Advanced Security Proxies: An Architecture and Implementation for High- Performance Network Firewalls
نویسندگان
چکیده
The TIS Labs Advanced Security Proxies (ASP) project is investigating software architectures for highperformance firewalls to enable the secure use of next generation networks. The project objective is to demonstrate an architecture and implementation in which protocol-specific proxies control when data transmission is allowed across the firewall, but which allows the proxy a range of options in determining how that data transits the firewall. By employing proxies that selectively use a range of lower-level protocol stack features, this novel architecture provides higher performance and greater flexibility in determining exactly what information the proxies examine. These decisions are made at the granularity of each proxied connection. We describe the firewall design and implementation and report preliminary experimental results using Fast Ethernet.
منابع مشابه
Trading Off Strength and Performance in Network Authentication: Experience with the ACSA Project
The NAI Labs Advanced Security Proxies (ASP) project is investigating software architectures for high-performance firewalls to enable the secure use of next generation networks. The project objective is to demonstrate an architecture and implementation in which protocol-specific proxies control when data transmission is allowed across the firewall, but which allows the proxy a range of options ...
متن کاملThe Effect of Firewall Testing Types on Cloud Security Policies
An important aspect of security requirements is a firm understanding of the threats to systems so that specific defense mechanisms can be implemented. Globally scattered network systems and on-demand access to systems such as cloud computing require a high level of security, because the software and hardware of networks are integrated in vulnerable shared or outsourced environments. Hackers are...
متن کاملFT-FW: A cluster-based fault-tolerant architecture for stateful firewalls
Nowadays, stateful firewalls are part of the critical infrastructure of the Internet. Basically, they help to protect network services and users against attackers by means of access control and protocol conformance checkings. However, stateful firewalls are problematic from the fault-tolerance perspective since they introduce a single point of failure in the network schema. In this work, we sum...
متن کاملPerformance and Information Security Evaluation with Firewalls
Firewalls are an essential part of any information security system being the first defense line against security attacks. The sea-saw effect between firewalls and network performance is most concerning to network users; where strict security settings result in weak network performance and permeant security settings allow for a stronger one. Hence, evaluating firewall platforms and their impact ...
متن کاملAn FPGA-based coprocessor for ATM firewalls
An agile firewall coprocessor is described that is based on field programmable gate array (FPGA) technology. This implementation of the firewall enables a high degree of traffic selectability yet avoids the usual performance penalty associated with IP level firewalls. This approach is applicable to high-speed broadband networks, and Asynchronous Transfer Mode (ATM) networks are addressed in par...
متن کامل