企业移动内网接入安全策略设计

2013 IEEE Seventh International Conference on Software Security and Reliability Companion Pub Date : 2013-06-18 DOI:10.1109/SERE-C.2013.14

Matthias Trojahn, F. Ortmeier

{"title":"企业移动内网接入安全策略设计","authors":"Matthias Trojahn, F. Ortmeier","doi":"10.1109/SERE-C.2013.14","DOIUrl":null,"url":null,"abstract":"Modern IT allows new markets and business process for many enterprises. One aspect is that new networks tolerate intranet access from almost any location. Some examples include completing health insurance contracts online at the customer or supporting a maintenance team with company expertise while working at customers. However, the increasing mobility of employees brings also high risk from a security point of view. This paper presents a decision support strategy for enterprises to decide on their security strategy for dealing with mobile intranet access. The paper only focuses on user authentication methods. Security protocols and encryption are - of course - needed but not in scope of this paper. The core idea is to derive generic scenarios and requirements for mobile intranet access which can be weighted to represent the needs of a specific company. Optimal solutions can be found by analyzing the model. The output is a rated ranking of different authentication techniques for the company.","PeriodicalId":150535,"journal":{"name":"2013 IEEE Seventh International Conference on Software Security and Reliability Companion","volume":"148 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Designing an Enterprise Security Strategy for Mobile Intranet Access\",\"authors\":\"Matthias Trojahn, F. Ortmeier\",\"doi\":\"10.1109/SERE-C.2013.14\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Modern IT allows new markets and business process for many enterprises. One aspect is that new networks tolerate intranet access from almost any location. Some examples include completing health insurance contracts online at the customer or supporting a maintenance team with company expertise while working at customers. However, the increasing mobility of employees brings also high risk from a security point of view. This paper presents a decision support strategy for enterprises to decide on their security strategy for dealing with mobile intranet access. The paper only focuses on user authentication methods. Security protocols and encryption are - of course - needed but not in scope of this paper. The core idea is to derive generic scenarios and requirements for mobile intranet access which can be weighted to represent the needs of a specific company. Optimal solutions can be found by analyzing the model. The output is a rated ranking of different authentication techniques for the company.\",\"PeriodicalId\":150535,\"journal\":{\"name\":\"2013 IEEE Seventh International Conference on Software Security and Reliability Companion\",\"volume\":\"148 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-06-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2013 IEEE Seventh International Conference on Software Security and Reliability Companion\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SERE-C.2013.14\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 IEEE Seventh International Conference on Software Security and Reliability Companion","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SERE-C.2013.14","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

现代IT为许多企业提供了新的市场和业务流程。一个方面是新网络允许几乎任何位置的内部网访问。一些示例包括在客户处在线完成健康保险合同，或者在为客户工作时支持具有公司专业知识的维护团队。然而，从安全的角度来看，员工流动性的增加也带来了很高的风险。本文提出了一种决策支持策略，用于企业制定应对移动内网访问的安全策略。本文只关注用户认证方法。安全协议和加密当然是必需的，但不在本文的讨论范围之内。核心思想是推导移动内部网访问的通用场景和需求，这些场景和需求可以加权以表示特定公司的需求。通过对模型的分析，可以找到最优解。输出是该公司不同身份验证技术的评级排名。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Designing an Enterprise Security Strategy for Mobile Intranet Access

Modern IT allows new markets and business process for many enterprises. One aspect is that new networks tolerate intranet access from almost any location. Some examples include completing health insurance contracts online at the customer or supporting a maintenance team with company expertise while working at customers. However, the increasing mobility of employees brings also high risk from a security point of view. This paper presents a decision support strategy for enterprises to decide on their security strategy for dealing with mobile intranet access. The paper only focuses on user authentication methods. Security protocols and encryption are - of course - needed but not in scope of this paper. The core idea is to derive generic scenarios and requirements for mobile intranet access which can be weighted to represent the needs of a specific company. Optimal solutions can be found by analyzing the model. The output is a rated ranking of different authentication techniques for the company.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2013 IEEE Seventh International Conference on Software Security and Reliability Companion

自引率

0.00%

发文量