Firewall is a component or a set of components that restricts access between a protected network and the Internet, or between two networks. A traditional firewall tries to protect the internal network from outside threats by permitting or forbidding network connections between the external network and the intemal network. The rules used by the firewall to determine whether a connection should be permitted or not are usually based on the connection type, source address or destination address of the connection, or user authentication, and not on the actual content of the network traffic. Content filtering is to monitor and analyse data in order to filter specific content that is forbidden by an organisation's policy. Previous content filtering approaches include: use blacklists and whitelists to keep lists of sites that should be blocked or allowed, search the content for keywords that frequently appear in undesired sites and block the content if such keywords are found, or utilise rating systems that provide rating of sites. Most previous Internet content filtering programs reside and run on the end users' machines, and not on a central point of the network such as firewall. Therefore, such content filtering could be circumvented or disabled by dishonest end users. In addition to that, maintaining or updating of such programs need to be done for each end user's terminal machines individually. The purpose of this thesis is to investigate, propose and experiment how to combine the content filtering and firewall together, in order to solve problems that cannot be solved either by content filtering or by firewall individually. We propose a method of adding content filtering functionality to the firewall and describe its implementation. We also propose and implement an advanced content filtering method based on text categorisation techniques to replace the basic keywordmatching filtering method. We discuss using content filtering firewall to prevent computer virus propagation through the Internet. Then we propose and describe the implementation of a new attack using encryption to get around the content filtering firewall, hence showing the difficulty the content filtering firewall encounters when end-to-end encryption for network traffic is used.
History
Year
2002
Thesis type
Masters thesis
Faculty/School
School of Information Technology and Computer Science
Language
English
Disclaimer
Unless otherwise indicated, the views expressed in this thesis are those of the author and do not necessarily represent the views of the University of Wollongong.