On the large-scale deployment of a distributed embedded firewall

Author

Payne, Charles N. ; Ryder, Dorene Kewley

Author_Institution

Secure Comput. Corp., Roseville, MN, USA

fYear

2003

fDate

18-20 June 2003

Firstpage

296

Lastpage

297

Abstract

We were recently challenged to deploy a scalable network of host based defenses using the 3com embedded firewall (EFW). The goal was to test EFW scalability in a fully operational environment. A host-based, distributed firewall like EFW requires a different perspective on policy configuration and management than a conventional perimeter firewall. They can improve overall network security by pushing protection to the network endpoints. We implemented the following workaround: protecting first the critical mission assets; restrict access to a host but relax access from the host; leverage other available countermeasures. We also instrumented the internal network with a freeware intrusion detection system (IDS) to monitor the link between the enclave and the satellite connection leading to the perimeter firewall and the extranet.

Keywords

Internet; authorisation; client-server systems; computer crime; computer network management; message authentication; telecommunication security; virtual private networks; 3com embedded firewall; EFW management; IDS; IRC; Internet relay chat; VLAN technology; Web servers; distributed embedded firewall; host based scalable network; intrusion detection system; mail servers; network security; policy configuration; virtual local area network; Computer crime; Data analysis; Intrusion detection; Large-scale systems; Meeting planning; Network servers; Protection; Telecommunication traffic; Testing; Web server;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Assurance Workshop, 2003. IEEE Systems, Man and Cybernetics Society

Print_ISBN

0-7803-7808-3

Type

conf

DOI

10.1109/SMCSIA.2003.1232439

Filename

1232439