Information Technology Reference
In-Depth Information
FIGUREĀ 11.2
Illustration of a secure IP tunnel in a virtual private network
Remote
location
Internal company
network
Secure IP tunnel
Internet
Firewalls for cloud computing need to keep up with its demanding nature. Compared to
traditional firewalls, cloud firewalls need to have the ability to scale, should have redundant
network connections, and should be connected to alternate standby power sources and be
more robust.
Firewalls can be broken down into two main categories:
Stateful Packet Filtering
This type of firewall analyzes both inbound and outbound traffic
based on the given rule set.
Stateful
means that the firewall keeps track of the session state.
This in turn makes sure that the only packets that enter the internal (protected) network
are those that were requested from a machine residing inside the network.
Stateless Packet Filtering
Just like the stateful firewall, the stateless packet filtering
firewall analyzes incoming traffic and decides whether to allow or deny access to the
internal network based on the given rule set.
Stateless
means that the session state is not
maintained, thus enabling the firewall to block particular types of incoming connections
completely. This is especially important if a rule set is to be implemented for a system that
should not be accessible via certain protocols and does not offer connections for certain
services. These include blocking HTTP (port 80 or 8080) to disable web access, blocking
FTP/SFTP (port 21) to disable file transfer service, and blocking SSH connections (port 23)
to disable Secure Shell access.
So far we have discussed only hardware-based firewalls. As noted earlier, firewalls can
also be software based. A common software-based firewall is called a virtual firewall, and
it is designed to protect virtual hosts. There are two modes in which a virtual firewall can
operate: bridged and hypervisor.
Bridged
The bridged firewall is deployed just as a traditional firewall would be, that is,
within the network infrastructure.
Hypervisor
In hypervisor mode, the virtual firewall resides only within the hypervisor
environment and thus only monitors the traffic to and from the virtual machine. FigureĀ 11.3
shows a virtual firewall setup.
Apart from different kinds of firewalls, there are systems used for hardening security in
the internal network.
Search WWH ::
Custom Search