An open system for transparent firewall authentication and user traffic identification within corporate intranets
Pages 113 - 118
Abstract
Classical firewalls provide network security by matching a network flow's 5-tuple information against user defined packet filters loaded into memory. In today's dynamic network environments where threats can be both outside and inside a network, it is not sufficient to simply identify the originator of a data packet by a source address and port pair. It is necessary to identify the user or entity responsible for the transmission.
An open and vendor neutral authentication scheme inspired by the IPSEC Authentication Header is presented which allows for the creation of firewall packet filters based on user identity.
References
[1]
Ackermann, R., Roedig, U., Zink, M., Griwodz, C. and Steinmetz, R. Associating network flows with user and application information. In Proceedings of the 2000 ACM workshops on Multimedia (Los Angeles, California, United States, 2000).
[2]
Bahl, V., Balachandran, A. and Venkatachary, S. The CHOICE Network: Broadband Wireless Internet Access In Public Places. Microsoft Research, 2000.
[3]
Candolin, C., Lundberg, J. and Kari, H. Packet level authentication in military networks. In Proceedings of the 6th Australian Information Warfare & IT Security Conference (Geelong, Australia, November, 2005)
[4]
Cisco Systems. IPv6 Extension Headers Review and Considerations. http://www.cisco.com/en/US/technologies/tk648/tk872/technologies_white_paper0900aecd8054d37d.pdf (October 2006)
[5]
Dierks, T. and Rescorla, E. The Transport Layer Security (TLS) Protocol Version 1.1. Request for Comments 4346 (April 2006).
[6]
Fenner, B. Experimental Values in IPv4, IPv6, ICMPv4, ICMPv6, UDP, and TCP Headers. Request for Comments 4727 (November 2006)
[7]
Fransson, P. and Jonsson, A. End-to-end measurements on performance penalties of IPv4 options. In Proceedings of the 2004 IEEE Global Telecommunications Conference (Dallas, Texas, United States, 2004)
[8]
Harkins, D. and Carrel, D. The Internet Key Exchange (IKE). Request for Comments 2409 (November 1998).
[9]
Hucaby, D. Cisco ASA, PIX, and FWSM Firewall Handbook. Cisco Press, 2005.
[10]
Kent, S. and Atkinson, R. IP Authentication Header. Request for Comments 2401 (November 1998).
[11]
Krawczyk H., Bellare M. and Canetti R. HMAC: Keyed-Hashing for Message Authentication. Request for Comments 2104 (February 1997)
[12]
Leech, M., Ganis, M., Lee, Y., Kuris, R., Koblas, D. and Jones, L. SOCKS Protocol Version 5. Request for Comments 1928 (March 1996).
[13]
Madson, C. and Glenn, R. The Use of HMAC-MD5-96 within ESP and AH. Request for Comments 2403 (November 1998).
[14]
Madson, C. and Glenn, R. The Use of HMAC-SHA-1-96 within ESP and AH. Request for Comments 2404 (November 1998).
[15]
Microsoft Corporation. Windows Filtering Platform. http://www.microsoft.com/whdc/device/network/wfp.mspx (May 2008)
[16]
Mogul, J. and Deering, S. Path MTU Discovery. Request for Comments 1191 (November 1990).
[17]
Noel, M. Microsoft ISA Server 2006 Unleashed. Sams, 2007.
Index Terms
- An open system for transparent firewall authentication and user traffic identification within corporate intranets
Recommendations
Firewall queries
OPODIS'04: Proceedings of the 8th international conference on Principles of Distributed SystemsFirewalls are crucial elements in network security, and have been widely deployed in most businesses and institutions for securing private networks. The function of a firewall is to examine each incoming and outgoing packet and decide whether to accept ...
Universally Composable Firewall Architectures Using Trusted Hardware
Cryptography and Information Security in the BalkansAbstractNetwork firewalls are a standard security measure in computer networks that connect to the Internet. Often, ready-to-use firewall appliances are trusted to protect the network from malicious Internet traffic. However, because of their black-box ...
Comments
Information & Contributors
Information
Published In
October 2008
280 pages
Copyright © 2008 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 16 October 2008
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
SIGITE08
Sponsor:
SIGITE08: ACM Special Interest Group for Information Technology Education Conference
October 16 - 18, 2008
OH, Cincinnati, USA
Acceptance Rates
Overall Acceptance Rate 176 of 429 submissions, 41%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 404Total Downloads
- Downloads (Last 12 months)2
- Downloads (Last 6 weeks)0
Reflects downloads up to 28 Dec 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in