DDFA Concept
Key: RAR99-1
Author: Utz Roedig, Ralf Ackermann, Christoph Rensing, Ralf Steinmetz
Date: December 1999
Kind: @techreport
Abstract: Firewalls are a widely used security mechanism to provide access control and auditing at the border between the Internet and private networks. The mechanisms and techniques firewalls are based on did not change much over the last recent years. New challenges are presented when new application types like multimedia applications are to be supported by firewalls. These applications differ in many aspects from "traditional applications", for example in bandwidth-usage, dynamic elements and multiple data flows for one application session. Currently existing firewalls have problems supporting these new applications because they try to map the behavior of them to the manner of conventional applications which they are able to handle. We believe that these new application types require new firewall techniques and mechanisms. In this paper, we identify the characteristics of multimedia applications leading to problems using traditional firewalls. From this we deduce two enhancements to existing firewalls that can be used to adapt better to a communication environment in which multimedia applications are used. We describe these enhancements in general and present our implementation based on this design. Additionally, we show the handling of two multimedia applications using the enhancements as an example.

The documents distributed by this server have been provided by the contributing authors as a means to ensure timely dissemination of scholarly and technical work on a non-commercial basis. Copyright and all rights therein are maintained by the authors or by other copyright holders, not withstanding that they have offered their works here electronically. It is understood that all persons copying this information will adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without the explicit permission of the copyright holder.