A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : Distributed/End-Point Firewall Control (DEFCon)
Requirements
Author(s) : R. Sahita, P. Govindarajan
Filename : draft-sahita-defcon-reqs-00.txt
Pages : 20
Date : 2003-2-24
This document describes the requirements for the architecture and a
distributed framework for end-point firewall control (DEFCon). This
draft also discusses requirements for the individual pieces in the
framework.
Perimeter firewalls are predominant in enterprise networks but do
not provide the protection a mission critical network needs against
misuse or abuse from nodes inside the network. Additionally, A
wireless infrastructure makes every host vulnerable since in that
case access is not fundamentally restricted by infrastructure.
Likewise, traffic is increasingly being encrypted end-to-end using
SSL, IPSec, etc. where viruses/worms/confidential information can
also be hidden from the security components. This requires the
perimeter firewall to become a man-in-the-middle for all secure
sessions, which breaks the end-to-end principle and thus renders
many protocols useless since they are inevitably blocked.
A host-based firewall on nodes in the enterprise network protects
the network from inside out. This approach does not preclude
perimeter firewalls. Instead, it provides defense-in-depth and
reduces the load on perimeter firewalls. The host-based approach
also upholds the end-to-end theme since it allows traffic to be
securely encrypted end-to-end and yet assures safety from
infection, compromise and attack.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-sahita-defcon-reqs-00.txt
To remove yourself from the IETF Announcement list, send a message to
ietf-announce-request with the word unsubscribe in the body of the message.
Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
"get draft-sahita-defcon-reqs-00.txt".
A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
Internet-Drafts can also be obtained by e-mail.
Send a message to:
mailserv@ietf.org.
In the body type:
"FILE /internet-drafts/draft-sahita-defcon-reqs-00.txt".
NOTE: The mail server at ietf.org can return the document in
MIME-encoded form by using the "mpack" utility. To use this
feature, insert the command "ENCODING mime" before the "FILE"
command. To decode the response(s), you will need "munpack" or
a MIME-compliant mail reader. Different MIME-compliant mail readers
exhibit different behavior, especially when dealing with
"multipart" MIME messages (i.e. documents which have been split
up into multiple messages), so check your local documentation on
how to manipulate these messages.
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
- <ftp://ftp.ietf.org/internet-drafts/draft-sahita-defcon-reqs-00.txt>
-
