Architecture and Applications for a Distributed Embedded Firewall
نویسندگان
چکیده
The distributed firewall is an important new line of network defense. It provides fine-grained access control to augment the protections afforded by the traditional perimeter firewall. To be effective, though, a distributed firewall must satisfy two critical requirements. First, it must embrace a protection model that acknowledges that everything behind the firewall may not be trustworthy. The malicious insider with unobstructed access the network can still mount limited attacks. Second, the firewall must be tamperresistant. Any firewall that executes on the same untrusted operating system that it is charged to protect begs the question: who is protecting whom? This paper presents a new distributed, embedded firewall that satisfies both requirements. The firewall filters Internet Protocol traffic to and from the host. The firewall is tamper-resistant because it is independent of the host’s operating system. It is implemented on the host’s network interface card and managed by a protected, central policy server located elsewhere on the network. This paper describes the firewall’s architecture and associated assurance claims and discusses unique applications for it.
منابع مشابه
Design and Performance of Firewall System Based on Embedded Computing
Conventional firewall has failed to resist the attack from the inside network and distributed firewall excessively relies on the host operation system, therefore embedded firewall become the focus of the current network security research. The paper discusses the design and implementation of firewall system based on embedded computing. In addition, it presents architecture of embedded firewall, ...
متن کاملEvaluation of Three Approaches for CORBA Firewall/NAT Traversal
Applications that use CORBA as communication layer often have some restrictions for multi-domain deployment. This is particularly true when they have to face firewall/NAT traversal. Furthermore, nowadays there isn’t a well-accepted unique or standardized solution adopted by all ORBs, compelling applications using this middleware to use proprietary solutions that sometimes do not address the env...
متن کاملAgent Systems in Software Engineering
During the last decade the continuous growth of the Web resulted in a significant development shift from simple types of software applications to distributed multi-tier web-based applications. In general, distributed systems are by nature more complex than centralized systems. As a result, the software engineering tasks of these systems are also complicated. Unlike traditional software applicat...
متن کاملEmulating an Embedded Firewall
The Adventium Labs Embedded Distributed Firewall provides a simple interface for securely managing approved network flows between computers on a network. A “conversation” manager provides a simple interface for managing flows, defining the connections authorized between nodes on a network. These policies are enforced in hardware embedded in the network interface card of each computer. The polic...
متن کاملScalable Architecture for Distributed Video
As video applications become more important in organization’s communication, they require a new kind of architecture that meets the scalability requirements. Video applications are distributed in nature, and run almost exclusively over IP networks today. This paper investigates the architectural approaches for creating a scalable video network, and discusses the key potential bottlenecks in per...
متن کامل