
Copyright(c), 1990, 1995 Fred Cohen - All Rights Reserved

The increased complexity of networks increases the likelihood that an administrative or management error could cause severe harm. This is particularly critical in networks modeled by a single security perimeter since any single error could cause a global protection failure. In the POset network, distributed and hierarchical administration and management are possible, and this limits the maximal effects of even a network manager, but complexity is still relatively high in this case, and errors may have severe effects.

A method for solving the management problem follows directly from the techniques used to solve the design problems of network protocol design and verification, cryptosystem analysis and implementation, and hardware and OS design. Automated tools for assisting administrators seems the only rational solution. The use of automated administrative assistance has been studied, and initial mathematics and prototype designs for such systems have been shown. Basic risk analysis has been extended for POset networks wherein complexity is reduced because of collusion analysis, and a simplified risk analysis technique for these networks has been demonstrated.