Title :
An MBone proxy for an application gateway firewall
Author :
Djahandari, Kelly ; Sterne, Daniel E.
Author_Institution :
Trusted Inf. Syst. Inc., Glenwood, MD, USA
Abstract :
The Internet´s multicast backbone (MBone) holds great potential for many organizations because it supports low-cost audio and video conferencing and carries live broadcasts of an increasing number of public interest events. MBone conferences are transmitted via unauthenticated multicast datagrams, which unfortunately convey significant security vulnerabilities to any system that receives them. For this reason, most application gateway firewalls block MBone datagrams sent from the Internet and prevent them from reaching hosts on internal networks. This paper describes the design and rationale for a new set of facilities for the Trusted Information Systems (TIS) Internet Firewall Toolkit (FWTK). These facilities, which are fully implemented, significantly reduce the security risks of observing or participating in MBone conferences. They impose no functional constraints on MBone applications and are transparent to users. Configuration options that support tradeoffs among security, performance and ease of use are discussed
Keywords :
Internet; authorisation; teleconferencing; Internet; Internet Firewall Toolkit; MBone conferences; MBone proxy; Trusted Information Systems; application gateway firewall; configuration options; ease of use; internal networks; live broadcasts; low-cost audio conferencing; low-cost video conferencing; multicast backbone; performance; public interest events; security risks; security vulnerabilities; unauthenticated multicast datagrams; Costs; Data security; IP networks; Information systems; Internet; Local area networks; Routing; Spine; Telecommunication traffic; Videoconference;
Conference_Titel :
Security and Privacy, 1997. Proceedings., 1997 IEEE Symposium on
Conference_Location :
Oakland, CA
Print_ISBN :
0-8186-7828-3
DOI :
10.1109/SECPRI.1997.601318
