NuFW
   HOME

TheInfoList



Click Here for Items Related To - NuFW
OR:
NuFW on:   [Wikipedia]   [Google]   [Amazon]

NuFW is a software package that extends
Netfilter Netfilter is a framework provided by the Linux kernel that allows various networking-related operations to be implemented in the form of customized handlers. Netfilter offers various functions and operations for packet filtering, network addr ...
, the
Linux kernel The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel. It was originally authored in 1991 by Linus Torvalds for his i386-based PC, and it was soon adopted as the kernel for the GNU ...
-internal packet filtering
firewall Firewall may refer to: * Firewall (computing), a technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts * Firewall (construction), a barrier inside a building, designed to limit the spre ...
module. NuFW adds
authentication Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicatin ...
to filtering rules. NuFW is also provided as a hardware firewall, in the EdenWall firewalling appliance. NuFW has been restarted by the FFI and renamed into UFWI.


Introduction

NuFW / UFWI is an extension of
Netfilter Netfilter is a framework provided by the Linux kernel that allows various networking-related operations to be implemented in the form of customized handlers. Netfilter offers various functions and operations for packet filtering, network addr ...
which brings the notion of user to IP filtering. NuFW / UFWI can : * Authenticate any connection that goes through your gateway or only from/to a chosen subset or a specific protocol (iptables is used to select the connections to authenticate). * Perform accounting,
routing Routing is the process of selecting a path for traffic in a network or between or across multiple networks. Broadly, routing is performed in many types of networks, including circuit-switched networks, such as the public switched telephone netw ...
and
Quality of service Quality of service (QoS) is the description or measurement of the overall performance of a service, such as a telephony or computer network, or a cloud computing service, particularly the performance seen by the users of the network. To quantitat ...
(QOS) based on users and not simply on IPs. * Filter packets with criteria such as application and OS used by distant users. * Be the key of a secure and simple Single Sign On system.


Principles

NuFW / UFWI refuses the idea of ''IP

user'' as an
IP address An Internet Protocol address (IP address) is a numerical label such as that is connected to a computer network that uses the Internet Protocol for communication.. Updated by . An IP address serves two main functions: network interface ident ...
can easily be spoofed. It thus uses its own algorithm to perform authentication. It depends on two subsystems: Nufw which is connected to
Netfilter Netfilter is a framework provided by the Linux kernel that allows various networking-related operations to be implemented in the form of customized handlers. Netfilter offers various functions and operations for packet filtering, network addr ...
and Nuauth which is connected to clients and Nufw. The algorithm is the following: # A standard application sends a packet. # The Nufw client sees that a connection is being initiated and sends a user request packet. # The Nufw server queues the packet and sends an auth request packet to the Nuauth server. # The Nuauth server sums the auth request and the user request packet and checks this against an authentication authority. # The Nuauth server sends answer back to the Nufw server # The Nufw server transmits the packet following the answer given to its request. This algorithm realizes an ''A Posteriori'' authentication of the connection. As there is no time-based association, this ensures the identity of the user who sent the packet. NuFW is the only real Authentication firewall, as it never associates a user with his machine.


Awards

* 2007 : Lutèce d'Or (Paris, France), Best Innovation * 2005 :
Les Trophées du Libre The ''Les Trophées du Libre'' contest was a free software contest whose goal was to promote innovative software projects by giving those projects recognition and media coverage as well as rewarding participating students and academic institutions ...
(Soissons, France), Security


External links


UFWI websiteNetfilter websiteNuApplet
- Qt client for NuFW {{DEFAULTSORT:Nufw Free system software Free security software Firewall software Linux-only free software