Firewall-based authentication with Edenwall

WATCHMAN

Article from Issue 85/2007
Author(s):

Instead of granting access by address, the NuFW Netfilter module provides identity-based authentication. The Edenwall firewall appliance comes with built-in NuFW technology.

Today’s firewalls typically reside in Layers 3 and 4 of the OSI model, where they filter traffic on the basis of IP addresses and TCP/ UDP ports. To take Layer 7 information into consideration, administrators either deploy proxies or use fairly simplistic patterns. Things get even worse if you need a rule base that gives you filtering on the basis of user IDs. Most models are throwbacks to the 90s and assume that each machine will have a single useronly. Of course, this assumption is fatal if you are dealing with terminal servers or Linux.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Charly's Column

    If you are like me and have a selective memory, your laptop, mobile phone, and WebCalendar can help you keep track of your schedule. Like most other effective remedies, this solution has a couple of strange side effects.

    more »
  • Socks 5

    Socks is a universal proxy protocol for TCP and UDP that allows internal hosts to securely pass the firewall and authenticates users. This article describes the latest version of the Socks proxy protocol and shows how to implement it.

    more »
  • Charly's Column

    Conventional, woodpecker-style port knocking is open to sniffing and brute force knocking attacks. Sending an encrypted packet with an access request to the server is safer and more modern. Learn more about Firewall Knock Operator, a.k.a. Fwknop.

    more »
  • Firewalls Intro

    Firewalls are becoming evermore sophisticated. Luckily, the tools for managing firewalls are becoming simpler and more accessible for ordinary users

    more »
  • Persistent iptables

    The Linux iptables packet filter lacks an easy way to load rules automatically after restarting a system, but you can automate this process several ways.

    more »
comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More

News

Tag Cloud

Administration Community Events Hardware Linux Linux Pro Magazine Mobile Programming Security Software Ubuntu Web Development Windows free software open source