Documentation
Support
Downloads
Links

www.edenwall.com

Principles

Principle

A packet is emitted by the client. A user Id is associated to this packet and the autorisation is given on a user and filtering base.

Life of a Packet

  1. 1 A standard application sends a packet.
  2. 2 The Nufw server queues the packet and sends an auth request packet to the Nuauth server.
  3. 3 The Nuauth server sends to all nufw agents running on the client computer an authentication request
  4. 4 The Nufw client run by the user whose application sent traffic sees that a connection is being initiated and sends a user request packet.
  5. The Nuauth server sums the auth request and the user request packet and checks this against an authentication authority.
  6. 5 The Nuauth server replies to the Nufw server accordingly
  7. 6 The Nufw server transmits the packet following the answer given to its request.

Architecture

All green flows on the "global process" figure should take place in a protected environnement.

The orange flow is dangerous because it is an unprivilegied zone access to a protected zone. So, particular care is needed to securise this access.