How to push your security to the network

The conventional firewall sits between the trusted (internal) and the untrusted (Internet) networks, where it filters inbound and outbound traffic to provide safe access to and from the Internet.

But ubiquitous network access from inside and outside companies has necessitated an additional type of firewall -the host-resident firewall. Host-resident firewalls include personal firewalls for remote users, firewall agents for workstations and application-server resident firewalls.

A multitude of host-resident firewalls when centrally configured and managed is called a distributed host-resident firewall.

Like conventional firewalls, host-resident firewalls work by restricting traffic through the implementation of access control rules. They also add, in some implementations, host-resident intrusion detection and prevention. Access control rules are used to determine what type of traffic is allowed for which destinations, and when. In the case of personal firewalls, implementing the rules can be as simple as declaring a security level of high, medium or low.

In the case of server-resident firewalls and workstation firewall agents, access is typically much more granular than with personal firewalls. The granularity enables the implementation of specific corporate security policies that are typically defined to the protocol level, and lets network administrators see precisely what rules are being implemented.

Conventional firewalls rely on topology to work. They restrict traffic at a specific point in order to control and examine everything coming in and going out. In an active e-business environment, this can result in a bottleneck. Server-resident firewalls, on the other hand, distribute firewall security across multiple processors, providing virtually unlimited scalability. At the same time, they eliminate the single point of failure presented by the conventional perimeter firewall.

Distributed firewalls provide central policy definition and security monitoring. Policy definition should typically include the ability to push policy to hundreds or thousands of end users’ hosts or application servers and to have the firewall agent work as a background service. Security monitoring typically includes log aggregation and analysis, firewall statistics and fine-grained remote monitoring of individual hosts, if needed.

Server-resident firewalls are a subset of centrally managed, distributed firewalls. They let ASPs, ISPs and companies with large server farms secure their critical servers. Although host-resident firewalls incur some CPU loading, the workload is distributed across members of a server farm, minimizing performance impact – an important feature in an e-business environment. Host-resident firewalls provide security against users with “insider access” and allow host-specific security configurations.

Host-resident firewalls harden infrastructure servers against attacks, compensating for the inherent security weaknesses of all network operating systems.

Information and application servers can be hidden from unwanted user access by silently dropping incoming connection attempts. File, Web, mail and database servers can be run in this stealth mode. If a server can’t be seen, it can’t be attacked.

The most common use for host-resident firewalls is to secure Internet servers. Servers thus hardened can be deployed behind a perimeter firewall or in front of it. A company may opt for a second layer of firewalling on Web servers behind the perimeter firewall due to the sensitive nature of the information they contain (credit card numbers, medical histories and the like).

However, in environments where performance is paramount, you may decide to harden Web servers and deploy them as Internet-facing “bastion” hosts. Simple Mail Transfer Protocol, HTTP and FTP servers can be secured in this way. In ASP/ISP environments, entire server farms can be protected without a perimeter firewall.

Conventional firewalls are only involved with traffic at the network perimeter. An important advantage of host-resident firewalls is that they filter internetwork traffic regardless of its origin.

Fogel is president and CEO of Network-1 Security Solutions. He can be reached at [email protected].

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Previous article
Next article

Featured Articles

Empowering the hybrid workforce: how technology can build a better employee experience

Across the country, employees from organizations of all sizes expect flexibility...

What’s behind the best customer experience: How to make it real for your business

The best customer experience – the kind that builds businesses and...

Overcoming the obstacles to optimized operations

Network-driven optimization is a top priority for many Canadian business leaders...

Thriving amid Canada’s tech talent shortage

With today’s tight labour market, rising customer demands, fast-evolving cyber threats...

Staying protected and compliant in an evolving IT landscape

Canadian businesses have changed remarkably and quickly over the last few...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now