| This thesis has a closer look at the network packets leaving the protected network, and using the extended firewall technologies to handle them at the granular control level of packets constituted the outbound communications. Firewall distinguish outgoing network packets based on the identity authentication of the host, user and application responsible for transmitting them, and execute the control of secure strategies. If a protected host wants to communicate with the external network it is forced to reveal its identity, together with the identities of the sending application and the user, for each network packet sent to the firewall. The identities are communicated using cryptographic authentication, which ensures the firewall that they are correct. This enables the firewall to employ a very strong rule-set. The rule-set guarantees that no network packets pass the firewall except when the firewall explicitly allows the specific host, user and application to send it to the external network.
|
PDF Full Text Request