Title :
An unavailability analysis of firewall sandwich configurations
Author :
Goddard, Steve ; Kieckhafer, Roger ; Zhang, Yuping
Author_Institution :
Dept. of Comput. Sci. & Eng., Nebraska Univ., Lincoln, NE, USA
Abstract :
Firewalls form the first line of defense in securing internal networks from the Internet. A Firewall only provides security if all traffic into and out of an internal network passes through the firewall. However, a single firewall through which all network traffic must flow represents a single point of failure. If the firewall is down, all access is lost. A common solution to this problem is to use firewall sandwiches, comprising multiple firewall processors running in parallel. A firewall sandwich system needs load-balancing processes executing on separate processors to manage the flow of packets through the firewall processors. The number of redundant load balancing processors and their redundancy management policies have a major impact on system unavailability. We present a model to analyze the steady-state unavailability of firewall sandwiches and compare the unavailability of various load-balancing configurations. The results show that, using representative non-proprietary values for system parameters, redundancy management policies are at least as important as the number of redundant processing nodes
Keywords :
Internet; authorisation; computer networks; resource allocation; Internet; firewall sandwich configurations; internal networks; load-balancing processes; redundancy management policies; security; steady-state unavailability; system parameters; unavailability analysis; Computer science; IP networks; Internet; Load management; Network servers; Portals; Protection; Steady-state; Telecommunication traffic; Web server;
Conference_Titel :
High Assurance Systems Engineering, 2001. Sixth IEEE International Symposium on
Conference_Location :
Boco Raton, FL
Print_ISBN :
0-7695-1275-5
DOI :
10.1109/HASE.2001.966815
