Design and implementation of a content filtering firewall
نویسندگان
چکیده
A firewall is a system for enforcing access control policy between two networks and is one of the most important measures to protect against network attacks. Firewalls traditionally protect the internal network from outside threats. But there has been increasing need for preventing the misuses of the network by the internal users which most previous firewalls overlook. In this paper, we propose a method of adding content filtering functionality to the firewall and describe its implementation. We also show a new attack that combines JAVA Applet and XML to get around the content filtering firewall, hence showing the need for clear usage policy for software and systems.
منابع مشابه
Design & Implementation of High Speed Network Devices Using SRL16 Reconfigurable Content Addressable Memory (RCAM)
The Content Addressable Memory or CAM is a memory unit that uses content matching instead of addresses. CAMs are used in different networking, telecommunications and storage applications because of their parallel, fast search capabilities. In this paper the behavior of the SRL16 CAM design methodology was described using VHDL and implemented using FPGA technique. Then, the performance of the me...
متن کاملRouting, L2 Addressing, and Packet Filtering in a Hardware Engine
To improve throughput of personal computers used as Internet routers, hardware acceleration can be used. Packet classification unit employed in the design utilizes content addressable memory combined with comparison instructions. Routing, link layer addressing, and packet filtering has to be performed in a single operation. We have developed a representation of the first two called routing-ARP ...
متن کاملA flexible design of network devices using reconfigurable content addressable memory
The content addressable memory is a memory unit that uses content matching instead of addresses. content addressable memory are used in different networking, telecommunications and storage applications because of their parallel, fast search capabilities. This paper presents a new method (called array method) for designing Reconfigurable content addressable memory (RCAM). The behavior of the new...
متن کاملAnalysis of vulnerabilities in Internet firewalls
Firewalls protect a trusted network from an untrusted network by filtering traffic according to a specified security policy. A diverse set of firewalls is being used today. As it is infeasible to examine and test each firewall for all possible potential problems, a taxonomy is needed to understand firewall vulnerabilities in the context of firewall operations. This paper describes a novel metho...
متن کاملLarge-scale Spatiotemporal Characterization of Inconsistencies in the World's Largest Firewall
A nation-scale firewall, colloquially referred to as the “Great Firewall of China,” implements many different types of censorship and content filtering to control China’s Internet traffic. Past work has shown that the firewall occasionally fails. In other words, sometimes clients in China are able to reach blacklisted servers outside of China. This phenomenon has not yet been characterized beca...
متن کامل