Abstract
Firewalls are a widely used security mechanism to provide access control and auditing at the border between “open” and private networks or administrative domains. As part of the network infrastructure they are strongly affected by the development and deployment of new communication paradigms and applications.Currently we experience a very fast rise in the use of multimedia applications. These differ in many aspects from “traditional applications”, for example concerning bandwidth usage, dynamic protocol elements or multiple data flows for one application session. Corresponding firewall mechanisms and techniques did not change with the same dynamics though. Currently existing firewalls have problems supporting these new type of applications because to some extent they try to map the new characteristics to the manner of conventional applications which they are able to handle. We strongly believe that new application types require new firewall techniques and mechanisms. In this paper, we identify typical characteristics of multimedia applications that cause problems using traditional firewalls. Based on this analysis we deduce enhancements to existing firewalls that can be used to better adapt to a communication environment in which multimedia applications are used. We describe these enhancements in general, show a adequate systems architecture and present a implementation based on this design. The feasibility of that approach has been shown in the example scenario that we finally present.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Network Associates: Application Gateways and Stateful Inspection, http://www.avolio.com/apgw+spf.html
Chapman, D.B.: Building Internet Firewalls, O’Reilly, Cambridge, 1995
Cheswick, W.R., Bellovin S.M.: Firewalls and Internet Security, Addison Wesley, 1994
Finlayson, R.: IP Multicast and Firewalls, Internet Draf draft-ietf-mboned-mcast-firewall-02.txt, 1998
Steinmetz, R., Nahrstedt, C: Multimedia: Computing, Communications & Applications, Prentice-Hall, 1995
Comer, D.E.: Internetworking with TCP/IP, Volume I, 2nd Edition, Prentice Hall, 1991
Reed, D.: IP-Filter, http://coombs.anu.edu.au/~avalon/
Progressive Networks: Real Audio, http://www.real.com/
ITU: ITU-T Recommendation H.323, Packet-Based Multimedia Communications Systems, 1998
Ellermann, U., Benecke, C: Parallel Firewalls: Scalable solutions for High-speed Networks [German], DFN-CERT Workshop Sicherheit in vernetzten Systemen, Hamburg 1998
Leech, M., Ganis, M., Lee, Y., Kuris, R., Koblas, D., Jones, L.: SOCKS Protocol Version 5, RFC 1928, 1996
Cisco: Cisco’s PIX Firewall Series and Stateful Firewall Security, White Paper, 1997
Ellermann, U., Benecke, C: Tools for measuring the Performance of Proxies [German], published in MMB-Arbeitsgespräche: “Leistungs-, Zuverlässigkeits-und Verläßlichkeitsbewertung von Kommunikationsnetzen und verteilten Systemen”, Hamburg 1998
Utz Roedig, Ralf Ackermann, Christoph Rensing, and Ralf Steinmetz. DDFA Concept. Technical Report KOM-TR-1999-04, KOM, December 1999
Utz Roedig, Ralf Ackermann and Ralf Steinmetz. Evaluating and Improving Firewalls for IP-Telephony Environments. The 1st IP Telephony Workshop, Berlin 2000
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Roedig, U., Ackermann, R., Rensing, C., Steinmetz, R. (2000). A Distributed Firewall for Multimedia Applications. In: Schumacher, M., Steinmetz, R. (eds) Sicherheit in Netzen und Medienströmen. Informatik aktuell. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-58346-9_1
Download citation
DOI: https://doi.org/10.1007/978-3-642-58346-9_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-67926-4
Online ISBN: 978-3-642-58346-9
eBook Packages: Springer Book Archive