© University of Kent - Contact | Feedback | Legal | FOI | Cookies
A directory application level firewall - the Guardian DSA
D.W. Chadwick and A.J. Young
In W.S. Schneider B. Jerman-Blazic and T. Klobucar, editors, Advanced Security Technologies for Insecure Networks, pages 182-196. IOS Press, Amsterdam, December 2000 Proceedings of the NATO Advanced Networking Workshop on Advanced Security Technologies in Networking, Portoroz, Slovenia, 2000 3.Abstract
The Internet White Pages Service has been slow to materialise for many reasons. One of them is the security concerns that organisations have, over allowing the public to gain access to either their Intranet or their directory database. The Guardian DSA is a firewall application proxy for X.500 and LDAP protocols that is designed to alleviate these fears. Sitting in the firewall system, it filters directory protocol messages passing into and out of the Intranet, allowing security administrators to carefully control the amount of directory information that is released to the outside world. This paper describes the design of our Guardian system, and shows how relatively easy it is to configure its filtering capabilities. Finally the paper describes the working demonstration of the Guardian that was built for the 1997 World Electronic Messaging Association directory challenge. This linked the WEMA directory to the NameFLOW-Paradise Internet directory, and demonstrated some of the powerful filtering capabilities of the Guardian. This paper was originally presented at The Internet Society 1998 Symposium on Network and Distributed Systems Security (NDSS 98), March 10-12, San Diego, California
Download publication 52 kbytes (PDF)Bibtex Record
@incollection{2128, author = {D.W. Chadwick and A.J. Young}, title = {A Directory Application Level Firewall -- the {G}uardian {DSA} }, month = {December}, year = {2000}, pages = {182-196}, keywords = {determinacy analysis, Craig interpolants}, note = {Proceedings of the NATO Advanced Networking Workshop on Advanced Security Technologies in Networking, Portoroz, Slovenia, 2000 3}, doi = {}, url = {http://www.cs.kent.ac.uk/pubs/2000/2128}, publication_type = {incollection}, editor = {B. Jerman-Blazic , W.S. Schneider and T. Klobucar}, booktitle = {Advanced Security Technologies for Insecure Networks}, publisher = {IOS Press, Amsterdam}, }