A secure unrestricted advanced systems laboratory
SIGCSE '99 The proceedings of the thirtieth SIGCSE technical symposium on Computer science education
The Design and Implementation of a Transparent Cryptographic File System for UNIX
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Specialized Hardware for Deep Network Packet Filtering
FPL '02 Proceedings of the Reconfigurable Computing Is Going Mainstream, 12th International Conference on Field-Programmable Logic and Applications
Processing and Scheduling Components in an Innovative Network Processor Architecture
VLSID '03 Proceedings of the 16th International Conference on VLSI Design
Deep Packet Filter with Dedicated Logic and Read Only Memories
FCCM '04 Proceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
LPRng - An Enhanced Printer Spooler System
LISA '95 Proceedings of the 9th USENIX conference on System administration
Hi-index | 0.00 |
Users of a network system often require access to legacy resources. Providing this access is a difficult task for system administrators because the access protocols for those resources are typically insecure. A common approach is to develop a custom wrapper or proxy that securely processes user requests before forwarding them to the legacy server. The problem with this approach is that administrators must develop a custom solution for every resource. We believe that there are common requirements for managing these resources that can be addressed from a more centralized model. The userspace queuing extensions of the Netfilter firewall modules provide a generic environment in which protocol-aware deep packet filters can be constructed to enhance the security of resource access protocols. We employ this environment to strengthen two commonly used legacy protocols, and compare their requirements. We show that it is possible to secure legacy resources with minimal degradation in performance. We also discuss considerations for development of a deep packet filter toolkit to aid system administrators in securely managing legacy network resources.