Advanced security proxies: an architecture and implementation for high-performance network firewalls

Author

Knobbe, Roger ; Purtell, Andrew ; Schwab, Stephen

Author_Institution

Network Associates Inc., USA

Volume

1

fYear

2000

fDate

6/22/1905 12:00:00 AM

Firstpage

140

Abstract

The NAI Labs Advanced Security Proxies (ASP) project is investigating software architectures for high-performance firewalls to enable the secure use of next generation networks. The project objective is to demonstrate an architecture and implementation in which protocol-specific proxies control when data transmission is allowed across the firewall, but which allows the proxy a range of options in determining how that data transits the firewall. By employing proxies that selectively use a range of lower-level protocol stack features, this novel architecture provides higher performance and greater flexibility in determining exactly what information the proxies examine. These decisions are made at the granularity of each proxied connection. We describe the firewall design and implementation and report preliminary experimental results using Fast Ethernet

Keywords

computer network management; computer networks; security of data; software architecture; ASP; Advanced Security Proxies; high-performance firewalls; network firewalls; next generation networks; protocol stack features; protocol-specific proxies; software architectures; Application specific processors; Authentication; Communication system traffic control; Electrical capacitance tomography; Filtering; Finite impulse response filter; Network servers; Notice of Violation; Protocols; TCPIP;

fLanguage

English

Publisher

ieee

Conference_Titel

DARPA Information Survivability Conference and Exposition, 2000. DISCEX '00. Proceedings

Conference_Location

Hilton Head, SC

Print_ISBN

0-7695-0490-6

Type

conf

DOI

10.1109/DISCEX.2000.824974

Filename

824974