Technical Reports
The report FIMU-RS-2004-02
Application-Level Firewall Protection Profile for High Robustness Environments-Initial Considerations
by
Mark Kelly,
Václav Matyá¹,
Ahmed Patel,
April 2004, 43 pages.
FIMU-RS-2004-02.
Available as Postscript,
PDF.
Abstract:
Firewalls act as access control policy mediators between networks.
They either permit or block the exchange of data between networks.
The ability to permit or block the transfer of data means
firewalls can be used to selectively allow access to the resources
it protects. Firewalls of varying security levels have been
created to provide security that is adequate to the sensitivity of
the data being protected. Firewalls are often formally evaluated
to certify what level of security they are suitable for. They are
evaluated against so-called security evaluation criteria --
standardised descriptions of security measures. Common Criteria
(CC) is the current global standard for evaluations. Firewall
security attributes are described in a Protection Profile (PP)
that defines an implementation-independent set of security
requirements and objectives for a category of products or systems
that meet similar consumers needs for IT security. Our project set
out to produce a summary of security issues for an
Application-Level Firewall Protection Profile (PP) for a High
Robustness Environment. We started our work with the Basic-Level
Firewall PP, the Medium-Level Firewall PP and the High-Level Mail
Guard PP. The two firewall PPs and the Mail Guard PP are compared
to give an insight into what the issues concerning the High-Level
Firewall PP are. This High-Level Firewall PP is then discussed in
terms of its major principles.