A Protocol and Simulation for Distributed Communication Firewalls - PowerPoint PPT Presentation

1 / 30
About This Presentation
Title:

A Protocol and Simulation for Distributed Communication Firewalls

Description:

... uses three parameters to define. how to filter. -A : ... are define to support a lengthy search for attackers who may be spoofing the source address. ... – PowerPoint PPT presentation

Number of Views:53
Avg rating:3.0/5.0
Slides: 31
Provided by: csieNc
Category:

less

Transcript and Presenter's Notes

Title: A Protocol and Simulation for Distributed Communication Firewalls


1
A Protocol and Simulation for Distributed
Communication Firewalls
  • 2000/10/22
  • hkchang

2
  • Author Smith, R.N. Bhattacharya, S.
  • This paper appears in Computer Software and
    Applications Conference, 1999. COMPSAC '99.
    Proceedings.The Twenty-Third Annual International
    On page(s) 74 - 79 27-29 Oct. 1999

3
Introduction
  • There are several method for network security.
  • -Encryption
  • -Firewall
  • -Intrusion detection
  • Firewalls were placed only at the interface
    between a LAN and the Internet.

4
Introduction (Cont.)
  • Each signal firewall provides a great deal of
    security but each does not solve a very important
    problem of denial-of service.
  • This paper idea was for multiple firewalls to
    provide individual LANs with multiple levels of
    security.

5
System Overview(1)
  • The idea for distribution firewalls across the
    Internet was prompted by the increase in security
    attacks reported and the recent increase in the
    number of firewall vendors.
  • The current firewalls do nothing for attack other
    than discourage the attack by ignoring the message

6
System Overview(2)
  • This distribution of firewalls well be designed
    to communication with one another
  • We will use communicating gateway firewalls
    (CGFWs) protocol

7
System Overview(3)
  • We assume- Network is G(V,E).- V represents
    the set of routers(Firewalls)- E represents the
    set of network link- v represents the set of
    trusted nodes (CGFW)- v
    represents the set of untrusted nodes (vV-v)

8
Border Gateway Protocol
  • BGP is utilized by routing devices to devices to
    share network routing table information.
  • We propose to utilize BGP-4.
  • We do not propose any modifications to BG -P
    other than to add a new BGP-4 message type and to
    act as a carrier of the CGFW protocol.

9
LAN FW
N1
Open socket to port 179
Open with Authentication(BGP-4)
CGFW Command Message (BGP-4)
Close socket to port 179
Fig. 1 Basic CGFW Flow
10
Border Gateway Protocol(Cont.)
  • We are proposing a separate authentication
    wrapper around our emoedded CGFW protocol.
  • BGP-4 message type include-Open-Update-Notific
    ation-Keepalive

11
Marker 19 bytes
Length 2 bytes
Type 1 byte
Fig. 2 BGP-4 Message Header
12
CGFW Protocol
  • When a node have been attacked and wishes to
    block the attack nearer to the source gateway.It
    will - Send a CGFW request message to Firewall
  • When a firewall(CGFW) receives a CGFW request
    message. It will -initial CGFW Protocol.-Relay
    the CGFW request message to another firewall.

13
CGFW Protocol(Cont.)
  • Each (CGFW)Firewall is acting autono-mously.
  • CGFW Protocol have several functions-Filter
    Monitor Requests-Relay Feature.-Status
    Topology Requests.-Partitioning for Security
    Zone.

14
Filter Monitor Requests
  • The requestor can send a filter request to filter
    attackers packets.
  • This paper uses three parameters to definehow to
    filter.-A destination address.-P Protocol
    type.-S Service port number.

15
Filter Monitor Requests(Cont.)
  • The Monitor commands will include action,start
    time,and time duration.
  • The action has three parts.-To monitor activity
    related to traffic from a particular source-To
    monitor filtering packets.-To monitor adjacent
    CGFWs.

16
Relay Feature.
  • A relay feature can be specified in the
    filter,monitor,or status request message.
  • If the relay request is specified, the CGFW will
    relay the message.
  • The relay feature include two parameters(n,c).

17
Relay Feature.(Cont.)
  • The n parameter specifies to relay the request to
    n other CGFW nodes.
  • The c parameter specifies to skip the c node with
    each relay.
  • If the attack is spoofing the source address,
    relay feature will aid in search for the ture
    address

18
LAN FW
N3
N4
N5
RequestRelay
Relay
Relay
Unsolicited Status
Fig. 3 CGFW Command With Relay
19
Status Topology Requests.
  • A number of status option are define to support a
    lengthy search for attackers who may be spoofing
    the source address.
  • Status requests are separated from the normal
    TCP/IP protocol extended periods over which the
    filter may be activated for stopping the attack.

20
Status Topology Requests.(Cont.)
  • During the filter period, a periodic status
    report can be returned to the originator.
  • Status request will stop when once the attacker
    is located, legal action may be taken to stop the
    attack and then the filter can be removed.

21
LAN FW
N3
N4
N5
RequestRelay
Relay
Relay
Unsolicited Status
Status Query
Status
Fig. 4 CGFW Status Request
22
Partitioning for Security Zone.(1)
  • The approach of this paper is to require each
    CGFW node to remember a small number of adjacent
    CGFW nodes.
  • Partitioning the network to isolate a network
    attacker is difficult.-The Internet is
    extensive.-May not have all nodes configured
    with CGFW protocol.

23
Partitioning for Security Zone.(2)
  • To handle the vast topology of the
    internet.-Each CGFW will be responsible for
    know- ing only a small number of adjacent
    coop- erating gateway firewalls.-Each CGFW
    will record information to enable
    communication to n adjacent CGFWs in each
    direction form itself.

24
Partitioning for Security Zone.(3)
  • And then originator will utilize the capabilities
    of relay and skip to set up the security zone.

25
Attacker
Attackee
CGFWs
Untrusted
Fig. 1 Security Zones
26
LAN Firewall Connects to CGFW via TCP/IP Socket
LAN Firewall performs BGP-4 Open Command
LAN Firewall and CGFW perform Authentication
Filtering,Monitor,
Relay
Partitioning
Status
Decision
Close Connection
Fig. 6 CGFW Protocol Overview
27
Simulator
  • Program Language Java
  • OS ??
  • Environment- Multiple threads.- Each router
    has 8 links.- Use I/O socket as link.- Buffer
    queue. - Graphics function.

28
Conclusions and Future Work
  • The approach presented for communication gateway
    firewall(CGFW) protocol can easily be added to
    existing router protocol.(Routers or Switches
    can also add CGFW protocol.)
  • Issue-Slow speed.-More memory.

29
Conclusions and Future Work(Cont.)
  • Further work- network partitioning.(minimize
    delay)- minimize storage of communicating data.

30
Reference
  • Smith , R.N. , Bhattacharya , S.,Firewall
    Placement in a Large Network Topology Proc. IEEE
    Future Trends of Distributed Computing systems.
    Oct 29-31, 1997
  • Smith , R.N. , Bhattacharya , S.,Operating
    Firewalls Outside the LAN Perimeter 18th IEEE
    International Performance, Computing,and
    Communications Conference, Feb 10-12, 1999
  • Smith , R.N. , Bhattacharya , S. ,Fault and Leak
    Tolerance in Firewall Engineering Proc. Third
    IEEE International High-Assurance Systems
    Engineering Symposium. Nov 13-14, 1998
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "A Protocol and Simulation for Distributed Communication Firewalls" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!