The Design and Implementation of Transparent Application-Layer Filtering Platform

ABSTRACT

For a long time, firewalls have played an important role in network security, protecting many of us against the attacks of malicious users. The implementation of firewalls can be classified into two categories: packet-filtering and proxy-based. Packet-filtering firewalls have gained enormous popularity because of the high performance and easy deployment features. However new generation of network attacks (worms, viruses etc.) have penetrated the protection of the traditional packet-filtering firewalls. Application-layer firewalls (traditionally called proxy servers) are given increasing attention recently. The two weaknesses, poor performance and complicated deployment procedures, have hindered the spread of application-layer firewalls. Powerful hardware can be adopted, like ASIC, to greatly improve the performance but complicated deployment roots in the congenital inability of many network protocols. To solve the deployment difficulty, the paper first discusses the concept of transparent deployment and implements a protocol-independent platform for illustration. On this implemented platform, firewall programmers simply focus on the development of application-specific filters while rest of the remaining hard task is taken care of by the platform.

Keywords: