Title :
On the large-scale deployment of a distributed embedded firewall
Author :
Payne, Charles N. ; Ryder, Dorene Kewley
Author_Institution :
Secure Comput. Corp., Roseville, MN, USA
Abstract :
We were recently challenged to deploy a scalable network of host based defenses using the 3com embedded firewall (EFW). The goal was to test EFW scalability in a fully operational environment. A host-based, distributed firewall like EFW requires a different perspective on policy configuration and management than a conventional perimeter firewall. They can improve overall network security by pushing protection to the network endpoints. We implemented the following workaround: protecting first the critical mission assets; restrict access to a host but relax access from the host; leverage other available countermeasures. We also instrumented the internal network with a freeware intrusion detection system (IDS) to monitor the link between the enclave and the satellite connection leading to the perimeter firewall and the extranet.
Keywords :
Internet; authorisation; client-server systems; computer crime; computer network management; message authentication; telecommunication security; virtual private networks; 3com embedded firewall; EFW management; IDS; IRC; Internet relay chat; VLAN technology; Web servers; distributed embedded firewall; host based scalable network; intrusion detection system; mail servers; network security; policy configuration; virtual local area network; Computer crime; Data analysis; Intrusion detection; Large-scale systems; Meeting planning; Network servers; Protection; Telecommunication traffic; Testing; Web server;
Conference_Titel :
Information Assurance Workshop, 2003. IEEE Systems, Man and Cybernetics Society
Print_ISBN :
0-7803-7808-3
DOI :
10.1109/SMCSIA.2003.1232439
