Sidewinder: Defense in depth using type enforcement
01 Jul 1995-International Journal of Network Management (Wiley Subscription Services, Inc., A Wiley Company)-Vol. 5, Iss: 4, pp 219-229
TL;DR: Sidewinder prevents an attack on an Internet server from accessing domains serving internal, protected networks, and an attacker cannot overrun a Sidewinder because the type enforcement restrictions cannot be disabled while the system is handling network traffic.
Abstract: Sites use firewalls to defend against external attacks while providing necessary Internet services. Firewalls make a site safer: They present a smaller risk since they provide fewer services. However, most firewalls use standard computer operating systems. This can allow an attacker to overrun the firewall if a known security flaw is present. The Sidewinder(TM) firewall system overcomes this problem using type enforcement.
Network server applications operate in independently controlled compartments called domains, each granted specific permission to access particular types of files or communicate with other domains. If a server succumbs to an attack, type enforcement restricts the amount of damage an attacker can do. In particular, Sidewinder prevents an attack on an Internet server from accessing domains serving internal, protected networks. An attacker cannot overrun a Sidewinder because the type enforcement restrictions cannot be disabled while the system is handling network traffic.
Citations
More filters
Patent•
18 Mar 1999TL;DR: In this article, a firewall is used to achieve network separation within a computing system having a plurality of network interfaces, and a set of policies is configured for each of the plurality of regions.
Abstract: A firewall is used to achieve network separation within a computing system having a plurality of network interfaces. A plurality of regions is defined within the firewall and a set of policies is configured for each of the plurality of regions. The firewall restricts communication to and from each of the plurality of network interfaces in accordance with the set of policies configured for the one of the plurality of regions to which the one of the plurality of network interfaces has been assigned.
358 citations
Patent•
12 Oct 1994TL;DR: In this paper, a system and method for the secure transfer of data between a workstation connected to a private network and a remote computer connected to an unsecured network is presented.
Abstract: A system and method for the secure transfer of data between a workstation connected to a private network and a remote computer connected to an unsecured network. A secure computer is inserted into the private network to serve as the gateway to the unsecured network and a client subsystem is added to the workstation in order to control the transfer of data from the workstation to the secure computer. The secure computer includes a private network interface connected to the private network, an unsecured network interface connected to the unsecured network, wherein the unsecured network interface includes means for encrypting data to be transferred from the first workstation to the remote computer, a server function for transferring data between the private network interface and the unsecured network interface and a filter function for filtering data transferred between the remote computer and the workstation.
334 citations
Patent•
18 Sep 1996TL;DR: In this paper, a system and method for filtering electronic mail messages is described, where a message is received an processed through a one or more filter flows, which can be combined in whatever order is required to enforce a given security policy.
Abstract: A system and method for filtering electronic mail messages is described. A message is received an processed through a one or more filter flows. Each filter flow is comprised of one or more self-contained nodes which can be combined in whatever order is required to enforce a given security policy. Node independence provides a policy-neutral environment for constructing filter flows. A filter flow may be as simple as forwarding the mail to the intended recipient, or may perform one or more checks where it decides whether to forward, reject, return (or some combination thereof) the message. Certain node types are also able to append information on to a mail message, while others are able to modify certain parts of a mail message. Several of the node types are able to generate audit or log messages in concert with processing a mail message.
300 citations
Patent•
18 Sep 1996
TL;DR: In this paper, a system and method for regulating the flow of messages through a firewall having a network protocol stack includes an Internet Protocol (IP) layer, the method comprising establishing a security policy, determining, at the IP layer, if a message is encrypted, if the message is not encrypted, passing the unencrypted message up the network protocol Stack to an application level proxy, and if the encrypted message is decrypted, decrypting the message and passing the decrypted message up to the application level Proxy.
Abstract: A system and method for regulating the flow of messages through a firewall having a network protocol stack, wherein the network protocol stack includes an Internet Protocol (IP) layer, the method comprising establishing a security policy, determining, at the IP layer, if a message is encrypted, if the message is not encrypted, passing the unencrypted message up the network protocol stack to an application level proxy, and if the message is encrypted, decrypting the message and passing the decrypted message up the network protocol stack to the application level proxy, wherein decrypting the message includes executing a process at the IP layer to decrypt the message.
286 citations
Patent•
18 Sep 1996TL;DR: In this paper, a system and method for regulating the flow of internetwork connections through a firewall having a network protocol stack which includes an Internet Protocol (IP) layer is presented and a determination is made of the parameters characteristic of a connection request, including a netelement parameter characteristic of where the connection request came from.
Abstract: A system and method for regulating the flow of internetwork connections through a firewall having a network protocol stack which includes an Internet Protocol (IP) layer. A determination is made of the parameters characteristic of a connection request, including a netelement parameter characteristic of where the connection request came from. A query is generated and a determination is made whether there is a rule corresponding to that query. If there is a rule corresponding to the query, a determination is made whether authentication is required by the rule. If authentication is required by the rule, an authentication protocol is activated and the connection is activated if the authentication protocol is completed successfully.
282 citations