Loading…
FT-FW: A cluster-based fault-tolerant architecture for stateful firewalls
Nowadays, stateful firewalls are part of the critical infrastructure of the Internet. Basically, they help to protect network services and users against attackers by means of access control and protocol conformance checkings. However, stateful firewalls are problematic from the fault-tolerance persp...
Saved in:
| Published in: | Computers & security 2012-06, Vol.31 (4), p.524-539 |
|---|---|
| Main Authors: | , , |
| Format: | Article |
| Language: | English |
| Subjects: | |
| Citations: | Items that this one cites Items that cite this one |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| cited_by | cdi_FETCH-LOGICAL-c395t-23ef52a674170d5df737d68be17885172a1b51b8a2a5e239494d0f0b4e18892e3 |
|---|---|
| cites | cdi_FETCH-LOGICAL-c395t-23ef52a674170d5df737d68be17885172a1b51b8a2a5e239494d0f0b4e18892e3 |
| container_end_page | 539 |
| container_issue | 4 |
| container_start_page | 524 |
| container_title | Computers & security |
| container_volume | 31 |
| creator | Ayuso, Pablo Neira Gasca, Rafael M. Lefevre, Laurent |
| description | Nowadays, stateful firewalls are part of the critical infrastructure of the Internet. Basically, they help to protect network services and users against attackers by means of access control and protocol conformance checkings. However, stateful firewalls are problematic from the fault-tolerance perspective since they introduce a single point of failure in the network schema. In this work, we summarize and enhance our previous research efforts that aim to provide a full fault-tolerant solution for stateful firewalls. These efforts have focused on the design and the implementation of the cluster-based Fault-Tolerant stateful Firewall (FT-FW) architecture. We provide details on our proposed solution and we extensively evaluate important network performance and availability aspects that we did not cover so far. The evaluation experiments are based on our Free/OpenSource implementation that has become the most popular solution for Linux-based stateful firewalls.11This includes commercial firewall vendors that base their products on Linux and OpenSource software like Vyatta Inc. (http://www.vyatta.com), Astaro AG (http://www.astaro.com) and 6WIND S.A.R.L. (http://www.6wind.com). According to the information available in their websites, these vendors sell their products to SMEs, Fortune 50 companies and the public administration all over the world. |
| doi_str_mv | 10.1016/j.cose.2012.01.011 |
| format | article |
| fullrecord | <record><control><sourceid>proquest_hal_p</sourceid><recordid>TN_cdi_hal_primary_oai_HAL_hal_00766074v1</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><els_id>S0167404812000156</els_id><sourcerecordid>2657944081</sourcerecordid><originalsourceid>FETCH-LOGICAL-c395t-23ef52a674170d5df737d68be17885172a1b51b8a2a5e239494d0f0b4e18892e3</originalsourceid><addsrcrecordid>eNp90cFq3DAQAFBRUugm7Q_0ZOglOXg7I9mWHHJZQjcJLPSS0qOQ5RHxoqwSSU7J31dmSw85BAYEw5thNMPYV4Q1Anbf92sbEq05IF8DlsAPbIVK8rrjoE7YqiBZN9CoT-w0pT0Ayk6pFbvb3tfb35fVprJ-TpliPZhEY-XM7HOdg6doDrky0T5MmWyeI1UuxCplk8nNvnJTpD_G-_SZfXTGJ_ry7z1jv7Y_7q9v693Pm7vrza62om9zzQW5lptONihhbEcnhRw7NRBKpVqU3ODQ4qAMNy1x0Td9M4KDoSFUquckztjFse-D8fopTo8mvupgJn272eklByC7DmTzgsWeH-1TDM8zpawfp2TJe3OgMCeNIBRvhGhFod_e0H2Y46H8pCjkXIqeQ1H8qGwMKUVy_ydAWFyn93q5hF4uoQFLLFNcHYuorOVloqiTnehgaSy7s1mPYXqv_C_UOY6p</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1012273920</pqid></control><display><type>article</type><title>FT-FW: A cluster-based fault-tolerant architecture for stateful firewalls</title><source>Elsevier</source><creator>Ayuso, Pablo Neira ; Gasca, Rafael M. ; Lefevre, Laurent</creator><creatorcontrib>Ayuso, Pablo Neira ; Gasca, Rafael M. ; Lefevre, Laurent</creatorcontrib><description>Nowadays, stateful firewalls are part of the critical infrastructure of the Internet. Basically, they help to protect network services and users against attackers by means of access control and protocol conformance checkings. However, stateful firewalls are problematic from the fault-tolerance perspective since they introduce a single point of failure in the network schema. In this work, we summarize and enhance our previous research efforts that aim to provide a full fault-tolerant solution for stateful firewalls. These efforts have focused on the design and the implementation of the cluster-based Fault-Tolerant stateful Firewall (FT-FW) architecture. We provide details on our proposed solution and we extensively evaluate important network performance and availability aspects that we did not cover so far. The evaluation experiments are based on our Free/OpenSource implementation that has become the most popular solution for Linux-based stateful firewalls.11This includes commercial firewall vendors that base their products on Linux and OpenSource software like Vyatta Inc. (http://www.vyatta.com), Astaro AG (http://www.astaro.com) and 6WIND S.A.R.L. (http://www.6wind.com). According to the information available in their websites, these vendors sell their products to SMEs, Fortune 50 companies and the public administration all over the world.