About eGURU
eGURU Process
Operational Details
Project Ideas
The Proposal Details
Implementation of Application Layer Filters
Filtering of data to and from a network can be done in a number of ways. Network firewalls provide a means to filter traffic based on IP address, port number, etc. Circuit relay gateways validate the connection between two peers before transferring data between them. The Application Level Gateway can allow or disallow traffic according to very specific rules, limiting file access to certain types, varying rules according to authenticated users and so forth. It may also perform detailed logging of traffic and monitoring of events on the host system and can often be instructed to sound alarms or notify an operator under defined conditions. The Application Level Gateway is the most sophisticated way of filtering data using a firewall. Most scenarios do not require such detailed level of filtering. Moreover, this kind of filtering involves very tedious setup and maintenance.
* The core of this project is in the creation, deletion and maintenance of the access control list. We will use Oracle database server to maintain the access control list. Access control list of a user is a mapping between that user and one or more applications. For each user-application pair, we specify detailed information about the type of their relation. We may specify that a user is allowed to access a specific application only on week days only during the office working hours. The access control list will encode this information and used it whenever a user logs in using the application server. * The other important part of the database is to provide a means of secure communication between the client and the server. There are many ways in securing this communication. Encryption is one technique. Secure socket layers could also be used. When validating client terminals a better method than just IP address validating can be used. This may involve using some kind of a secret id at the client terminal and then perform some one way function such as a hash function and then send it to the server for authentication. * The client side is abstracted out in a way that will be easier for custom applications to embed them into their applications. The communication between the server and the client may then either be tunneled through the application layer server or may be allowed to take place directly. * Programming language used will be Java. Java has become the most common programming language for most embedded systems, and network based applications. Database will be maintained using Oracle, as this is the most widely used database engine and is available on many platforms.
1. Herbert Schildt, The complete reference, Java 2, Prentice-Hall, Inc., 1998 2. Elliot Harrold, Java Network programming 2nd Ed., O?reilly, 2000 3. http://java.sun.com 4. http://www.oracle.com 5. http://www.windowsecurity.com/articles/Application_Layer_Filtering.html 6. http://www.group1ifw.com/whitepapers/a_comparison.htm