| Abstract
|
Internet Transparency via the end-to-end architecture of the Internet
has allowed vast innovation of new technologies and services [1].
However, recent developments in Firewall technology have altered this
model and have been shown to inhibit innovation. We propose the
Firewall Enhancement Protocol (FEP) to allow innovation, without
violating the security model of a Firewall. With no cooperation from
a firewall operator, the FEP allows ANY application to traverse a
Firewall. Our methodology is to layer any application layer
Transmission Control Protocol/User Datagram Protocol (TCP/UDP)
packets over the HyperText Transfer Protocol (HTTP) protocol, since
HTTP packets are typically able to transit Firewalls. This scheme
does not violate the actual security usefulness of a Firewall, since
Firewalls are designed to thwart attacks from the outside and to
ignore threats from within. The use of FEP is compatible with the
current Firewall security model because it requires cooperation from
a host inside the Firewall. FEP allows the best of both worlds: the
security of a firewall, and transparent tunneling thought the
firewall.
|
Architecture