</description><identifier>ISSN: 0167-4048</identifier><identifier>EISSN: 1872-6208</identifier><identifier>DOI: 10.1016/j.cose.2012.01.011</identifier><identifier>CODEN: CPSEDU</identifier><language>eng</language><publisher>Amsterdam: Elsevier Ltd</publisher><subject>Access control ; Architecture ; Clusters ; Computer architecture ; Computer networks ; Computer Science ; Computer security ; Failure ; Fault tolerance ; Firewalls ; Internet ; Mathematical models ; Networking and Internet Architecture ; Networks ; Service introduction ; Stateful firewall ; Studies</subject><ispartof>Computers & security, 2012-06, Vol.31 (4), p.524-539</ispartof><rights>2012 Elsevier Ltd</rights><rights>Copyright Elsevier Sequoia S.A. Jun 2012</rights><rights>Distributed under a Creative Commons Attribution 4.0 International License</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c395t-23ef52a674170d5df737d68be17885172a1b51b8a2a5e239494d0f0b4e18892e3</citedby><cites>FETCH-LOGICAL-c395t-23ef52a674170d5df737d68be17885172a1b51b8a2a5e239494d0f0b4e18892e3</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>230,314,780,784,885,27924,27925</link.rule.ids><backlink>$$Uhttps://inria.hal.science/hal-00766074$$DView record in HAL$$Hfree_for_read</backlink></links><search><creatorcontrib>Ayuso, Pablo Neira</creatorcontrib><creatorcontrib>Gasca, Rafael M.</creatorcontrib><creatorcontrib>Lefevre, Laurent</creatorcontrib><title>FT-FW: A cluster-based fault-tolerant architecture for stateful firewalls</title><title>Computers & security</title><description>Nowadays, stateful firewalls are part of the critical infrastructure of the Internet. Basically, they help to protect network services and users against attackers by means of access control and protocol conformance checkings. However, stateful firewalls are problematic from the fault-tolerance perspective since they introduce a single point of failure in the network schema. In this work, we summarize and enhance our previous research efforts that aim to provide a full fault-tolerant solution for stateful firewalls. These efforts have focused on the design and the implementation of the cluster-based Fault-Tolerant stateful Firewall (FT-FW) architecture. We provide details on our proposed solution and we extensively evaluate important network performance and availability aspects that we did not cover so far. The evaluation experiments are based on our Free/OpenSource implementation that has become the most popular solution for Linux-based stateful firewalls.11This includes commercial firewall vendors that base their products on Linux and OpenSource software like Vyatta Inc. (http://www.vyatta.com), Astaro AG (http://www.astaro.com) and 6WIND S.A.R.L. (http://www.6wind.com). According to the information available in their websites, these vendors sell their products to SMEs, Fortune 50 companies and the public administration all over the world.</description><subject>Access control</subject><subject>Architecture</subject><subject>Clusters</subject><subject>Computer architecture</subject><subject>Computer networks</subject><subject>Computer Science</subject><subject>Computer security</subject><subject>Failure</subject><subject>Fault tolerance</subject><subject>Firewalls</subject><subject>Internet</subject><subject>Mathematical models</subject><subject>Networking and Internet Architecture</subject><subject>Networks</subject><subject>Service introduction</subject><subject>Stateful firewall</subject><subject>Studies</subject><issn>0167-4048</issn><issn>1872-6208</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2012</creationdate><recordtype>article</recordtype><recordid>eNp90cFq3DAQAFBRUugm7Q_0ZOglOXg7I9mWHHJZQjcJLPSS0qOQ5RHxoqwSSU7J31dmSw85BAYEw5thNMPYV4Q1Anbf92sbEq05IF8DlsAPbIVK8rrjoE7YqiBZN9CoT-w0pT0Ayk6pFbvb3tfb35fVprJ-TpliPZhEY-XM7HOdg6doDrky0T5MmWyeI1UuxCplk8nNvnJTpD_G-_SZfXTGJ_ry7z1jv7Y_7q9v693Pm7vrza62om9zzQW5lptONihhbEcnhRw7NRBKpVqU3ODQ4qAMNy1x0Td9M4KDoSFUquckztjFse-D8fopTo8mvupgJn272eklByC7DmTzgsWeH-1TDM8zpawfp2TJe3OgMCeNIBRvhGhFod_e0H2Y46H8pCjkXIqeQ1H8qGwMKUVy_ydAWFyn93q5hF4uoQFLLFNcHYuorOVloqiTnehgaSy7s1mPYXqv_C_UOY6p</recordid><startdate>20120601</startdate><enddate>20120601</enddate><creator>Ayuso, Pablo Neira</creator><creator>Gasca, Rafael M.</creator><creator>Lefevre, Laurent</creator><general>Elsevier Ltd</general><general>Elsevier Sequoia S.A</general><general>Elsevier</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>JQ2</scope><scope>K7.