{"id":183327,"date":"2006-09-20T00:00:00","date_gmt":"2009-10-31T12:38:43","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/research\/msr-research-item\/ethane-a-protection-architecture-for-enterprise-networks\/"},"modified":"2016-09-09T09:53:31","modified_gmt":"2016-09-09T16:53:31","slug":"ethane-a-protection-architecture-for-enterprise-networks","status":"publish","type":"msr-video","link":"https:\/\/www.microsoft.com\/en-us\/research\/video\/ethane-a-protection-architecture-for-enterprise-networks\/","title":{"rendered":"Ethane: A Protection Architecture for Enterprise Networks"},"content":{"rendered":"<div class=\"asset-content\">\n<p>Connectivity in enterprise networks is provided by technologies not designed to offer protection. As a response to growing security demands, network designers have attempted to retrofit access controls onto an otherwise permissive architecture using various interdiction mechanisms such as ACLs, packet filters, and other middleboxes. This has lead to enterprise networks that are inflexible, fragile, and difficult to manage.<\/p>\n<p>To address these limitations, we offer Ethane, a backwards compatible network architecture where connectivity is restricted by default and only granted to senders on request. All routing and access control decisions are made by a logically-centralized server that grants access to services by explicitly setting up routes, according to declarative access control policies (e.g., &#8220;Alice can access http server foo&#8221;). Access controls are enforced at each switch, which are simple and only minimally trusted. Ethane offers strong attack resistance and containment in the face of compromise, yet is practical for everyday use.<\/p>\n<\/div>\n<p><!-- .asset-content --><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Connectivity in enterprise networks is provided by technologies not designed to offer protection. As a response to growing security demands, network designers have attempted to retrofit access controls onto an otherwise permissive architecture using various interdiction mechanisms such as ACLs, packet filters, and other middleboxes. This has lead to enterprise networks that are inflexible, fragile, [&hellip;]<\/p>\n","protected":false},"featured_media":195003,"template":"","meta":{"msr-url-field":"","msr-podcast-episode":"","msrModifiedDate":"","msrModifiedDateEnabled":false,"ep_exclude_from_search":false,"_classifai_error":"","msr_hide_image_in_river":0,"footnotes":""},"research-area":[],"msr-video-type":[],"msr-locale":[268875],"msr-post-option":[],"msr-session-type":[],"msr-impact-theme":[],"msr-pillar":[],"msr-episode":[],"msr-research-theme":[],"class_list":["post-183327","msr-video","type-msr-video","status-publish","has-post-thumbnail","hentry","msr-locale-en_us"],"msr_download_urls":"","msr_external_url":"https:\/\/youtu.be\/NmXTsum3w5g","msr_secondary_video_url":"","msr_video_file":"","_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-video\/183327","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-video"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/types\/msr-video"}],"version-history":[{"count":0,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-video\/183327\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/media\/195003"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/media?parent=183327"}],"wp:term":[{"taxonomy":"msr-research-area","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/research-area?post=183327"},{"taxonomy":"msr-video-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-video-type?post=183327"},{"taxonomy":"msr-locale","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-locale?post=183327"},{"taxonomy":"msr-post-option","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-post-option?post=183327"},{"taxonomy":"msr-session-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-session-type?post=183327"},{"taxonomy":"msr-impact-theme","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-impact-theme?post=183327"},{"taxonomy":"msr-pillar","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-pillar?post=183327"},{"taxonomy":"msr-episode","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-episode?post=183327"},{"taxonomy":"msr-research-theme","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-research-theme?post=183327"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}