Are you an EPFL student looking for a semester project?
Work with us on data science and visualisation projects, and deploy your project as an app on top of GraphSearch.
Concept
Distributed firewall
Summary
A distributed firewall is a security application on a host machine of a network that protects the servers and user machines of its enterprise's networks against unwanted intrusion. A firewall is a system or group of systems (router, proxy, or gateway) that implements a set of security rules to enforce access control between two networks to protect the "inside" network from the "outside" network. They filter all traffic regardless of its origin—the Internet or the internal network. Usually deployed behind the traditional firewall, they provide a second layer of defense. The advantages of the distributed firewall allow security rules (policies) to be defined and pushed out on an enterprise-wide basis, which is necessary for larger enterprises.
Distributed firewalls are often kernel-mode applications that sit at the bottom of the OSI stack in the operating system. They filter all traffic regardless of its origin—the Internet or the internal network. They treat both the Internet and the internal network as "unfriendly". They guard the individual machine in the same way that the perimeter firewall guards the overall network. Distributed firewall function rests on three notions:
A policy language that states what sort of connections are permitted or prohibited,
Any of a number of system management tools, such as Microsoft's SMS or ASD, and
IPSEC, the network-level encryption mechanism for Internet Protocol (TCP, UDP, etc.)
The basic idea is simple. A compiler translates the policy language into some internal format. The system management software distributes this policy file to all hosts that are protected by the firewall. And incoming packets are accepted or rejected by each "inside" host, according to both the policy and the cryptographically verified identity of each sender.
A central management system for designing the policies,
A transmission system to transmit these policies, and
Implementation of the designed policies at the client end.
The security policy of distributed firewalls are defined centrally, and the enforcement of the policy takes place at each endpoint (hosts, routers, etc.
Official source
About this result
This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.