Internet security: firewalls and beyond

@article{Oppliger1997InternetSF,
  title={Internet security: firewalls and beyond},
  author={Rolf Oppliger},
  journal={Commun. ACM},
  year={1997},
  volume={40},
  pages={92-102}
}
  • R. Oppliger
  • Published 1 May 1997
  • Computer Science
  • Commun. ACM
The emerging use of the TCP/IP communications protocol suite for internetworking has led to a global system of interconnected hosts and networks that is commonly referred to as the Internet. During the last decade, the Internet has experienced a triumphant advance. Projections based on its current rate of growth suggest there will be over one million computer networks and well over one billion users by the end of the century. Therefore, the Internet is seen as the first incarnation of a… 
View on ACM
doi.org
164 Citations
Highly Influential Citations
8
Background Citations
67
Methods Citations
11

164 Citations

Building firewalls with intelligent network interface cards
TLDR
The architecture of a Network Interface Card-based distributed rewall is described and the implementation, which uses an i960-based NIC and IPsec for management and policy distribution, is described.
Building Firewalls with Intelligent Network Interface Cards (CMU-CS-00-173)
TLDR
The architecture of a Network Interface Card-based distributed rewall is described and the implementation, which uses an i960-based NIC and IPsec for management and policy distribution, is described.
End-to-end security in active networks
TLDR
The design and analysis of three protocols that can be used to adjust multimedia bandwidth requirements and defend against denial-of-service attacks are described; an efficient composition of link and transport-layer reliability mechanisms that increases the performance of TCP over lossy wireless links; and a distributed watermarking servicethat can efficiently deliver media flows marked with the identity of their recipients are described.
TCP/IP and security software applications
TLDR
The TCP/IP protocol suite refers to a family of protocols that divided the job of a full protocol suite into a number of tasks delineated as layers, each of which has a different, but specific task in communication.
An overview of Internet security
TLDR
This work considers specific types of generic attacks, followed by an analysis of the reasons for these vulnerabilities, and possible countermeasures and strategies to improve this situation.
Internet Security: Cryptographic Principles, Algorithms and Protocols
TLDR
Internet Security links them to the technologies in use on the Internet today and is a comprehensive and valuable reference for students, researchers and professional engineers alike -- anyone engaged in the long-term development of secure systems.
Internet security: a case study of firewall selection
TLDR
An overview of the threats of Internet‐based electronic commerce and the future of the Internet firewall is discussed, followed by a case study of how a small company, SunCom Int’l Corporation (SIC), selected its Internet firewall.
Cascade of Distributed and Cooperating Firewalls in a Secure Data Network
TLDR
Heuristics for placement of firewalls across the different nodes and links of the network in a way that different users can have the level of security they individually need, without having to pay added hardware costs or excess network delay are presented.
Enhancing the Network Security Using Multilayer Security Features
TLDR
An overview on Network Security and various techniques through which Network Security can be enhanced i.e. Cryptography and Network Security is used to protect network and data transmission takes place over wireless network.
DDoS Incidents and their Impact: A Review
TLDR
An overview of distributed denial-of-service problem and Inherent vulnerabilities in the Internet architecture are provided and need for a comprehensive distributed denial of service solution is highlighted.
...
...

References

SHOWING 1-10 OF 18 REFERENCES
Internet Security Enters the Middle Ages
TLDR
The Internet has just entered the Middle Ages; the simple security model of the Stone Age still works for single hosts and LANs, but it no longer works for WANs in general and the Internet in particular.
Firewalls and internet security - repelling the wily hacker
TLDR
The first edition made a number of predictions, explicitly or implicitly, about the growth of the Web and the patterns of Internet connectivity vastly increased, and warned of issues posed by home LANs, and about the problems caused by roaming laptops.
A Weakness in the 4.2BSD Unix† TCP/IP Software
TLDR
These notes describe how the design of TCP/IP and the 4.2BSD implementation allow users on untrusted and possibly very distant hosts to masquerade as users on trusted hosts to reduce their vulnerability to each other.
Authentication and key distribution in computer networks and distributed systems
TLDR
This paper focuses on Kerberos (OSF DCE), NetSP, SPX, TESS and SESAME, and outlined and reviewed with special regard to the security services they offer, the cryptographic techniques they use, their conformance to international standards, and their availability and exportability.
A "bump in the stack" encryptor for MS-DOS systems
  • D. Wagner, S. Bellovin
  • Computer Science
    Proceedings of Internet Society Symposium on Network and Distributed Systems Security
  • 1996
TLDR
The module sits between the generic Ethernet driver and the hardware driver; it emulates each to the other and was forced to compensate for inadequate interface definitions.
Internet Privacy Enhanced Mail
Privacy Enhanced Mail (PEM) consists of extensions to existing message processing software plus a key management infrastructure. These combine to provide users with a facility in which message
Crisis and aftermath
Last November the Internet was infected with a worm program that eventually spread to thousands of machines, disrupting normal activities and Internet connectivity for many days. The following
Message authentication with one-way hash functions
The authors introduce encryption-free message authentication based entirely on the use of one-way hash functions. It is shown that fast one-way hash functions such as MD4 can be used as a foundation
Applied cryptography: Protocols, algorithms, and source code in C
IEEE standards for local and metropolitan area networks : supplements to Standard for Interoperable LAN/MAN Security (SILS) : Secure Data Exchange (SDE) sublayer management (subclause 2.8) and recommended practice for SDE on ethernet v2.0 in IEEE 802 LANs (annex 2h)
...
...