Abstract:
The modern world is an interconnected world. Electronic devices have been connected with each other, which allow sharing of data. Underlying the interconnected world are numerous networks of computers that together make up the internet. However, the rise of the internet has also brought about serious security risks. Using these connections, data can be transmitted to any device on the network. This means that people have numerous opportunities to intercept communication or initiate their own communications. This makes it easy to send malicious software that can be used to steal data or corrupt computer systems. In order to prevent this, it is important to secure the basic networks that make up the internet. This paper examines the use of distributed firewalls with the aim of improving network security and preventing unauthorized access to secure data.
Implementation of distributed firewalls
The project selected for this paper is improving network security for an organization by implementing a distributed firewall. Computer networking is an integral part of business. This is attributable to the fact that it facilitates the flow of information within the organization, as well as, outside the organization. For a medium sized organization with about 300 computers, a local area network is very important. In order to allow the use of services like cloud computing, online retailing, customer care, and remote access, the internal network of an organization is usually linked to the internet. However, this exposes the internal network and all the resources within the network to threats from the internet. Such threats take various forms such as hacking, phishing, denial of service, data theft, and unauthorized access just to mention a few. These threats greatly affect the integrity of the data stored in the company’s database. Therefore, there is need to protect the network from malicious traffic from the internet. The most common method used to protect networks is the use of firewalls. These are barriers between the internal network and the internet (Al-Shaer, 2014).
Firewalls function by filtering traffic coming from inside and outside the organization’s network. Traditionally, firewalls have assumed that traffic from the internet is unsafe while that originating from the internal network is safe. It works by filtering out traffic from the internet before it can get into the internal network. This is critical as they ensure that all traffic within the organization’s network is authorized. The traffic is checked against a checklist in the settings of the firewall and if they match, the traffic is allowed in. if it does not match a checklist, it is dropped. This in turn prevents any unauthorized access to the network by ensuring that only users and traffic with authorization is allowed into the network. However, there have been cases where the internal traffic was compromised leading to the internal network becoming compromised. This weakness makes traditional firewalls ineffective in addressing unwanted and unauthorized traffic into and out of a network.
In order to prevent this, a new form of firewall implementation known as distributed firewalls. Unlike the traditional firewall implemented at the boundary of the internal and the external network, the distributed firewall is implemented on the host level (Al-Shaer, 2014). It is a kernel mode application, which means it is able to run with the operating system. It is therefore able to inspect traffic from every network. It considers both the internal network and the internet to be unsafe. It is therefore able to protect the internal network at the host level. Intrusions from within the internal network will be detected by this implementation of distributed firewalls (Al-Shaer, 2014). This has proven to be effective in controlling network traffic by ensuring the monitoring ad verification of all network traffic before entering or leaving the network.
A distributed firewall is effective in addressing network problems because it is made up of a number of components. These are the central management system, a policy transmission, and implementation on the host end. The central management system is very important as it allows for centralized control of the entire network centralized control also makes it easier to manage risks within the network. The policy allows the policy to be transmitted from the central management system to the individual client end machines where it will be implemented.
A distributed firewall system is appropriate for a medium sized company for a number of reasons. First, internal traffic within networks is often overlooked for security breaches. Many people assume that threats come from external sources. However, it is possible to compromise the network from within. The Stuxnet virus that was used against nuclear installations in Iran is an example of a threat that was introduced from within the network. Secondly, if an intruder gains access to one host machine in a network, it is possible to exploit the whole network using this single machine they have control over. Because traffic from within the network is considered to be trusted, a compromised machine can give access to the other machines on the network. Finally, end-to-end encryption makes it impossible for traditional firewalls to intercept encrypted traffic. Since a communication is encrypted, the traditional firewall will not be able to the contents of the communication (Stewart, 2011).
Since a distributed firewall is based on the host machine, it is able to overcome these problems. First, internal traffic as well as internet traffic is unsafe and affects the security of the organization’s network. The distributed firewall will therefore check all communications against the policy before it can allow them into the individual machine. This means that the network and all resources located on it are protected against such threats regardless of their origin. The central management system for a distributed firewall allows easy monitoring and management of the firewall on the different individual machines. The distributed firewall is a software application in the host machine that is in constant communication with the central management system (Stewart, 2011). If any changes occur, the administrator just updates the entire system using the central management system. A distributed firewall is seen as a more effective tool against network threats when used properly in addition to other measures such as the traditional firewall and various anti-virus and malware software.
Concluding statement:
In conclusion, this project will be concerned with implementing a distributed firewall in a medium sized enterprise with approximately 300 machines.
References
Al-Shaer, E. S. (2014). Automated firewall analytics: Design, configuration and optimization. Cham : Springer
Stewart, J. M. (2011). Network security, firewalls, and VPNs. Sudbury, Mass: Jones & Bartlett Learning.
