Chadwick, David W. and Young, Andrew J.
A Directory Application Level Firewall - the Guardian DSA.
In: Jerman-Blazic, B. and Schneider, W.S. and Klobucar, T., eds.
Advanced Security Technologies for Insecure Networks.
IOS Press, Amsterdam, pp. 133-147.
(Full text available)
The Internet White Pages Service has been slow to materialise for many reasons. One of them is the security concerns that organisations have, over allowing the public to gain access to either their Intranet or their directory database. The Guardian DSA is a firewall application proxy for X.500 and LDAP protocols that is designed to alleviate these fears. Sitting in the firewall system, it filters directory protocol messages passing into and out of the Intranet, allowing security administrators to carefully control the amount of directory information that is released to the outside world. This paper describes the design of our Guardian system, and shows how relatively easy it is to configure its filtering capabilities. Finally the paper describes the working demonstration of the Guardian that was built for the 1997 World Electronic Messaging Association directory challenge. This linked the WEMA directory to the NameFLOW-Paradise Internet directory, and demonstrated some of the powerful filtering capabilities of the Guardian. This paper was originally presented at The Internet Society 1998 Symposium on Network and Distributed Systems Security (NDSS 98), March 10-12, San Diego, California
- Depositors only (login required):