Table of contents
What is a distributed firewall?
Growth in internet access speeds, coupled with increasingly compute-intensive protocols that firewalls have to analyze, have resulted in firewalls becoming congestion points.
Distributed firewalls help solve this problem by using processing power across the network, not just on a single cluster or machine where a firewall is installed.
A distributed firewall is a host-resident security software application, which protects the network as a whole against unwanted intrusion. Deployed alongside more traditional firewalls, distributed firewalls can add another layer of protection to a network while still maintaining high throughput for legitimate network traffic.
In addition, centralized firewalls are based on a model that assumes attacks are coming from outside a network. They apply a “perimeter defense” model where a firewall guards only against malicious traffic coming from outside the network.
This model fails, however, if an attack comes from inside the network — an all-too-common occurrence given the huge variety of ways that users can connect to an internal network, including wireless access and VPN tunnels. Traditional firewalls typically can’t effectively guard against attacks coming from sources like these, but a distributed firewall can add another layer of defense against this type of attack.
Distributed firewalls have a standard set of capabilities:
- Centralized Management: Though distributed firewalls don’t exist in just one place, they do typically offer the ability to configure and "push out" consistent security policies. They also allow for centralized reporting, which makes it practical to update and consistently apply firewall policies.
- Fine-Grained Access Control: Distributed Firewalls allow for fine grained access control, which standard firewalls cannot readily accommodate without greatly increasing their complexity and processing requirements.
- Policies: The ability to set “security policies” to allow and deny access depending on determined criteria. This is basic functionality that underlies all firewalls. Distributed firewalls usually also have features that guarantee the integrity of the policy during transfer.
- Pull and Push Distribution: Distributed firewalls typically support both “pull” and “push” methods of distribution – the former involving pinging the central management server to check whether it’s up and active, then requesting its policies, and the latter ensuring that the hosts always have their updated policies at all times.