Advanced security proxies: an architecture and implementation for high-performance network firewalls

Author

Knobbe, Roger ; Purtell, Andrew ; Schwab, Stephen

Author_Institution

TIS Lab., Network Assoc., Los Angeles, CA, USA

Volume

1

fYear

1999

fDate

6/21/1905 12:00:00 AM

Firstpage

734

Abstract

The TIS Labs advanced security proxies´ (ASP) project is investigating software architectures for high-performance firewalls to enable the secure use of next generation networks. The project objective is to demonstrate an architecture and implementation in which protocol-specific proxies control when data transmission is allowed across the firewall, but which allows the proxy a range of options in determining how that data transits the firewall. By employing proxies that selectively use a range of lower-level protocol stack features, this novel architecture provides higher performance and greater flexibility in determining exactly what information the proxies examine. These decisions are made at the granularity of each proxied connection. We describe the firewall design and implementation and report preliminary experimental results using Fast Ethernet

Keywords

local area networks; security of data; software architecture; telecommunication security; transport protocols; Fast Ethernet; TCP/IP; TIS Labs; advanced security proxies; data transmission control; experimental results; firewall design; high-performance network firewalls; lower-level protocol stack; protocol-specific proxies; proxied connection granuality; software architectures; Application specific processors; Communication system traffic control; Computer architecture; Data security; Filtering; Filters; Hardware; Network servers; Operating systems; Protocols;

fLanguage

English

Publisher

ieee

Conference_Titel

Military Communications Conference Proceedings, 1999. MILCOM 1999. IEEE

Conference_Location

Atlantic City, NJ

Print_ISBN

0-7803-5538-5

Type

conf

DOI

10.1109/MILCOM.1999.822781

Filename

822781