Summary: | A fundamental feature in current network security architectures is the monolithic firewall. This thesis presents an alternative design, consisting of a cluster of small firewall nodes, that offers better economy, scalability, failure recovery and potentially, greatly increased processing power. These improvements allow the use of computationally expensive firewalling and IDS techniques to offer effective protection against all types of network attack. Also presented are techniques for developing fault-tolerant proxy applications, maintaining connections in spite of node failures, and a novel load balancing design. Generic Load Balancing (GLOB) uses per-node filtering to distribute network load transparently in a cluster without any single points of failure. This thesis also presents evaluations of prototype implementations of these techniques
|