure Security Policy Framework

Akashdeep Bhardwaj, G. V. B. Subrahmanyam, Vinay Avasthi, Hanumat Sastry
2016 Indian Journal of Science and Technology  
The information security policy development life cycle tend to lack focus on use of standard terms and semantics. This results in blurred outlines for monitoring, evaluation and enforcement of the security policy for the employees causing confusion in adhering and implementing it which leads to lack of process of publishing form the security policy, end user awareness, translation of high level policy to lowest level component configuration plans and actions to take in time of crisis. This
more » ... to the critical need for the designing an empirically tested, comprehensive security policy design. This paper proposes bridging the gap between the high level information security policy descriptions with the low level network infrastructure security implementation. Background Objectives: With new and innovative technologies such as Cloud, Remote computing, Enterprise Mobility, e-commerce on the rise, network security has remained an ever increasing challenge. This paper presents a security framework to bridge the gap between high level specification requirements and the low level implementation phase for network infrastructure security using the network architecture model with the security policies associated with the network components required to be enforced. Methods/Statistical Analysis: To achieve the framework design, architectural model and a set of design-level security policies are taken into consideration. Also discussed are the advantages and desired characteristics of the model, relating to existing process worked in the design area; and future research directions are pointed. Findings: The current information security policy development life cycle tends to have few disadvantages with the most critical being the overall lack of view of the policy. Typically a narrow view can be found when focusing only on development of the security policy documents and not including the actual practices for implementation or even maintenance of the security policies. This process does not address how the security policy would be development and enforced or even evaluated. The life cycle designs usually focus on policy for development instead of focusing on development process of the information security policy. Application: Utilizing Hybrid cloud architecture design so that internet facing tiers tend to be public clouds and internal secure applications and database tend to be private clouds. This change in network architecture helps take on the volumetric network and application layer DDoS attacks to ensure the traffic reaching the internal network tiers is free from such attackers. Using Rate controls, built-in intelligent WAFs, Client Reputation monitoring, be used in combination as part of a comprehensive defense against all types and sizes of cyber threats.
doi:10.17485/ijst/2016/v9i19/90133 fatcat:5ce6d46pwvdhlb5dao5emeuesu