You are on page 1of 10


Traditional firewalls suffer from limitation and restriction in topologies. Generally, they
assume that all nodes inside of networks are trusted and the external ones are enemies. In
new idea of Distributed Firewalls, the rules are defined centrally but apply on individual
ith huge need to internet during these decades, it is essential to consider the appropriate
methodology for security. !ecurity is not only a big concern of end users specially
dealing with financial transactions like mobile banking, but also for application
developers and even the managers. !ecurity has a wide spectrum and it can be applied in
different levels of a system. "ne of the most significant point is the network and firewall
is a best choice for this achievement. The conventional firewalls reside in the entry of a
network so the entire nodes inside seem to be trusted and it#s the worst shortage of this
method. To overcome this problem, the idea of Distributed Firewall was introduced. In
this model, the policy still defines centrally but the enforcement is applied in individual
The enormous daily increase of internet users is inevitable. In this case the need for
security is essential. The field of network security is a broad issue that covers different
aspects but in general, it refers to applying some techni$ues to prevent unauthori%ed
access to network that cause different kinds of damages in applications, databases and
The network security is deal with these services&
2.1 Privatel
This means the person who is eligible can see the data.
2.2 U!it
It means the suitable relation.
2." A##e$$i%ilit
It means the resources should be ready for use.
2.& C'!tr'l '( a##e$$i!)
It deals with controlling that who can be access to data.
Firewall is a component or a group of it that reside between two networks in order to
control the incoming and outgoing traffic. It could be a software running on a computer
or a device being in a network. The controlling is done based on some rules and
regulations the network administrator defines it. Firewalls trace all packets of information
between two networks and determine which one is trusted and allowed and which on is
untrusted. '()
*onventional firewalls are devices often placed on the edge of the network that act as a
bouncer. The firewall is used to enforce a central policy of what traffic is allowed in and
out of the network. hen traffic flows through the firewall it is evaluated by a set of rules
based on Ip address, port, etc. and either allowed or denied. +ll traffic entering or leaving
the network must pass through this point. This re$uirement itself is often one of the
downfalls of the firewall. For example, users might go around the firewall by using a
modem or some other connection to the Internet. +nother problem is encrypted tunnels,
which provide a hole through the firewall where the traffic isn#t evaluated and flows
freely. !ome problems with standard firewall as follows&
(. Depends on the topology of the network.
,. Do not protect networks from the internal attacks.
-. *ould not work with some protocols like FT. and /eal+udio.
0. 1as uni$ue entry point so in this case an error can cause problem.
2. 3nable to stop spoofed transmissions
4. 3nable to log all of the network5s activity and unable to dynamically open and close
the networking ports.
To cope with these problems, the new idea of the distributed firewall comes into picture.
In the distributed firewall methodology, rules is still centrally defined, Then apply on
each nodes. There is no restriction or even limitation of topologies. They filter the data
movement of external and internal networks.'()
&.1 T-e Di$tri%.te/ *ire0all
4.1.1 Distributed Firewall consists of
4.1.2 Architecture of Distributed Firewall
4.1.3 Working
4.1.4 Rules
&.2 G''/ P'i!t$ '( Di$tri%.te/ *ire0all
T167 +/6 867"9D T16 T".":"G7 /6!T/I*TI"9
FI:T6/I9G !";6 <I9D "F ./"T"*":! :I<6 FT. I! ;3*1 6+!I6/
T16 .":I*7 I! 69F"/*6D 8+!6D "9 T16 966D, I9 "T16/ "/D, T16 9"D6
1I*1 I! 9"T *";;39I*+T6 IT1 6=T6/9+: 96T"/< 3!6 IT! /6:6>+9T
T16 I9!ID6 9"D6! +/6 9" :"9G6/ !3.."!6D +! T/3!T6D.
69*/7.TI"9 I! ."!!I8:6 IT1"3T +97 6FF6*T "9 96T"/< !6*3/IT7
&." Ne)ative P'i!t$ '( Di$tri%.te/ *ire0all
They are impose some bottleneck in network.
ith the huge number of internet connections and different kind of protocols,
traditional firewalls can no longer be practical and useful. For handling with the
problems a new concept of firewall, distributed firewall, is introduced. Distributed
firewall not only use the positive points of the previous one, but also solve many
of its problems.