Lee Yong Joon, Kim Bong Han, Park Cheon Yong, Oh Changsuk, Lee Jae Gwang

The Transactions of the Korea Information Processing Society (1994 ~ 2000), Vol. 5, No. 6, pp. 1593-1602, Jun. 1998
10.3745/KIPSTE.1998.5.6.1593,   PDF Download:

Abstract

In this paper, a hybrid firewall system using the screening router, dual-homed gateway, screened host gateway and the application level gateway is proposed. The screened host gateway is composed of screening router, DMZ and bastion host. All external input traffics are filtered by screening router with network protocol filtering, and transmitted to the bastion host performing application level filtering. The dual-homed gateway is an intermediate equipment prohibiting direct access from external users. The application level gateway is an equipment enabling transmission using only the proxy server. External users can access only through the public servers in the DMZ, but internal users can access through any servers. The rule base which allows Telnet only to the administrator is applied to manage hosts in the DMZ. According to the experimental results, denial of access was in order of Web, Mail, FTP, and Telnet. Access to another servers except for server in DMZ were denied. Protocol denials of UDP was more than that of TCP, because the many hosts broadcasted to networks using BOOTP and NETBIOS. Also, the illegal Telnet and FTP that transfer to inside network were very few.

Statistics
Cite this article