Abstract
Firewall is one of the crucial pillars of network security. Conventional network firewalls are IP visible and hence vulnerable to network-based attack. IP visible firewalls are IP reachable by attackers from untrusted external network as well as from trusted internal network. A grave situation would result if an attacker managed to break into the firewall and reconfigure it. In this case, attacker can reconfigure the firewall to allow either some specific network service access or in worst case make entire private network reachable by anyone. The risks are Brobdingnagian, once the firewall is compromised, leads to fall the whole network within the mercy of the attacker. To address the security concern due to IP visibility, we designed a stealth packet filtering firewall leveraging the bridging and Netfilter framework of Linux kernel. This paper describes our approach of stealth firewall to overcome limitations of conventional gateway firewall.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Cheswick WR, Bellovin S, Rubin A (2003) Firewalls and internet security, 2nd edn. Addison-Wesley
Ranum MJ (1992) A network firewall. In: World conference on system administration and security, Washington. DC, pp 153–163
Chapman D, Zwicky E, Cooper S (2000) Building internet firewalls, 2nd edn. O’Reilly
Mogul J, Rashid R, Accetta M (1987) The packet filter: an efficient mechanism for user-level network code. In: Eleventh ACM symposium on operating systems principles, pp 39–51
Andreasson O (2006) IPtables tutorial 1.2.2
Chen S, Iyer R, Whisnant K (2002) Evaluating the security threat of firewall data corruption caused by instruction transient errors. In: International conference on dependable systems & network, Washington, DC, pp 495–504. 10.1109/DSN.2002.1028938
Ingham K, Forrest S (2002) A history and survey of network firewalls. ACM J 1–42
Benvenuti C (2009) Understanding linux network internals. O’Reilly Media
Russell R, Welte H (2002) Linux Netfilter Hacking HOWTO. Revesion 1:14
Ebtables and bridge. http://ebtables.netfilter.org. Last accessed 21 Apr 2019
Jianbing L, Yan M (1999) Packet filtering in bridge. In: Internet workshop. IEEE-communications society, Piscataway, NJ, pp 94–98
Keromytis AD, Wright JL (2000) Transparent network security policy enforcement. In: USENIX technical conference, San Diego, CA, pp 215–226
Rosen R (2013) Linux Kernel networking: implementation and theory. Apress
Gregor NP (2004) Linux Iptables pocket reference. O’Reilly Media
Tzu S (2019) The art of war. http://www.ccs.neu.edu/home/thigpen/html/art_of_war.html. Last accessed 21 Apr 2019
Ethernet Bridging. https://www.kernel.org/doc/html/latest/networking/bridge.html. Last accessed 21 Apr 2019
802.1D MAC bridges IEEE standard. http://www.ieee802.org/1/pages/802.1D.html. Last accessed 21 Apr 2019
Ebtables patch download. ftp://ftp.netfilter.org/pub/ebtables/old/ebtables-brnf-13_vs_2.4.37.9.diff.gz. Last accessed 21 Apr 2019
Bridge-utils-1.6. http://www.linuxfromscratch.org/blfs/view/svn/basicnet/bridge-utils.html.Last accessed 21 Apr 2019
RHEL 7, Kernel Administration Guide. https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/kernel_administration_guide/index, 2018. Last accessed 21 Apr 2019
Bradner S, McQuaid J (2005) Benchmarking methodology for network interconnect devices. In: RFC 2544
Almes G, Kalidindi S, Zekauskas M (1999) A one-way delay metric for IPPM. In: RFC 2679
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Singapore Pte Ltd.
About this chapter
Cite this chapter
Likhar, P., Shankar Yadav, R. (2020). Stealth Firewall: Invisible Wall for Network Security. In: Saini, H., Sayal, R., Buyya, R., Aliseri, G. (eds) Innovations in Computer Science and Engineering. Lecture Notes in Networks and Systems, vol 103. Springer, Singapore. https://doi.org/10.1007/978-981-15-2043-3_46
Download citation
DOI: https://doi.org/10.1007/978-981-15-2043-3_46
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-2042-6
Online ISBN: 978-981-15-2043-3
eBook Packages: EngineeringEngineering (R0)