Design and Implementation of Distributed Firewall Based on Linux

Linux-based distributed firewall design and implementation-Linux Enterprise Application-Linux server application information. The following is a detailed description. Abstract: firewalls play an important role in network security. However, the traditional border firewall exposes more and more defects and cannot adapt to new network applications. Distributed Firewall is an improvement for traditional firewalls. This article introduces the concept of distributed firewall and provides its design and implementation on Linux.

1. Traditional firewalls and Their Defects

A firewall is a combination of components that implement access control for inter-network communication based on certain security policies between different networks or network security domains.

In the traditional sense, a firewall refers to a border firewall, which divides the network into two parts: Intranet and Internet. It is the only entry and exit for information transmission between networks. It can control inbound and outbound information flows (permitted, denied, and monitored) in accordance with security policies, and has strong anti-attack capabilities. It is an important and basic security device that provides information security services and implements network and information security. Logically, a firewall is a separator, a limiter, and a analyzer that effectively monitors any activity between the Intranet and the Internet and ensures the security of the internal network.

Traditional firewalls rely on network topology restrictions. It assumes that all hosts on the Intranet are trustworthy, while all hosts on the Internet are untrusted. This model works well when the network complies with topology restrictions. However, with the expansion of network connections and the development of new network applications, this model exposes more and more defects, it faces great challenges. Mainly manifested in:

(1) There is nothing to do with attacks that bypass the firewall. If the firewall rules are improperly set, all hosts on the Intranet will be exposed to direct threats of external attacks.

(2) trust all hosts on the Intranet, and "Turn a blind eye" to malicious attacks, unauthorized access, or unintentional misoperations within the network ".

(3) It is a potential communication bottleneck and a single point of failure.

(4) Conflicts with end-to-end encryption (such as VPN.

(5) mobile computing is not supported because it depends on the network topology.

To overcome these defects, the concept of Distributed Firewall (Distributed Firewall) is introduced.

2 Distributed Firewall

Multiple host-based firewalls that are centrally managed and configured form a distributed firewall. In distributed firewalls, security policies are still defined in a centralized manner, but are implemented on each individual network endpoint (such as a host or router.

The distributed firewall contains three required components:

(1) the language used to describe the security policy.

(2) Secure Policy publishing mechanism.

(3) Application and Implementation policy mechanisms.

The security policy language specifies which communication is permitted and which communication is forbidden. It should support multiple types of applications and permission assignment and identity authentication. The policy is published to the network endpoint. The policy publishing mechanism should ensure the integrity and authenticity of the policy during transmission. There are multiple methods to publish a rule. You can directly push it to the terminal system, which can be obtained by the terminal as needed or provided to the user in the form of a certificate. The policy implementation mechanism is located on the host to be protected. Before handling inbound and outbound communications, It queries the local policy and then makes a decision that permits or disables the policy.

The distributed firewall overcomes the defects of traditional firewalls and has the following advantages:

(1) added another layer of security inside the network.

(2) effectively defend against internal attacks.

(3) Eliminate communication bottlenecks and single point of failure on network boundaries.

(4) supports encrypted and authenticated network applications.

(5) It is unrelated to the topology and supports mobile computing.