Cryptography Reference
In-Depth Information
This makes circuit-level gateways more secure than static packet filters,
but less so than application gateways, since there is no applications-level
checking. The circuit-level firewall security is essentially the decision per-
tainingto which connections will be permitted. Whereas the applications-
level gateway operates (necessarily) at the applications level, the circuit-
level gateway functions at the session level, which explains the means by
which the proxy sets a virtual circuit between Alice and the Internet host
on a session-by-session basis.
Disadvantages to the circuit-level gateway are that they are restricted to
TCP protocol access, they have limited ability to audit events, and they
cannot interpret the application protocol beingemployed.
Now we turn to a circuit-level gateway implementation, which is consid-
ered to be an Internet standard firewall. First, we need to expand our
understandingof several notions. On pae 199, we (informally) defined
the term (computer) host to mean those computers that provide services
to other computers and to users on a network (such as the Internet). There
is more to it. A host has associated with it a
host number
, and coupled
with its
network number
, forms its unique IP address (see page 303). The
host number is that part of the IP address that determines which com-
puter on the subnetwork
8.15
is beingaddressed. The Network number is
that part of the IP address that designates the specific network to which
the host belongs.
The term
IP reachability
is often used synonymously with
Internetworking
,
which means any technology and associated mechanisms allowing commu-
nications across disparate computer networks. The followingfirewall has a
basic function which is to provide hosts on either side of it to communicate
without
direct IP reachability.
The Socks Firewall/Proxy
SOCKSv5
is an IETF standard (see [194]) known as the
Authenticated
Firewall Traversal
(AFT). SOCKS (derived from
SOCK
et
S
), is a net-
workingproxy protocol allowinghosts on one side of the SOCKS server
to access hosts on the other side of the SOCKS server without direct IP
reachability. When used as a firewall, SOCKS redirects requests for con-
nections from both sides of the SOCKS server; so acts as a proxy server.
The SOCKS protocol makes connection requests, establishes proxy cir-
cuits, relays data, and authenticates clients. This is accomplished as fol-
lows.
First an application client, Bob say, sends the SOCKSv5 server a request
for connection. If the request succeeds, Bob sends a list of authentication
8.15
A
subnetwork
is a set of computer systems under the control of a single administrative
domain that uses a specific network-access protocol. Forming subnets,
subnetting
, allows a
network supervisor to segment the host part of an IP address into more than one
subnet
,
which is interconnected, but independent portion of a network.
Search WWH ::
Custom Search