Classification of Firewall Issues Given that: Showing the issues arising when firewalls are located within the communication path. Describes the issues of each specific application in a more...

Classification of Firewall Issues Given that: Showing the issues arising when firewalls are located within the communication path. Describes the issues of each specific application in a more structured way, defining the following classes of problems: o Softwareo Hardwareo Networko Security policy We will recognize two categories of firewall issues and further subdivide them accordingly. Issues are either caused by: The fact that the application is unaware of the network. The fact that the network is unaware of the application. The classification is made based on the assumption that both the network and the application may not be aware of each other in terms of requirements. Typically, the application assumes network transparency. However, the application also expects secure and reliability operation and therefore expects to be protected against malicious intends. Both expectations require some understanding between the application and the network. We therefore approach the classification from the above listed observations. At this point we do not seek solutions for these issues, we sometimes only hint towards them. Issues caused by the application having difficulties to be aware of network needs This is an issue were applications try to adapt towards the needs of the network. This paragraph tries to map each firewall issue as identified in the following four categories: software, hardware, network, and security policy. Software and port numbers Port numbers and number of ports are unknown until the application starts. The consequence is that firewall administrators need to create big holes (up to 10.000 ports) if the application is not capable of determining the amount of ports to be used and/or the port numbers are unknown. Trying to push all traffic though a single hole (e.g. HTTP port 80) causes referral problems. In general, only specific, predetermined applications that use a low number of very well defined ports (or “well-known ports”) can be...