Title :
Advanced security proxies: an architecture and implementation for high-performance network firewalls
Author :
Knobbe, Roger ; Purtell, Andrew ; Schwab, Stephen
Author_Institution :
TIS Lab., Network Assoc., Los Angeles, CA, USA
fDate :
6/21/1905 12:00:00 AM
Abstract :
The TIS Labs advanced security proxies´ (ASP) project is investigating software architectures for high-performance firewalls to enable the secure use of next generation networks. The project objective is to demonstrate an architecture and implementation in which protocol-specific proxies control when data transmission is allowed across the firewall, but which allows the proxy a range of options in determining how that data transits the firewall. By employing proxies that selectively use a range of lower-level protocol stack features, this novel architecture provides higher performance and greater flexibility in determining exactly what information the proxies examine. These decisions are made at the granularity of each proxied connection. We describe the firewall design and implementation and report preliminary experimental results using Fast Ethernet
Keywords :
local area networks; security of data; software architecture; telecommunication security; transport protocols; Fast Ethernet; TCP/IP; TIS Labs; advanced security proxies; data transmission control; experimental results; firewall design; high-performance network firewalls; lower-level protocol stack; protocol-specific proxies; proxied connection granuality; software architectures; Application specific processors; Communication system traffic control; Computer architecture; Data security; Filtering; Filters; Hardware; Network servers; Operating systems; Protocols;
Conference_Titel :
Military Communications Conference Proceedings, 1999. MILCOM 1999. IEEE
Conference_Location :
Atlantic City, NJ
Print_ISBN :
0-7803-5538-5
DOI :
10.1109/MILCOM.1999.822781
