Design and Implementation of a Distributed Firewall
Dalila Boughaci (LRIA-USTHB, Algeria), Brahim Oubeka (LRIA-USTHB, Algeria), Abdelkader Aissioui (LRIA-USTHB, Algeria), Habiba Drias (LRIA-USTHB, Algeria) and Belaïd Benhamou (Technopôle de Château-Gombert, France)
Copyright: © 2009
This chapter presents the design and the implementation of a decentralized firewall. The latter uses autonomous agents to coordinately control the traffic on the network. The proposed framework includes a set of controllers’ agents that ensure the packets filtering services, a proxy agent that plays a role of a proxy server and an identifier agent which is responsible for user authentication. The decentralization of the different agents’ activities is managed by an administrator agent which is a core point for launching the most important operations of the access control. A prototype has been designed and implemented. Furthermore, the authors hope that the underlying framework will inform researchers of a possible way to implement a decentralized firewall to improve the current solution, and will help readers understand the need for techniques and tools such as firewalls that are useful to protect their network traffic.
This section is intended to give the reader a basic understanding of traditional firewalls and software agents.
Key Terms in this Chapter
Packet: Called also datagrams, it is a piece of a message (data and destination address) transmitted over a packet-switching network.
Computer Security: Techniques and measures used to protect data stored in a computer or circulated on the network from unauthorized accesses. Among the security tools, we find firewalls, intrusion detection system, antivirus, data encryption, and passwords systems.
Packets Filtering: A technique for controlling access to a network by analyzing the traversal packets and allowing or disallowing them passing based on the IP addresses of the source and destination.
Router: A device that forwards data packets along networks.
Ping: A utility to determine whether a specific IP address is accessible.
IP Spoofing: A technique to gain unauthorized access to network. The hacker can do it by modifying the packet header then sending messages to a computer with an IP address indicating that the message is coming from a trusted host.
Network Firewall: A device used to control access between a trusted network and an untrusted network based on certain configured rules.
Hacker: An intruder who gains unauthorized access to computer system.
Proxy: A relay which sits between a client application and the real server permitting to intercept all requests on the network. The proxy server effectively hides the true network addresses.
Complete Chapter List
Jatinder N. D. Gupta, Sushil Sharma
Jatinder N. D. Gupta, Sushil Sharma
Xin Luo, Qinyu Liao
Gaeil An, Joon S. Park
John D’Arcy, Anat Hovav
Udaya Kiran Tupakula
Wasim A. Al-Hamdani
Dalila Boughaci, Brahim Oubeka, Abdelkader Aissioui, Habiba Drias, Belaïd Benhamou
Doug White, Alan Rea
Li Yang, Raimund K. Ege, Lin Luo
Siraj Ahmed Shaikh
Rajeev R. Raje, Alex Crespi, Omkar J. Tilak, Andrew M. Olson
Manish Gupta, JinKyu Lee, H. R. Rao
William H. Friedman
Sushil K. Sharma, Jatinder N.D. Gupta
Sushil K. Sharma, Jatinder N.D. Gupta, Ajay K. Gupta
Erik Graham, Paul John Steinbart
Robert W. Proctor, E. Eugene Schultz, Kim-Phuong L. Vu
Wm. Arthur Conklin
Christopher M. Botelho, Joseph A. Cazier
Dwayne Stevens, David T. Green
Rebecca H. Rutherfoord
Rodolfo Villarroel, Eduardo Fernández-Medina, Juan Trujillo, Mario Piattini