NuFW

NuFW / UFWI is an extension of Netfilter which brings the notion of user to IP filtering. NuFW / UFWI can: • Authenticate any connection that goes through your gateway or only from/to a chosen subset or a specific protocol (iptables is used to select the connections to authenticate). • Perform accounting, routing and Quality of service (QOS) based on users and not simply on IPs. • Filter packets with criteria such as application and OS used by distant users. • Be the key of a secure and simple Single Sign On system. == Principles ==

NuFW / UFWI refuses the idea of IP == user as an IP address can easily be spoofed. It thus uses its own algorithm to perform authentication. It depends on two subsystems: Nufw which is connected to Netfilter and Nuauth which is connected to clients and Nufw. The algorithm is the following: • A standard application sends a packet. • The Nufw client sees that a connection is being initiated and sends a user request packet. • The Nufw server queues the packet and sends an auth request packet to the Nuauth server. • The Nuauth server sums the auth request and the user request packet and checks this against an authentication authority. • The Nuauth server sends answer back to the Nufw server • The Nufw server transmits the packet following the answer given to its request. This algorithm realizes an A Posteriori authentication of the connection. As there is no time-based association, this ensures the identity of the user who sent the packet. NuFW is the only real Authentication firewall, as it never associates a user with his machine. == Awards ==

• 2007: Lutèce d'Or (Paris, France), Best Innovation • 2005: Les Trophées du Libre (Soissons, France), Security ==External links==