Title :
Advanced security proxies: an architecture and implementation for high-performance network firewalls
Author :
Knobbe, Roger ; Purtell, Andrew ; Schwab, Stephen
Author_Institution :
Network Associates Inc., USA
fDate :
6/22/1905 12:00:00 AM
Abstract :
The NAI Labs Advanced Security Proxies (ASP) project is investigating software architectures for high-performance firewalls to enable the secure use of next generation networks. The project objective is to demonstrate an architecture and implementation in which protocol-specific proxies control when data transmission is allowed across the firewall, but which allows the proxy a range of options in determining how that data transits the firewall. By employing proxies that selectively use a range of lower-level protocol stack features, this novel architecture provides higher performance and greater flexibility in determining exactly what information the proxies examine. These decisions are made at the granularity of each proxied connection. We describe the firewall design and implementation and report preliminary experimental results using Fast Ethernet
Keywords :
computer network management; computer networks; security of data; software architecture; ASP; Advanced Security Proxies; high-performance firewalls; network firewalls; next generation networks; protocol stack features; protocol-specific proxies; software architectures; Application specific processors; Authentication; Communication system traffic control; Electrical capacitance tomography; Filtering; Finite impulse response filter; Network servers; Notice of Violation; Protocols; TCPIP;
Conference_Titel :
DARPA Information Survivability Conference and Exposition, 2000. DISCEX '00. Proceedings
Conference_Location :
Hilton Head, SC
Print_ISBN :
0-7695-0490-6
DOI :
10.1109/DISCEX.2000.824974
