9.3 CONCLUSIONS

Previous page
Table of content
Next page
Team-Fly

9.3 CONCLUSIONS

In summary, a circuit-level gateway (e.g., a SOCKS server) provides an interesting technology and possibility to have applications and application protocols securely traverse a firewall. A clear advantage of circuit-level gateways is their generality, meaning that a circuit-level gateway can act as a proxy server for any TCP-based application and application protocol (not just one of them). This generality, however, also has negative impacts on security. For example, a SOCKS server is not able to scan application data for specific commands or executable content (e.g., Java applets or ActiveX controls).

Circuit-level gateways are particularly useful for applications and application protocols for which application-level gateways (i.e., proxy servers) do not exist or are conceptually hard to design and implement. For example, many application programs (e.g., Web browsers) are distributed in socksified form. Other application programs can be socksified if the client software is available in source code (since it must be recompiled and linked with the SOCKS library). Note that this requirement is quite strong and does not generally apply for proprietary and commercially distributed software packages. It does, however, apply for an increasingly large number of software packages that are distributed under an open source licensing agreement. These packages can easily be modified and extended to make use of SOCKS.

One application protocol that is particularly hard to deal with (using packet-filtering technologies and application-level gateways) is the Internet Inter-ORB Protocol that is widely used in environments and applications that conform to the Common Object Request Broker Architecture (CORBA). The difficulty stems from the fact that the IIOP makes heavy use of UDP and dynamically assigned port numbers. Against this background, a group of vendors have jointly specified the use of SOCKS V5 to have IIOP communications securely traverse a firewall.[6] This is likely to be something we are going to see deployed in the future.

[6]http://www.socks.nec.com/corba-firewall.pdf

Team-Fly

Previous page
Table of content
Next page
Internet and Intranet Security
Internet & Intranet Security
ISBN: 1580531660
EAN: 2147483647
Year: 2002
Pages: 144
Authors: Rolf Oppliger, Rolf Oppliger
BUY ON AMAZON
Database Modeling with MicrosoftВ® Visio for Enterprise Architects (The Morgan Kaufmann Series in Data Management Systems)
101 Microsoft Visual Basic .NET Applications
Persuasive Technology: Using Computers to Change What We Think and Do (Interactive Technologies)
AutoCAD 2005 and AutoCAD LT 2005. No Experience Required
Quantitative Methods in Project Management
VBScript in a Nutshell, 2nd Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy