Implementing a distributed firewall
Proceedings of the 7th ACM conference on Computer and communications security
EasyVPN: IPsec Remote Access Made Easy
LISA '03 Proceedings of the 17th USENIX conference on System administration
OpenDHT: a public DHT service and its uses
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
SPINAT: Integrating IPsec into Overlay Routing
SECURECOMM '05 Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks
Privacy management for secure mobility
Proceedings of the 5th ACM workshop on Privacy in electronic society
Middleboxes no longer considered harmful
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
SANE: a protection architecture for enterprise networks
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Experiences with host-to-host IPsec
Proceedings of the 13th international conference on Security protocols
End-host authentication and authorization for middleboxes based on a cryptographic namespace
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Traversing middleboxes with the host identity protocol
ACISP'05 Proceedings of the 10th Australasian conference on Information Security and Privacy
Adoption barriers of network layer protocols: The case of host identity protocol
Computer Networks: The International Journal of Computer and Telecommunications Networking
Hi-index | 0.00 |
Firewalls are an essential component of the Internet and enterprise network security policy enforcement today. The configurations of enterprise firewalls are typically rather static. Even if client's IP addresses can be dynamically added to the packet filtering rules, the services allowed through the firewall are commonly still fixed. In this paper, we present a transparent firewall configuration solution based on mobile cryptographic identifiers of Host Identity Protocol HIP. HIP allows a client to protect the data transfer with IPsec ESP, and supports dynamic address changes for mobile clients. The HIP-based firewall learns the identity of a client when it communicates with the server over HIP. The firewall configures the necessary rules based on HIP control messages passing through the firewall. The solution is secure and flexible, and introduces only minimal latency to the initial HIP connection establishment.