Positif project
Policy-based Security Tools and Framework
Overview → What you get english polish
 Overview
   Why Positif
   What you get
   Examples
   Framework
   News
   Events
   Conferences
 Project
   Workpackages
   Documents
   Deliverables
   Software
   Standards
    → SDL
    → SPL
   Dissemination
   Partners
 Other
   Contact Us
   Newsletter
   Links
   Internal area
Information Society Technologies

 »   What you get ?

This is how the POSITIF-framework looks like in an overview:

The framework needs two descriptions as an input:

  1. The Security Description: The idea is to describe on different levels the security needs of your network.
  2. The other input is the description of all elements of your network. Including the security capabilities of each node.

The format for both of these descriptions will be a subset of CIM.

Security Checker

The interesting question for every System administrator is: Will my network fulfill my security needs?

The POSITIF framework has developed a module to answer this question accurately.

In addition to that answer, the security checker gives you also a sort of measurement of the actual level of security achieved by the policy given the network architecture.

Configuration engine

Once you can be sure, the your network fulfills the required security needs, you need to configure all your network elements.

When you think of a Multi vendor and/or multi HW/SW-platforms this is not an easy task.

The POSITIF framework has developed an automatic configuration engine to load the desired configuration into the various element, like firewalls and switches / routers / hubs.

Proactive Monitor

The proactive Security Monitor checks permanently the network for any behaviour that violates the deployed security policy. It does not only collect the events through sensors it also compares monitored data against the policy. This method allows the detection of even unknown attack signatures.

The monitor works in two ways: It uses standard threats and vulnerabilities and second the enforced policy.

If an event is monitored the output will be an alarm with certain severity. Also semiautomatic or automatic reactions can be enforced. If a security violation is detected an updated security policy will be deployed either to the full system or part of the targeted system.

The Monitor also tests the proper behaviour of the enforced policy by sending dummy attacks to a part or the network and verify the result of the attack.

The main difference to solutions on the market is the active and passive component of the PSM. Together with the POSITIF Framework the security of a complex network can be raised easily.

Proactive monitor Configuration engine Security checker
 
webmaster   •   © POSITIF Project 2004 - 2007