1.1 Overview of firewalls
With the rapid growth of interest in the Internet network security has become a major concern to companies throughout the world. The fact that the information and tools needed to penetrate the security of corporate networks are widely available has only increased that concern. Tool which is used to block malicious packets at the gateway is called firewall.

Fig 1: Typical firewall

Firewall Features: 1. 2. 3. 4. Inbound and Outbound Filtering Privacy protection Application Integrity Notifications

Page 1

the audit database.1. (2) "Bottleneck" problem. and firewall rules are bound to become increasingly complex. but when the network size increases. Distributed firewall 2. Traditional firewall cannot control the internal data flow. On the one hand more and more network bandwidth requires the firewall with a high throughput. totally do not know anything. And thus the firewall functionality and performance is of contradictory. Variety of connection methods. Traditional firewall security policy is formulated for the whole network. enable individuals to bypass the firewall and establish a connection. the new technologies of network emerges. such as tunnels. (3) "The effectiveness of single-point" problem. then the whole network is exposure to attack. the border firewall still performs the traditional task of guarding the door. so once the firewall is configured incorrectly or defective. Policy Server is the core of the entire DFW. wireless connectivity and dial-up access. (5) Single Safe Mode. mainly including central management interface. because the physical boundaries still exist. Page 2 . but to reduce the burden of their shoulders. but because it only deals with the whole network-related security issues. A firewall has thousands of responsibility. and encryption and authentication modules. 2. all the hosts in the whole network obey to a single security model. resulting in network security risks.1 Architecture In the DFW architecture the border firewall did not waste. it is essential to prevent internal attacks. let alone to prevent internal attacks naturally. so that processing speed of the firewall gets down. rules are less and therefore more efficient. policy database. Some data indicate that the majority of network attacks come from within. (4) Unauthorized access problem. on the other hand. mainly in the following areas: (1) Not preventing inside. the defects of the working model are exposed daily. hacker's attack methods are more and more.2 Problems with traditional firewall The above-mentioned model can better work in the small and medium networks.

including the rule-making. indicating system status. (4) The system scalability. The boundaries of traditional firewalls are equal to all internal hosts in a sense. The distributed firewall technology eliminates the structural bottlenecks problems in the network and improves system performance. 2. or graphical user interface Host firewall resides on the host computer responsible for policy implementation. Page 3 . if one of them has been penetrated. such attacks are not established. (2)Audit Log Management Module: The required audit log files obtained from the firewall host are separated into specific data structures for graphical user interface module displays. (3) System performance guarantee. this demand will become more and more with the development of VPN. Distributed firewall uses encryption for communications between hosts.Center management interface is responsible for human-computer interaction. So communication is well protected . In fact. But in the logic of "internal´ network. Since the traditional boundary firewall has a single access control point. Implementation 3. 3.2 Advantages (1) Secure communication.1 Structure of program The overall program is divided into following modules: (1)GUI module: Responsible for receiving user input information (including authentication information). Rule-making is achieved through using rule definition language. the attacker can easily launch attacks other internal hosts. it is a negative impact to the network performance and reliability of the network. management information and the audit logs the host firewall send over. the most important advantage of a distributed firewall is that it can protect hosts which do not belong to the internal network in the physical topology. to receive and display the host firewall security policy. (2) Solution to problem with single boundary. but for distributed firewall. The module is able to summary and analyze log audit information provide security reports for the security administrator. that is.

Encryption and decryption of transmission data ensure the transmission data Confidential and integral.(3) Security policy management module: Policy data received from the graphical user interface module is saved in a particular format in the policy file which can be sent to the firewall host via a secure transmission channel. 3.2 Screenshots Server: Page 4 . (4) Secure transmission module: This module is responsible for establishing the secure transmission channel between the safety management center and the host firewall.

Conclusion Distributed firewall technology is a new architecture to solve network security problems. security policy management. 4. at the same time it makes up for deficiencies in the border firewall. Page 5 . and security Transport Module. The design and implementation of various parts are introduced.Include outside computers in the network. I have implemented various modules such as security management center which consists of graphical user interface module.3 Future work I have identified following work which can be done in future on this topic. Then the detailed study of both traditional firewall and distributed firewall is done. It plays a role of traditional firewall. audit log management. . .Design a secure encryption scheme for communication between computers.Client: 3.

cs. Wikipedia: http://en.html Page 6 . 2.5.columbia. Reference 1. 3.edu/~smb/papers/distfw.wikipedia.org/wiki/Firewall_(computing) Analysis and Design of Distributed Firewall System in Campus Network by Liu Xiaofei . 2009 Second Asia-Pacific Conference on Computational Intelligence and Industrial Applications Distributed firewalls http://www.

Sign up to vote on this title
UsefulNot useful

Master Your Semester with Scribd & The New York Times

Special offer for students: Only $4.99/month.

Master Your Semester with a Special Offer from Scribd & The New York Times

Cancel anytime.