28-12-2010, 11:29 PM
Reorganization of Firewalls based on Policy Distribution
Sreejith S
S7 CSE
Department of Computer Science And Engineering
Government Engineering College, Thrissur
December 2010
Sreejith S
S7 CSE
Department of Computer Science And Engineering
Government Engineering College, Thrissur
December 2010
Overview
Introduction to firewalls
Why distributed firewalls?
The new system
Requirements and System Components
Implementation on BSD Linux
Advantages
Discussion
Firewalls!!
Unauthorized access control mechanism
Packet Filter
Application Gateway
Circuit-level Gateway
Proxy-Server
Drawbacks of the
conventional system[2]
Insiders of the netwo rk are trusted
Congestion Points
New protocols which are difficult to be
processed at firewalls
Application specific access controls
From
Firewalls
>>
Distributed Firewalls
Requirements Of The New Firewall
A security policy language(e.g. KeyNote)
An authentication mechanism (e.g.. IPsec.)
A repository to keep credentials.
System Components
A Central Management System
A Transmission System
Implementation of the policies at client side
Implementation of a
distributed firewall on BSD
Linux
Elements of the Implementation
A set of kernel extensions
A user level daemon process
A device driver
Advantages
Enhancement of Performance
Easier protocol filtering
Protection from insider attacks
Filtering can be done as per needs and
credentials
End-to-end encryption improves security
considerably
References
[1] Thames, J Lane., Randal, Abler., and Kneeling, David . A distributed
firewall and active response architecture providing preemptive
protection. A.C.M. March 2008.
[2] Ioannidis, Sotiris., Keromytis, Angelos D., Bellovin, Steve M., and
Smith, Jonathan. Implementing a Distributed Firewall . A.C.M 2000.
[3] Stepanek, Robert. Distributed Firewalls. Seminar on Network
Security: Telecommunication Software and Multimedia Laboratory.
Helsinki University of Technology. 2001.
[4] Wikipedia, the free online encyclopedia. http://en.wikipedia.org
Reorganization of Firewalls based on Policy distribution.pdf (Size: 178 KB / Downloads: 59)