1. Field of the Invention
The present invention relates generally to network security, and more particularly, to systems and methods for increasing the security of firewall systems.
2. Discussion of the Related Art
Firewalls are an essential ingredient in a corporate entity""s network security plan. Firewalls represent a security enforcement point that separates a trusted network from an untrusted network. FIG. 1 illustrates a generic example of a network security plan that incorporates a firewall system. In this generic example, firewall system 120 is operative to screen all connections between private network 110 and untrusted system 140. These connections are facilitated by Internet network 130. In the screening process, firewall system 120 determines which traffic should be allowed and which traffic should be disallowed based on a predetermined security policy.
One type of firewall system is an application-level gateway or proxy server, which acts as a relay of application-level traffic. Proxy servers tend to be more secure than packet filters. Rather than trying to deal with the numerous possible combinations that are to be allowed and forbidden at the transmission control protocol (TCP) and Internet protocol (IP) level, the proxy server need only scrutinize a few allowable applications (e.g., Telnet, file transfer protocol (FTP), simple mail transfer protocol (SMTP), hypertext transfer protocol (HTTP)). Generally, if the proxy server does not implement the proxy code for a specific application, the service is not supported and cannot be forwarded across the firewall. Further, the proxy server can be configured to support only specific features of an application that the network administrator considers acceptable while denying all other features.
Application-level firewall proxies are fragile, and are growing ever more complex. Customers demand increasing functionality, including the ability to perform tasks such as virus scanning, limits on addresses visited (e.g., to prevent access to pornographic web sites), and detailed scanning of protocols to prevent outsiders from exploiting vulnerabilities in host systems. As the proxies become increasingly complex, the likelihood of flaws that allow security breaches increase. For example, it is likely that there are opportunities in most firewall proxies for buffer overrun attacks.
As the number of protocols increases, proxies are increasingly written by people without sufficient training in writing safe software. End users want to write their own proxies, since they can do it more rapidly than waiting for a firewall vendor to include a suitable proxy in the product. While both vendors and end users make reasonable efforts to ensure that proxies are not being written by hostile developers (who might insert backdoors or other malicious software), it is likely that such capabilities have been inserted in at least some proxies. Finally, there is significant concern among individuals in government and industry that backdoors are being inserted as a byproduct of Y2K remediation.
Since a single faulty proxy can endanger an entire firewall (and the network behind it), it is important to constrain the damage done by an errant proxy. A conventional approach to such threats would be to use good software engineering techniques (including code inspection), personnel security (such as clearances), and improved testing. However, these approaches are not realistic in today""s xe2x80x9cInternet timexe2x80x9d commercial products environment. Accordingly, what is needed is a mechanism for efficiently increasing the integrity of a firewall proxy.
The present invention meets the aforementioned needs by minimizing the likelihood of flaws in a firewall proxy. This minimization is achieved through the use of software wrappers that introduce fine-grained controls on the operation of existing proxy applications. This feature enables a network security administrator to prevent bugs (or malicious software) in the proxy from subverting the intent of the firewall.
It is a further feature of the present invention that a firewall can be totally wrapped. A totally wrapped system includes a wrapper for the proxies plus a separate wrapper for everything else on the firewall system that can potentially interfere with the wrappers and the proxies. The result is a system where an attacker who breaks through a proxy may run amok within the system, but will be unable to interfere with the wrappers or the proxies.
In a still further feature of the present invention, the software wrappers of the present invention can be integrated with an intrusion detection system. More particularly, the fine-grained controls of the software wrapper enables it to be uniquely positioned to generate alerts based on an indication that a flaw exists in the proxy and that the proxy is misbehaving.