The performance aspect and security capabilities of the Embedded Firewall (EFW) system are studied in this thesis. EFW is a host-based, centrally controlled firewall system consisting of network interface cards and the "Policy Server" software. A network consisting of EFW clients and a Policy Server is set up in the Advanced Network Laboratory at the Naval Postgraduate School. The Smartbits packet generator is used to simulate realistic data transfer environment. The evaluation is performed centered on two main categories: performance analysis and security capability tests. TTCP program and a script written in TCL are used to perform throughput and packet loss tests respectively. The penetration and vulnerability tests are conducted in order to analyze the security capabilities of EFW. Symantec Personal Firewall is used as a representative application firewall for comparing test results. Our study shows that EFW has better performance especially in connections with high amounts of encrypted packets and more effective in preventing insider attacks. However, current implementation of EFW has some weaknesses such as not allowing sophisticated rules that application firewalls usually do. We recommend that EFW be used as one of the protection mechanisms in a system based on the defense-in-depth concept that consists of application firewalls, intrusion detection systems and gateway protocols.
展开▼
机译:本文研究了嵌入式防火墙(EFW)系统的性能方面和安全功能。 EFW是基于主机的集中控制的防火墙系统,由网络接口卡和“策略服务器”软件组成。海军研究生院的高级网络实验室中建立了由EFW客户和策略服务器组成的网络。 Smartbits数据包生成器用于模拟现实的数据传输环境。评估主要集中在两个类别上:性能分析和安全能力测试。 TTCP程序和用TCL编写的脚本分别用于执行吞吐量和丢包测试。进行渗透和漏洞测试是为了分析EFW的安全功能。 Symantec Personal Firewall用作代表性的应用程序防火墙,用于比较测试结果。我们的研究表明,EFW具有更好的性能,尤其是在与大量加密数据包的连接中,并且在防止内部攻击方面更有效。但是,EFW的当前实现存在一些弱点,例如不允许应用防火墙通常采用的复杂规则。我们建议将EFW用作基于深度防御概念的系统中的保护机制之一,该概念由应用防火墙,入侵检测系统和网关协议组成。
展开▼
