DynFire: Dynamic Firewalling in Heterogeneous Environments

This paper presents "Dyn-Fire," a novel approach for the role-based, dynamic control of network firewalls. Dyn-Fire allows an individually controlled, secure access to the IT resources of a large organization, with particular focus on mobile users and users with restricted rights, such as subcontractors. The basic assumption behind Dyn-Fire is that, within a secured network domain separated from the Internet, the authors can establish a temporary binding between an IP address and a single user ID. Whenever a user connects to or disconnects from this secure network domain, firewalls are configured accordingly, using a centralized "Firewall Manager" and standardized signaling protocols.