| Firewall is an import method to protect computer networks. Traditional perimeter firewall relies heavily on network topology, which makes traditional firewall incapable to prevent inside attacks and easily to be network bottleneck. Distributed firewall is a new type of firewall in order to solve problem that traditional firewall failed to do, and provide a better network security solution for enterprise use. But distributed firewall also relies on host operating system to work. The security of a distributed firewall is based on the underlying operating system. The better solution is to employ embedded technology in distributed firewall design. Thus we bring out the concept of distributed embedded firewall. Embedded firewalls are integrated in network interface cards. The network interface cards work at endpoints as policy enforcement devices, which provide direct protection to servers and desktop hosts. A central server called Policy Server is responsible for policy- editing and distributing policies to end nodes. This type of firewalls combines the robustness of hardware solution and agility of software solution, thus create comprehensive security architecture. Distributed embedded firewall solution is comprised of embedded firewall network interface cards, policy servers and related software collections. The thesis introduces the general principle of distributed firewall architecture and points out its limitation. Then we further our distributed firewall researches by means of embedded technology. We present a model of an implement of the embedded firewall network interface card that integrated an ARM processor on it. |
PDF Full Text Request