</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>1XC</scope></search><sort><creationdate>20120601</creationdate><title>FT-FW: A cluster-based fault-tolerant architecture for stateful firewalls</title><author>Ayuso, Pablo Neira ; Gasca, Rafael M. ; Lefevre, Laurent</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c395t-23ef52a674170d5df737d68be17885172a1b51b8a2a5e239494d0f0b4e18892e3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2012</creationdate><topic>Access control</topic><topic>Architecture</topic><topic>Clusters</topic><topic>Computer architecture</topic><topic>Computer networks</topic><topic>Computer Science</topic><topic>Computer security</topic><topic>Failure</topic><topic>Fault tolerance</topic><topic>Firewalls</topic><topic>Internet</topic><topic>Mathematical models</topic><topic>Networking and Internet Architecture</topic><topic>Networks</topic><topic>Service introduction</topic><topic>Stateful firewall</topic><topic>Studies</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Ayuso, Pablo Neira</creatorcontrib><creatorcontrib>Gasca, Rafael M.</creatorcontrib><creatorcontrib>Lefevre, Laurent</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>ProQuest Criminal Justice (Alumni)</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>Hyper Article en Ligne (HAL)</collection><jtitle>Computers & security</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Ayuso, Pablo Neira</au><au>Gasca, Rafael M.</au><au>Lefevre, Laurent</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>FT-FW: A cluster-based fault-tolerant architecture for stateful firewalls</atitle><jtitle>Computers & security</jtitle><date>2012-06-01</date><risdate>2012</risdate><volume>31</volume><issue>4</issue><spage>524</spage><epage>539</epage><pages>524-539</pages><issn>0167-4048</issn><eissn>1872-6208</eissn><coden>CPSEDU</coden><abstract>Nowadays, stateful firewalls are part of the critical infrastructure of the Internet. Basically, they help to protect network services and users against attackers by means of access control and protocol conformance checkings. However, stateful firewalls are problematic from the fault-tolerance perspective since they introduce a single point of failure in the network schema. In this work, we summarize and enhance our previous research efforts that aim to provide a full fault-tolerant solution for stateful firewalls. These efforts have focused on the design and the implementation of the cluster-based Fault-Tolerant stateful Firewall (FT-FW) architecture. We provide details on our proposed solution and we extensively evaluate important network performance and availability aspects that we did not cover so far. The evaluation experiments are based on our Free/OpenSource implementation that has become the most popular solution for Linux-based stateful firewalls.11This includes commercial firewall vendors that base their products on Linux and OpenSource software like Vyatta Inc. (http://www.vyatta.com), Astaro AG (http://www.astaro.com) and 6WIND S.A.R.L. (http://www.6wind.com). According to the information available in their websites, these vendors sell their products to SMEs, Fortune 50 companies and the public administration all over the world.</abstract><cop>Amsterdam</cop><pub>Elsevier Ltd</pub><doi>10.1016/j.cose.2012.01.011</doi><tpages>16</tpages></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 0167-4048 |
| ispartof | Computers & security, 2012-06, Vol.31 (4), p.524-539 |
| issn | 0167-4048 1872-6208 |
| language | eng |
| recordid | cdi_hal_primary_oai_HAL_hal_00766074v1 |
| source | Elsevier |
| subjects | Access control Architecture Clusters Computer architecture Computer networks Computer Science Computer security Failure Fault tolerance Firewalls Internet Mathematical models Networking and Internet Architecture Networks Service introduction Stateful firewall Studies |
| title | FT-FW: A cluster-based fault-tolerant architecture for stateful firewalls |
| url | http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-04T08%3A57%3A10IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_hal_p&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=FT-FW:%20A%20cluster-based%20fault-tolerant%20architecture%20for%20stateful%20firewalls&rft.jtitle=Computers%20&%20security&rft.au=Ayuso,%20Pablo%20Neira&rft.date=2012-06-01&rft.volume=31&rft.issue=4&rft.spage=524&rft.epage=539&rft.pages=524-539&rft.issn=0167-4048&rft.eissn=1872-6208&rft.coden=CPSEDU&rft_id=info:doi/10.1016/j.cose.2012.01.011&rft_dat=%3Cproquest_hal_p%3E2657944081%3C/proquest_hal_p%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c395t-23ef52a674170d5df737d68be17885172a1b51b8a2a5e239494d0f0b4e18892e3%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=1012273920&rft_id=info:pmid/&rfr_iscdi=true |