A Stateful CSG-Based Distributed Firewall Architecture for Robust Distributed Security

Distributed firewalls have been developed in order to provide networks with a higher level of protection than traditional firewalling mechanisms like gateway and host-based firewalls. Although distributed firewalls provide higher security, they too have limitations. This work presents the design & implementation of a new distributed firewall model, based on stateful Cluster Security Gateway (CSG) architecture, which addresses those shortcomings. This distributed security model adopts a bottom-up approach such that each cluster of end-user hosts is first secured using the CSG architecture. These different CSGs are then centrally managed by the Network Administrator. A file-based firewall update mechanism is used for dynamic realtime security. IPsec is used to secure the firewall policy update distribution while X.509 certificates cater for sender/receiver authentication.