Security - Telenor
Security - Telenor
Security - Telenor
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
menting its own WLAN system. Visitors may<br />
also be given network access through the<br />
WLAN within or nearby the office building.<br />
However, using WLAN technology in this<br />
manner, the concept of firewalls separating<br />
the “internal” from the “external” network is<br />
no longer useful. The once physically protected<br />
internal network is now more or less publicly<br />
available. To maintain the concept of a “secured<br />
local area network” completely new firewalls,<br />
VPN, as well as other security mechanisms are<br />
needed.<br />
This article describes selected techniques needed<br />
to fulfil the security needs in such a future wireless<br />
mobile network.<br />
Secure Networking<br />
in the Future<br />
Technical Solutions<br />
Local Adaptive Firewall Services<br />
A commonly used technique used to protect a<br />
“private” or “internal” network from an external<br />
network such as the Internet is to implement a<br />
firewall service. Firewalls started out as simple<br />
packet filters, capable of filtering out packets<br />
based on IP addresses and information contained<br />
within other higher level protocols, such as the<br />
TCP and UDP headers.<br />
The simplified firewall illustrated in Figure 1<br />
accepts only inbound connections from TCP<br />
port 80, which is dedicated to HTTP traffic, and<br />
rejects other types of traffic.<br />
While traditional “static” terminals typically are<br />
protected from the Internet by the use of firewalls,<br />
mobile terminals of the future are envisioned<br />
to roam freely, using the Internet wherever<br />
it is available. The firewalls on the home<br />
“Telnet” to an internal machine<br />
Surfing the web´, Internet Explorer<br />
“Ftp” to an internal machine<br />
Request to an Intranet server<br />
Telektronikk 3.2000<br />
network will not be able to protect those users.<br />
This is the reason why firewalls must be implemented<br />
locally on the mobile terminals, and not<br />
only on the borders of the home network.<br />
It is however not enough to install “traditional”<br />
firewalls on these mobile terminals, some requirements<br />
that firewalls on mobile terminals<br />
should meet include the following:<br />
• They need to be configured dynamically,<br />
depending on the current location;<br />
• They should be able to adapt themselves to the<br />
current network traffic (e.g. blocking attacks<br />
dynamically);<br />
• They need to be easily and securely remotely<br />
controlled by their administrator or automatically<br />
by a server on the corporate network;<br />
• They need to adapt to dynamic IP addresses;<br />
• They need to automatically adapt to the network<br />
interfaces currently in use (ethernet,<br />
modems/ISDN, IrDA, Bluetooth, etc.);<br />
• They need to be integrated seamlessly and<br />
transparently (for the user) with other applications<br />
running on the mobile nodes, rejecting<br />
all network connections unless the firewall<br />
has been properly activated;<br />
• They need to be integrity protected as well as<br />
verifiable, ensuring that the configuration is<br />
trustworthy.<br />
To administer these firewalls will be a challenge<br />
in the future world of mobile communication.<br />
Some of the same principles presented here are<br />
also found in a recently published paper from<br />
Steven M. Bellovin, Distributed Firewalls [1].<br />
Figure 1 A simple packet<br />
filtering firewall allowing<br />
web surfing only<br />
27