A Distributed Firewall for Multimedia Applications
Key: RARS00-1
Author: Utz Roedig, Ralf Ackermann, Christoph Rensing, Ralf Steinmetz
Date: September 2000
Kind: In proceedings
Book title: Proceedings of the Workshop "Sicherheit in Netzen und Medienströmen", Berlin
Abstract: Firewalls are a widely used security mechanism to provide access control and auditing at the border between "open" and private networks or administrative domains. As part of the network infrastructure they are strongly affected by the development and deployment of new communication paradigms and applications. Currently we experience a very fast rise in the use of multimedia applications. These differ in many aspects from "traditional applications", for example concerning bandwidth usage, dynamic protocol elements or multiple data flows for one application session. Corresponding firewall mechanisms and techniques did not change with the same dynamics though. Currently existing firewalls have problems supporting these new type of applications because to some extent they try to map the new characteristics to the manner of conventional applications which they are able to handle. We strongly believe that new application types require new firewall techniques and mechanisms. In this paper, we identify typical characteristics of multimedia applications that cause problems using traditional firewalls. Based on this analysis we deduce enhancements to existing firewalls that can be used to better adapt to a communication environment in which multimedia applications are used. We describe these enhancements in general, show a adequate systems architecture and present a implementation based on this design. The feasibility of that approach has been shown in the example scenario that we finally present.

The documents distributed by this server have been provided by the contributing authors as a means to ensure timely dissemination of scholarly and technical work on a non-commercial basis. Copyright and all rights therein are maintained by the authors or by other copyright holders, not withstanding that they have offered their works here electronically. It is understood that all persons copying this information will adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without the explicit permission of the copyright holder.