Increasing Firewall Reliability by Recording Routes
This paper describes an implementation of an experimental firewall. This firewall differs from conventional firewalls since it takes the route a request has followed through the network into account to decide whether packets should be allowed through or not. This enables an organisation to reduce the possibility of spoofing and, in some cases, avoid the use of untrusted network routes by external clients. The code of the firewall is included.
The firewall is intended for TCP/IP networks. It is implemented on the Linux operating system.
KeywordsComputer-communication Networks—Security and protection Network Protocols—TCP/IP Security and Protection Keyword Codes: C2.0 C2.2 K6.5
- Anonymous (1995) IP spoofing attacks latest threat. Computer Fraud 6 Security Bulletin, March 1995, 1–2.Google Scholar
- Boshoff, W.H. (1989) A Path Context Model for Computer Security Phenomena in Po-tentially Non-Secure Environments. Ph.D Dissertation, Rand Afrikaans University, Jo-hannesburg.Google Scholar
- Boshoff, W.H. and Von Solms, S.H. (1990) Application of a Path Context Approach to Computer Security Fundamentals. Information Age, 12, 2, 83–90.Google Scholar
- CERT (1995) CERT Summary CS-95:01. Computer Emergency Response Team, Carnegie Mellon University, Pittsburgh, Pennsylvania.Google Scholar
- RFC791 (1981) DARPA Internet Program Protocol Specification. Information Sciences Institute, University of Southern California, California.Google Scholar
- Shay, W.A. (1995) Understanding Data Communications and Networks. PWS Publishing, Boston, Massachusetts.Google Scholar