HOME

TheInfoList



Click Here for Items Related To - Secure End Node
OR:
Secure End Node on:   [Wikipedia]   [Google]   [Amazon]

A Secure End Node is a trusted, individual computer that temporarily becomes part of a trusted, sensitive, well-managed network and later connects to many other (un)trusted networks/clouds. SEN's cannot communicate good or evil data between the various networks (e.g. exfiltrate sensitive information, ingest malware, etc.). SENs often connect through an untrusted medium (e.g. the Internet) and thus require a secure connection and
strong authentication Strong authentication is a notion with several definitions. Strong (customer) authentication definitions Strong authentication is often confused with two-factor authentication (more generally known as multi-factor authentication), but strong a ...
(of the device, software, user, environment, etc.). The amount of trust required (and thus operational, physical, personnel, network, and system security applied) is commensurate with the risk of piracy, tampering, and reverse engineering (within a given threat environment). An essential characteristic of SENs is they cannot persist information as they change between networks (or domains). The remote, private, and secure network might be organization's in-house network or a
cloud In meteorology, a cloud is an aerosol consisting of a visible mass of miniature liquid droplets, frozen crystals, or other particles suspended in the atmosphere of a planetary body or similar space. Water or various other chemicals may co ...
service. A Secure End Node typically involves authentication of (i.e. establishing trust in) the remote computer's hardware, firmware, software, and/or user. In the future, the device-user's environment (location, activity, other people, etc.) as communicated by means of its (or the network's) trusted sensors (camera, microphone, GPS, radio, etc.) could provide another factor of authentication. A Secure End Node solves/mitigates
end node problem The end node problem arises when individual computers are used for sensitive work and/or temporarily become part of a trusted, well-managed network/cloud and then are used for more risky activities and/or join untrusted networks. (Individual comp ...
. The common, but expensive, technique to deploy SENs is for the network owner to issue known, trusted, unchangeable hardware to users. For example, and assuming apriori access, a laptop's TPM chip can authenticate the hardware (likewise a user's smartcard authenticates the user). A different example is the DoDbr>Software Protection Initiative

Cross Fabric Internet Browsing System
that provides browser-only, immutable, anti-tamper thin clients to users Internet browsing. Another example is a non-persistent, remote client that boots over the network. A less secure but very low cost approach is to trust any hardware (corporate, government, personal, or public) but restrict user and network access to a known
kernel (computing) Kernel may refer to: Computing * Kernel (operating system), the central component of most operating systems * Kernel (image processing), a matrix used for image convolution * Compute kernel, in GPGPU programming * Kernel method, in machine learnin ...
and higher software. An implementation of this is a
Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which ...
Live CD A live CD (also live DVD, live disc, or live operating system) is a complete bootable computer installation including operating system which runs directly from a CD-ROM or similar storage device into a computer's memory, rather than loading fro ...
that creates a stateless, non-persistent client, for example
Lightweight Portable Security Lightweight Portable Security (LPS) was a Linux LiveCD (or LiveUSB) distribution, developed and publicly distributed by the United States Department of Defense’s Air Force Research Laboratory, that is designed to serve as a secure end node. T ...
. A similar system could boot a computer from a flashdriveTrusted Client, or be an immutable operating system within a smartphone or tablet.


See also

* Host (network) *
Node (networking) In telecommunications networks, a node (, ‘knot’) is either a redistribution point or a communication endpoint. The definition of a node depends on the network and protocol layer referred to. A physical network node is an electronic device ...


References

{{reflist Computer networking de:Netzwerkknoten