Study of methods for endpoint aware inspection in a next generation firewall
| dc.contributor.author | Heino Jenny | |
| dc.contributor.author | Hakkala Antti | |
| dc.contributor.author | Virtanen Seppo | |
| dc.contributor.organization | fi=kyberturvallisuusteknologia|en=Cyber Security Engineering| | |
| dc.contributor.organization | fi=tietotekniikan laitos|en=Department of Computing| | |
| dc.contributor.organization-code | 1.2.246.10.2458963.20.28753843706 | |
| dc.contributor.organization-code | 1.2.246.10.2458963.20.85312822902 | |
| dc.converis.publication-id | 176187266 | |
| dc.converis.url | https://research.utu.fi/converis/portal/Publication/176187266 | |
| dc.date.accessioned | 2025-08-27T23:43:33Z | |
| dc.date.available | 2025-08-27T23:43:33Z | |
| dc.description.abstract | <p>Given the global increase in remote work with the COVID-19 pandemic and deperimeterization due to cloud deployment of next generation firewalls, the concept of a next generation firewall is at a breaking point. It is becoming more difficult to define the barrier between the good and the bad. To provide the best security for an endpoint with minimal false positives or false negatives it is often necessary to identify the communicating endpoint application. In this study, we present an analysis of key research and methods for providing endpoint aware protection in the context of a next generation firewall. We examine both academic research as well as state-of-the-art of the existing next generation firewall implementations. We divide endpoint application identification into passive and active methods. For passive endpoint application identification, we study several traffic fingerprinting methods for different protocols. For active methods we consider active scanning, endpoint metadata analysis and content injection and reference existing implementations. We conclude that there are several open areas for future research, and that none of the considered methods is a silver bullet solution for endpoint aware inspection in the context of a next generation firewall. To our best knowledge, this is the first study to examine current research and existing implementations of endpoint aware inspection.<br></p> | |
| dc.format.pagerange | 1 | |
| dc.format.pagerange | 15 | |
| dc.identifier.eissn | 2523-3246 | |
| dc.identifier.jour-issn | 2523-3246 | |
| dc.identifier.olddbid | 204497 | |
| dc.identifier.oldhandle | 10024/187524 | |
| dc.identifier.uri | https://www.utupub.fi/handle/11111/53025 | |
| dc.identifier.url | https://cybersecurity.springeropen.com/articles/10.1186/s42400-022-00127-8 | |
| dc.identifier.urn | URN:NBN:fi-fe2022091258765 | |
| dc.language.iso | en | |
| dc.okm.affiliatedauthor | Heino, Jenny | |
| dc.okm.affiliatedauthor | Hakkala, Antti | |
| dc.okm.affiliatedauthor | Virtanen, Seppo | |
| dc.okm.discipline | 113 Computer and information sciences | en_GB |
| dc.okm.discipline | 213 Electronic, automation and communications engineering, electronics | en_GB |
| dc.okm.discipline | 113 Tietojenkäsittely ja informaatiotieteet | fi_FI |
| dc.okm.discipline | 213 Sähkö-, automaatio- ja tietoliikennetekniikka, elektroniikka | fi_FI |
| dc.okm.internationalcopublication | not an international co-publication | |
| dc.okm.internationality | International publication | |
| dc.okm.type | A1 ScientificArticle | |
| dc.publisher | Springer | |
| dc.publisher.country | Singapore | en_GB |
| dc.publisher.country | Singapore | fi_FI |
| dc.publisher.country-code | SG | |
| dc.relation.articlenumber | 25 | |
| dc.relation.doi | 10.1186/s42400-022-00127-8 | |
| dc.relation.ispartofjournal | Cybersecurity | |
| dc.relation.volume | 5 | |
| dc.source.identifier | https://www.utupub.fi/handle/10024/187524 | |
| dc.title | Study of methods for endpoint aware inspection in a next generation firewall | |
| dc.year.issued | 2022 |
Tiedostot
1 - 1 / 1