SOCKS Security Spec Gets Stronger Foothold

Upcoming additions to the Secure Sockets (SOCKS) standard, detailed at the SOCKS Developer Conference on Monday, will make the security and policy-making specification more suitable for multicasting and multimedia application deployment.

SOCKS is an Internet Engineering Task Force (IETF) standard for IP-based security and policy management. Going a step beyond firewalls, SOCKS enables administrators to set user policies based on specific protocols. For example, a user may be permitted to access HTTP streaming or Java programs, said Saqib Jang, SOCKS Version 5 marketing director at NEC Systems.

This type of control enables administrators setting user policies to set security and allot bandwidth, Jang said. SOCKS is viewed as both a supplement to or alternative to firewalls.

"The beauty of SOCKS is if you take firewalls, firewalls only provide user authentication for one or two types of protocols," Jang said. SOCKS policies can be designated in either a separate server or in a firewall itself.

A final version of SOCKS Version 5, which does not have a specific point-release designation, is expected to be charted this fall by the IETF Authenticated Firewall Traversal (AFT) working group. A chief improvement planned is enhanced support for User Datagram Protocol (UDP), enabling a reduction in network traffic related to SOCKS.

"It's beneficial because [UDP is] usually used for things like multimedia," said Marc VanHeyningen, Internet security architect at Aventail, an extranet technology supplier. He also is editor for the Socks Version 5 specification for the AFT group.

The upcoming revision to Version 5 also boosts support for Generic Security Services API, which provides a standard for strong encryption, VanHeyningen said.

By late-2000, the AFT group hopes to have in place an early iteration of SOCKS Version 6, which will focus on extensibility. This will enable the addition of improvements to SOCKS without having to rewrite the entire specification.

Multicasting, through which multiple persons could receive Internet broadcasts and forward them to others, also will be a highlight of Version 6.

Additional extensions to SOCKS that were highlighted at the conference include support for the H.323 video streaming protocol; WinCE access, enabling Windows CE handheld devices to use SOCKS, and Internet Inter-ORB Protocol, for client-server communications.

WinCE support extends SOCKS to virtual private networks (VPNs), Jang said. "People are using Windows CE devices as the end point for VPNs," he said Among the companies backing SOCKS Version 5 are Aventail, Hummingbird Communications, IBM, Microsoft, Netscape, and Novell.

Aventail Corp., in Seattle, is at NEC Systems Inc., in San Jose, Calif., is at The company's SOCKS informational page is at

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about AllotAventailExtensibilityHummingbirdHummingbird CommunicationsIBM AustraliaIETFInternet Engineering Task ForceMicrosoftNECNovell

Show Comments