A Unified Network Security Architecture for Large, Distributed Networks, Phase I

In typical, multi-organizational networking environments, it is difficult to define and maintain a uniform authentication scheme that provides users with easy access to required information while maintaining the security and integrity of the underlying information. This proposal offers a unique and innovative architecture for doing so through the utilization of a Proxy Service Listener (PSL) and the implementation of a customized Domain Name Service (DNS) server. The PSL provides a centralized authentication function that acts as a credentialing authority for all network services, thereby enabling a single sign-on mechanism for all services/servers operating within the framework. This allows the implementation of a centralized access control infrastructure; yet, each service has the option to determine the access controls for its clients. Conforming to the Software-as-a-Service (SaaS) paradigm, the proposed solution has multiple benefits. It provides the means for NASA to offer a uniform access methodology to its large number of distributed end users. The proposed solution also provides protection against Denial of Service (DOS) attacks and an effective means for comprehensively monitoring usage of shared networking resources for security auditing and accounting purposes. It can be used to manage connections between services/applications just as effectively as between end users and applications/services. More »