Active firewall mechanism as a comprehensive approach towards minimizing internet threats
Network firewalls have been receiving a lot of critics from the Internet community since many security incidents originated from the Internet could successfully bypass firewall protection. This condition is caused by the incapability of firewalls to cope with the rapid growth of the Internet technol...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English |
| Published: |
2006
|
| Subjects: | |
| Online Access: | http://eprints.utm.my/id/eprint/18637/1/CahyoCrysdianPFSKSM2006.pdf http://eprints.utm.my/id/eprint/18637/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my.utm.18637 |
|---|---|
| record_format |
eprints |
| spelling |
my.utm.186372018-09-17T03:47:04Z http://eprints.utm.my/id/eprint/18637/ Active firewall mechanism as a comprehensive approach towards minimizing internet threats Crysdian, Cahyo QA75 Electronic computers. Computer science Network firewalls have been receiving a lot of critics from the Internet community since many security incidents originated from the Internet could successfully bypass firewall protection. This condition is caused by the incapability of firewalls to cope with the rapid growth of the Internet technology, especially for dealing with active content. The static behaviour of the firewall becomes the root of this problem. Motivated by this condition, this study aims to improve the security of network firewalls by activating its mechanism. Here, active firewall is defined as a firewall aware of the conditions of its surrounding network and capable to identify and to develop the security requirements for guarding the protected network. To implement the active firewall, a security strategy to combat the Internet threats is defined by developing an Internet access model that consists of the models of intranet users and external parties. Three security strategies were formulated, i.e. minimizing unprotected internal users, minimizing untrusted external parties, and minimizing the interaction between unprotected internal users and untrusted external parties. Hence, the implementations of active firewall that consist of initialisation and runtime processes follow these strategies. In the initialisation process, three methods were developed namely close-condition, open-condition and lattice-based. In the runtime process, three methods were also developed, namely fuzzy-based, agent-based, and zero-based configuration. The combinations between each initialisation and each runtime process produced five active firewall systems, namely OF, LF, OA, LA, and CZ. Evaluations on each active firewall system were based on RFC 2979, a standard behaviour of and requirements for Internet firewalls. Two stages of evaluations were conducted, namely security analysis and comparative study. The results of the evaluations showed that active firewall was capable to combat Internet threats. And it was also proven that LA delivers the best security and usability compared to other proposed active firewall methods. 2006-03 Thesis NonPeerReviewed application/pdf en http://eprints.utm.my/id/eprint/18637/1/CahyoCrysdianPFSKSM2006.pdf Crysdian, Cahyo (2006) Active firewall mechanism as a comprehensive approach towards minimizing internet threats. PhD thesis, Universiti Teknologi Malaysia, Faculty of Computer Science and Information System. |
| institution |
Universiti Teknologi Malaysia |
| building |
UTM Library |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
Universiti Teknologi Malaysia |
| content_source |
UTM Institutional Repository |
| url_provider |
http://eprints.utm.my/ |
| language |
English |
| topic |
QA75 Electronic computers. Computer science |
| spellingShingle |
QA75 Electronic computers. Computer science Crysdian, Cahyo Active firewall mechanism as a comprehensive approach towards minimizing internet threats |
| description |
Network firewalls have been receiving a lot of critics from the Internet community since many security incidents originated from the Internet could successfully bypass firewall protection. This condition is caused by the incapability of firewalls to cope with the rapid growth of the Internet technology, especially for dealing with active content. The static behaviour of the firewall becomes the root of this problem. Motivated by this condition, this study aims to improve the security of network firewalls by activating its mechanism. Here, active firewall is defined as a firewall aware of the conditions of its surrounding network and capable to identify and to develop the security requirements for guarding the protected network. To implement the active firewall, a security strategy to combat the Internet threats is defined by developing an Internet access model that consists of the models of intranet users and external parties. Three security strategies were formulated, i.e. minimizing unprotected internal users, minimizing untrusted external parties, and minimizing the interaction between unprotected internal users and untrusted external parties. Hence, the implementations of active firewall that consist of initialisation and runtime processes follow these strategies. In the initialisation process, three methods were developed namely close-condition, open-condition and lattice-based. In the runtime process, three methods were also developed, namely fuzzy-based, agent-based, and zero-based configuration. The combinations between each initialisation and each runtime process produced five active firewall systems, namely OF, LF, OA, LA, and CZ. Evaluations on each active firewall system were based on RFC 2979, a standard behaviour of and requirements for Internet firewalls. Two stages of evaluations were conducted, namely security analysis and comparative study. The results of the evaluations showed that active firewall was capable to combat Internet threats. And it was also proven that LA delivers the best security and usability compared to other proposed active firewall methods. |
| format |
Thesis |
| author |
Crysdian, Cahyo |
| author_facet |
Crysdian, Cahyo |
| author_sort |
Crysdian, Cahyo |
| title |
Active firewall mechanism as a comprehensive approach towards minimizing internet threats |
| title_short |
Active firewall mechanism as a comprehensive approach towards minimizing internet threats |
| title_full |
Active firewall mechanism as a comprehensive approach towards minimizing internet threats |
| title_fullStr |
Active firewall mechanism as a comprehensive approach towards minimizing internet threats |
| title_full_unstemmed |
Active firewall mechanism as a comprehensive approach towards minimizing internet threats |
| title_sort |
active firewall mechanism as a comprehensive approach towards minimizing internet threats |
| publishDate |
2006 |
| url |
http://eprints.utm.my/id/eprint/18637/1/CahyoCrysdianPFSKSM2006.pdf http://eprints.utm.my/id/eprint/18637/ |
| _version_ |
1643646956955762688 |
| score |
13.160551 |