R. Oppliger. Internet security: firewalls and beyond. Communications of the ACM, 40(5):92--102, May 1997.  Home/Search   Document Not in Database   Summary   ACM   TOC   Related Articles   Check

....databases have to contend with is much broader. 2.2 Secure Databases Whenever sensitive information is exchanged, it must be transmitted over a secure channel and stored securely to prevent unauthorized access. There is extensive literature on access control and encryption that is relevant [12] [38] [45] 46] Hippocratic databases will also benefit from the work on database security [7] 30] Of particular interest is work on multilevel relations in the context of multilevel secure databases [23] 24] 50] It allows multiple levels of security (e.g. top secret, secret, confidential, ....

R. Oppliger. Internet security: Firewalls and beyond. Comm. ACM, 40(5):92--102, May 1997.

....schemes. By default, different processes owned by multiple users on the same machine will use the same encryption keys and access policies for links to the same machines. This host based security is ideal for implementing virtual private networks, which many firewall systems are now starting to do [Oppliger97]. But, subject to approval by the administrator of a machine, IPSEC aware services and applications at higher layers can also use enhanced interfaces to the network layer to allow individual control over the operation of IPSEC, with user oriented keys, algorithm selection and other option choices. ....

....layer security services. Netscape can distribute its secure sockets code with its browser and provide secure connections without requiring users to install an IPSEC aware network driver. Process toprocess security is also the default mode of operation, rather than the network layer s host tohost [Oppliger97]. End to end security at this layer allows network layer active services such as TCP performance boosters to function, but prevents services such as transparent Web proxies from accessing the application layer data they require. Explicit Web proxies generally do not cache secured content because ....

[Article contains additional citation context not shown here]

R. Oppliger. Internet Security: Firewalls and Beyond. Communications of the ACM, 40(5), 92-102, May 1997.

....nature, such as hardware locks to the server rooms and fire protection measures. Transmission During the transmission all sensitive data should be encrypted using a strong cryptographic algorithm. This can be achieved by security protocols on different layers of the TCP IP protocol stack [22]: On the application layer secure application protocols like S HTTP 12 or S MIME 13 , on the transport layer the SSL (Secure Sockets Layer) protocol, and on the network layer protocols containing security mechanisms e.g. the AH (Authentication Header) and ESP (Encapsulation Security ....

Rolf Oppliger. Internet Security: Firewalls and Beyond. Communications of the ACM, 40(5), May 1997.

....specifically the World Wide Web service) for prescribed communities of users. Well understood and widely available Internet technology and standards (web servers, browsers, protocols) are employed, but access is restricted exclusively to specified members, often by means of passwords, firewalls (Oppliger 1997), or by physically separating the intranet from external networks (firebreaks) Damsgaard and Scheepers (1999) describe intranet technology as multi purpose, richly networked and malleable in terms of its application. They isolate a number of intranet technology use modes. These range from ....

Oppliger, R. (1997). Internet security: firewalls and beyond. Communications of the ACM, 40(5), May, pp. 92-102.

....queries on sub cubes from higher level aggregations (e.g. BS97] However, these works did not have to cope with information that has been intentionally distorted. Closely related, but orthogonal to our work, is the extensive literature on access control and security (e.g. Din78] ST90] Opp97] RG98] Whenever sensitive information is exchanged, it must be transmitted over a secure channel and stored securely. For the purposes of this paper, we assume that appropriate access controls and security procedures are in place and effective in preventing unauthorized access to the system. ....

R. Oppliger. Internet security: Firewalls and beyond. Comm. ACM, 40(5):92--102, May 1997.

.... access based on a combination of criteria including source and destination IP addresses (by IP packet level filtering) network port connection type (by TCP UDP frame level filtering) and application specific attributes such as user authentication credentials (by application frame level filtering) [11]. The cost of filtering related processing increases as the protocol stack layer at which we perform the function increases. However, the flexibility and range of filtering that can be carried out also increases as we go up the protocol stack giving the extranet designers with a ....

R. Oppliger. Internet security: Firewalls and beyond. Communications of the ACM, 40(5):92--102, May 1997.

.... Digital Signatures, Firewalls, Confidentiality, Authenticity, Network Security, Signcryption, Public Key Cryptography 1 Introduction Firewalls are one of the most useful and versatile tools available for securing a LAN and other applications such as constructing secure private virtual networks [21]. They are typically operated as a filtering gateway [2, 6] at the LAN WAN interface, usually a router. Firewalls operating at data link level perform a primitive level of filtering based on frame level addressing. The network level firewalls work at a step higher and filter packets based on a set ....

R. Oppliger. Internet security: Firewalls and beyond. Communications of the ACM, 40(5):92--102, May 1997.

....This service can also be used to maintain role assignments and is therefore a good foundation for the implementation of role based access control (RBAC) in an intranet context. All services described so far are based on the Internet protocols as a communication infrastructure. See Oppliger (Oppliger 1997) or Lipp and Hassler (Lipp et al. 1996) for an overview of different approaches to transmitting encrypted data or distributing public keys over the Internet. The currently most widespread mechanism is Netscape s secure socket layer (SSL) which implements encryption and certificate based ....

Oppliger, R. (1997) Internet Security: Firewalls and Beyond, to be published in CACM.

....applications require a sufficient security infrastructure especially when implemented in an open and global network. A good example is the Internet, where the next generation protocol IPv6 (Internet Protocol version 6) considers security services for multicast as one of the central issues [1] [2]. The basic starting point is secure and authenticated distribution or agreement of group session keys. A simple strategy is to assign the key distribution function to a trusted single entity or Key Distribution Center (KDC) This strategy, however, very unlikely scales for multicast communication ....

Oppliger R.: Internet Security: Firewalls and Beyond, Comm. ACM 40 (1997) 92--102

.... access based on a combination of criteria including source and destination IP addresses (by IP packet level filtering) network port connection type (by TCP UDP frame level filtering) and application specific attributes such as user authentication credentials (by application frame level filtering) [11]. The cost of filtering related processing increases as the protocol stack layer at which we perform the function increases. However, the flexibility and range of filtering that can be carried out also increases as we go up the protocol stack giving the extranet designers with a ....

R. Oppliger. Internet security: Firewalls and beyond. Communications of the ACM, 40(5):92--102, May 1997.

No context found.

R. Oppliger. Internet security: firewalls and beyond. Communications of the ACM, 40(5):92--102, May 1997.

No context found.

R. Oppliger. Internet security: Firewalls and beyond. CACM, 40(5), 1997.

No context found.

R. Oppliger. Internet security: Firewalls and beyond. CACM, 40(5), 1997.

No context found.

Opp97 Oppliger R., Internet Security: Firewalls and Beyond. Communications of the ACM 40, 5,

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC