IDS are becoming the logical next step for many organizations after deploying firewall technology at the network perimeter. IDS can offer protection from external users and internal attackers, where traffic doesn't go past the firewall at all. However, the following points are very important to keep in mind. 1. Strong identification and authentication: An IDS uses very good signature analysis m...

In recent years, IP telephone has achieved remarkable progress on the Internet through "low price ", "continuous connection", and "high speed communication band". However, it is not easy to use IP telephone over firewall and NAT because of its restrictions of the communication. We have proposed the system called SoFW (SIP over Firewall) that suppresses the problem. In this paper, detailed funct...

With the explosion of the public Internet, corporate networks connected to the Internet, if not adequately secured, are vulnerable to damaging attacks. Hackers, viruses, worms, Trojan horses, and spyware try to invade privacy. This research examines how these threats affect the corporate network and ways to reduce them. MikroTik routerOS was configured as the router to examine these threats. Ne...

Private access to corporate servers from Internet can be achieved using various security mechanisms. This article presents a network access control mechanism that employs a policy management architecture empowered with dynamic firewalls. With the existence of such an architecture, system and/or network administrators do not need to reconfigure firewalls when there is a location change in user s...

The TIS Labs Advanced Security Proxies (ASP) project is investigating software architectures for highperformance firewalls to enable the secure use of next generation networks. The project objective is to demonstrate an architecture and implementation in which protocol-specific proxies control when data transmission is allowed across the firewall, but which allows the proxy a range of options i...

The HOL-TestGen environment is conceived as a system for modeling and semi-automated test generation with an emphasis on expressive power and generality. However, its underlying technical framework Isabelle/HOL supports the customization as well as the development of highly automated add-ons working in specific application domains. In this paper, we present HOL-TestGen/fw, an add-on for the tes...

Computer network is already an indispensable part of our modern life. To keep our network run smoothly, we need to know its condition. This calls for the necessity of analyzing the traffic (packets) on the network. In this paper, we investigate traffic analysis techniques need in stateful firewall and network intrusion detection system (NIDS). Stateful firewall analyzes packets up to their laye...

The paper discusses selected issues related to the implementation and deployment of the Web Application Firewall that protects the target application by verifying the incoming requests and their parameters through matching them against recorded usage patterns. These patterns in turn are learned from the traffic generated by the users of the application. Since many web applications, including th...

Firewalls are an excellent security mechanism to protect networks from intruders, and they can establish a relatively secure barrier between a system and the external environment. Firewall products are available with a variety of functionality and features, such as strong authentication, the ability to create VPNs, and easy-to-use interfaces. Selecting the appropriate firewall for an organizati...

security and QoS are the two most precious objectives for network systems to be attained. Unfortunately, they are in conflict, while QoS tries to minimize processing delay, strong security protection requires more processing time and cause packet delay. This article is a step towards resolving this conflict by extending the firewall session table to accelerate NAT, QoS classification, and routi...