Stealth Firewall: Invisible Wall for Network Security

Likhar, Praveen; Shankar Yadav, Ravi

doi:10.1007/978-981-15-2043-3_46

Stealth Firewall: Invisible Wall for Network Security

Praveen Likhar¹³ &
Ravi Shankar Yadav¹³

Chapter
First Online: 04 March 2020

807 Accesses
5 Citations

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 103))

Abstract

Firewall is one of the crucial pillars of network security. Conventional network firewalls are IP visible and hence vulnerable to network-based attack. IP visible firewalls are IP reachable by attackers from untrusted external network as well as from trusted internal network. A grave situation would result if an attacker managed to break into the firewall and reconfigure it. In this case, attacker can reconfigure the firewall to allow either some specific network service access or in worst case make entire private network reachable by anyone. The risks are Brobdingnagian, once the firewall is compromised, leads to fall the whole network within the mercy of the attacker. To address the security concern due to IP visibility, we designed a stealth packet filtering firewall leveraging the bridging and Netfilter framework of Linux kernel. This paper describes our approach of stealth firewall to overcome limitations of conventional gateway firewall.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 99.00; Price excludes VAT (USA)

Softcover Book: USD 129.99; Price excludes VAT (USA)

Hardcover Book: USD 199.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

Cheswick WR, Bellovin S, Rubin A (2003) Firewalls and internet security, 2nd edn. Addison-Wesley
Google Scholar
Ranum MJ (1992) A network firewall. In: World conference on system administration and security, Washington. DC, pp 153–163
Google Scholar
Chapman D, Zwicky E, Cooper S (2000) Building internet firewalls, 2nd edn. O’Reilly
Google Scholar
Mogul J, Rashid R, Accetta M (1987) The packet filter: an efficient mechanism for user-level network code. In: Eleventh ACM symposium on operating systems principles, pp 39–51
Google Scholar
Andreasson O (2006) IPtables tutorial 1.2.2
Google Scholar
Chen S, Iyer R, Whisnant K (2002) Evaluating the security threat of firewall data corruption caused by instruction transient errors. In: International conference on dependable systems & network, Washington, DC, pp 495–504. 10.1109/DSN.2002.1028938
Google Scholar
Ingham K, Forrest S (2002) A history and survey of network firewalls. ACM J 1–42
Google Scholar
Benvenuti C (2009) Understanding linux network internals. O’Reilly Media
Google Scholar
Russell R, Welte H (2002) Linux Netfilter Hacking HOWTO. Revesion 1:14
Google Scholar
Ebtables and bridge. http://ebtables.netfilter.org. Last accessed 21 Apr 2019
Jianbing L, Yan M (1999) Packet filtering in bridge. In: Internet workshop. IEEE-communications society, Piscataway, NJ, pp 94–98
Google Scholar
Keromytis AD, Wright JL (2000) Transparent network security policy enforcement. In: USENIX technical conference, San Diego, CA, pp 215–226
Google Scholar
Rosen R (2013) Linux Kernel networking: implementation and theory. Apress
Google Scholar
Gregor NP (2004) Linux Iptables pocket reference. O’Reilly Media
Google Scholar
Tzu S (2019) The art of war. http://www.ccs.neu.edu/home/thigpen/html/art_of_war.html. Last accessed 21 Apr 2019
Ethernet Bridging. https://www.kernel.org/doc/html/latest/networking/bridge.html. Last accessed 21 Apr 2019
802.1D MAC bridges IEEE standard. http://www.ieee802.org/1/pages/802.1D.html. Last accessed 21 Apr 2019
Ebtables patch download. ftp://ftp.netfilter.org/pub/ebtables/old/ebtables-brnf-13_vs_2.4.37.9.diff.gz. Last accessed 21 Apr 2019
Bridge-utils-1.6. http://www.linuxfromscratch.org/blfs/view/svn/basicnet/bridge-utils.html.Last accessed 21 Apr 2019
RHEL 7, Kernel Administration Guide. https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/kernel_administration_guide/index, 2018. Last accessed 21 Apr 2019
Bradner S, McQuaid J (2005) Benchmarking methodology for network interconnect devices. In: RFC 2544
Google Scholar
Almes G, Kalidindi S, Zekauskas M (1999) A one-way delay metric for IPPM. In: RFC 2679
Google Scholar

Download references

Author information

Authors and Affiliations

Centre for Artificial Intelligence and Robotics (CAIR), Defence Research and Development Organisation (DRDO), Bangalore, 560093, India
Praveen Likhar & Ravi Shankar Yadav

Authors

Praveen Likhar
View author publications
You can also search for this author in PubMed Google Scholar
Ravi Shankar Yadav
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Praveen Likhar .

Editor information

Editors and Affiliations

Guru Nanak Institutions, Hyderabad, Telangana, India
Harvinder Singh Saini
Guru Nanak Institutions, Hyderabad, Telangana, India
Rishi Sayal
School of Computing and Information Systems, The University of Melbourne, Melbourne, VIC, Australia
Rajkumar Buyya
Department of Computer Science and Engineering, Jawaharlal Nehru Technological University Hyderabad, Hyderabad, Telangana, India
Govardhan Aliseri

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Likhar, P., Shankar Yadav, R. (2020). Stealth Firewall: Invisible Wall for Network Security. In: Saini, H., Sayal, R., Buyya, R., Aliseri, G. (eds) Innovations in Computer Science and Engineering. Lecture Notes in Networks and Systems, vol 103. Springer, Singapore. https://doi.org/10.1007/978-981-15-2043-3_46

Download citation

DOI: https://doi.org/10.1007/978-981-15-2043-3_46
Published: 04 March 2020
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-2042-6
Online ISBN: 978-981-15-2043-3
eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics