INTERNAL NETWORK SECURITY
ABSTRACT
Firewalls have been around for several years, and they are a natural component of most networks connected to the Internet. In general, a firewall protects a network from unintended access from the external network, which could be the Internet. At the same time, the firewall allows the protected network to communicate with the external network. This is possible because a firewall is able to distinguish between a connection initiated from the outside (inbound) and a connection initiated from the inside (outbound). It is therefore able to restrict inbound connections to specific services, intentionally offered to the external network. At the same time, outbound connections are largely allowed. This makes the firewall almost transparent to the protected network. It also means that any application, started on the protected network, is able to communicate freely to the external network. Unfortunately, this is not always what we want.
A backdoor application may run inside the protected network, and secretly make a connection to a hacker on the Internet. The firewall is not able to tell whether network packets are sent from a backdoor application or a simple web-browser.
In this thesis we have a closer look at the network packets leaving the protected network, while we let the conventional firewall techniques handle the ones that are incoming. We extend the firewall in such a way that it is able to distinguish outgoing network packets based on the identity of the host, user and application responsible for transmitting them. If a protected host wants to communicate with the external network it is forced to reveal its identity, together with the identity of the sending application and user, for each network packet sent to the firewall.
Click here to download the full paper
Firewalls have been around for several years, and they are a natural component of most networks connected to the Internet. In general, a firewall protects a network from unintended access from the external network, which could be the Internet. At the same time, the firewall allows the protected network to communicate with the external network. This is possible because a firewall is able to distinguish between a connection initiated from the outside (inbound) and a connection initiated from the inside (outbound). It is therefore able to restrict inbound connections to specific services, intentionally offered to the external network. At the same time, outbound connections are largely allowed. This makes the firewall almost transparent to the protected network. It also means that any application, started on the protected network, is able to communicate freely to the external network. Unfortunately, this is not always what we want.
A backdoor application may run inside the protected network, and secretly make a connection to a hacker on the Internet. The firewall is not able to tell whether network packets are sent from a backdoor application or a simple web-browser.
In this thesis we have a closer look at the network packets leaving the protected network, while we let the conventional firewall techniques handle the ones that are incoming. We extend the firewall in such a way that it is able to distinguish outgoing network packets based on the identity of the host, user and application responsible for transmitting them. If a protected host wants to communicate with the external network it is forced to reveal its identity, together with the identity of the sending application and user, for each network packet sent to the firewall.
Click here to download the full paper
INTERNAL NETWORK SECURITY
Reviewed by
Ahamed Yaseen
on
07:37
Rating:
No comments :