Conventional firewalls rely on the notions of restricted topology and controlled entry points to function. More precisely, they rely on the assumption that everyone on one side of the entry point—the firewall—is to be trusted, and that anyone on the other side is, at least potentially, an enemy. The vastly expanded Internet connectivity in recent years has called that assumption into question. We propose a "distributed firewall", using IPSEC, a policy language, and system management tools. A distributed firewall preserves central control of access policy, while reducing or eliminating any dependency on topology.
- distfw.pdf application/pdf 212 KB Download File
More About This Work
- Academic Units
- Computer Science
- Published Here
- June 24, 2010
;login:, special issue (November 1999), pp. 39-47.