4. Computer Science
  5. Networking and Internet Architecture

A Proposal for Dynamic Access Lists for TCP/IP Packet Filering

Computer Science – Networking and Internet Architecture

Scientific paper

Rate now
  [ 0.00 ] – not rated yet Voters 0   Comments 0

Details

12 pages. Shortened version appeared in SAICSIT 2001

Scientific paper

The use of IP filtering to improve system security is well established, and although limited in what it can achieve has proved to be efficient and effective. In the design of a security policy there is always a trade-off between usability and security. Restricting access means that legitimate use of the network is prevented; allowing access means illegitimate use may be allowed. Static access list make finding a balance particularly stark -- we pay the price of decreased security 100% of the time even if the benefit of increased usability is only gained 1% of the time. Dynamic access lists would allow the rules to change for short periods of time, and to allow local changes by non-experts. The network administrator can set basic security guide-lines which allow certain basic services only. All other services are restricted, but users are able to request temporary exceptions in order to allow additional access to the network. These exceptions are granted depending on the privileges of the user. This paper covers the following topics: (1) basic introduction to TCP/IP filtering; (2) semantics for dynamic access lists and; (3) a proposed protocol for allowing dynamic access; and (4) a method for representing access lists so that dynamic update and look-up can be done efficiently performed.

Hazelhurst Scott

Computer Science – Networking and Internet Architecture
Scientist

  [ 0.00 ] – not rated yet Voters 0   Comments 0

No associations

LandOfFree

Say what you really think

Search LandOfFree.com for scientists and scientific papers. Rate them and share your experience with other people.

Rating

A Proposal for Dynamic Access Lists for TCP/IP Packet Filering does not yet have a rating. At this time, there are no reviews or comments for this scientific paper.

If you have personal experience with A Proposal for Dynamic Access Lists for TCP/IP Packet Filering, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and A Proposal for Dynamic Access Lists for TCP/IP Packet Filering will most certainly appreciate the feedback.

Rate now

     

Profile ID: LFWR-SCP-O-474883

  Search
All data on this website is collected from public sources. Our data reflects the most accurate information available at the time of publication.

Canada

 Charities
 Companies
 MP Candidates
 Patents
 Employee Salary Disclosure

World

 Places of the World
 Scientific Papers

United States

 Banks
 Companies
 Counties
 Patents
 Employee Salary Disclosure