Dynamic Management of IPSec Security Policies Distribution

Because of different constraints such as the customers unceasing requirements, the large distribution of systems, the permanent modifications of the management environments themselves, etc., the environments devoted to the management of the inter-domain communications security must be generally dynamic and policy based. In this work, we will present a management environment, that is mainly based on a dynamic platform, to policy-based manage the inter-domain communications security. Our proposed platform uses IPSec protocol and is composed of a security IPSec Server (IPSecServ) to decide and perform all management tasks, a Monitoring Service (MS) to automate the IPSecServ functioning, and a Policy Decision Point (PDP) with a set of Policy Enforcement Points (PEPs) to decide and distribute IPSec security policies. Moreover, our proposed approach integrates also domains, roles, and policies specification language PONDER to organise the environment components and facilitate their management. A prototype is implemented by using CORBA environment and some experimental results are also presented.