The stateful cluster security gateway (CSG) architecture for robust switched Linux cluster security

Authors:
Visham Ramsurrun;K. M. S. Soyjaudah
Affiliations:
University of Mauritius, Reduit, Mauritius;University of Mauritius, Reduit, Mauritius
Venue:
AISC '09 Proceedings of the Seventh Australasian Conference on Information Security - Volume 98
Year:
2009

Citing 9
Cited 0

Load Balancing Servers, Firewalls, and Caches

Load Balancing Servers, Firewalls, and Caches
Modern Operating Systems

Modern Operating Systems
Intranet Security with Micro-Firewalls and Mobile Agents for Proactive Intrusion Response

ICCNMC '01 Proceedings of the 2001 International Conference on Computer Networks and Mobile Computing (ICCNMC'01)
Micro-Firewalls for Dynamic Network Security with Distributed Intrusion Detection

NCA '01 Proceedings of the IEEE International Symposium on Network Computing and Applications (NCA'01)
Classification of Load Distribution Algorithms

PDP '96 Proceedings of the 4th Euromicro Workshop on Parallel and Distributed Processing (PDP '96)
UNIX Network Programming, Vol. 1

UNIX Network Programming, Vol. 1
Barbarians in the Gate: An Experimental Validation of NIC-based Distributed Firewall Performance and Flood Tolerance

DSN '06 Proceedings of the International Conference on Dependable Systems and Networks
Transparent network security policy enforcement

ATEC '00 Proceedings of the annual conference on USENIX Annual Technical Conference
Ccent/ccna icnd1 official exam certification guide (ccent exam 640-822 and ccna exam 640-802), second edition

Ccent/ccna icnd1 official exam certification guide (ccent exam 640-822 and ccna exam 640-802), second edition

Quantified Score

Hi-index	0.00

Visualization

Abstract

This work presents a new cluster security model for securing switched Linux clusters. The stateful CSG improves upon the stateless CSG in the sense that it supports stateful firewalling, provides high availability, greater scalability and load balancing capability. This model combines various mechanisms like distributed sender-initiated Layer 2 per-packet firewall load balancing, firewall state synchronization, failover, MAC address takeover, Network Access Control using switch MAC ACLs and port security, and Layer 2 and Layer 3 packet filtering in order to provide robust, scalable and reliable cluster-level security. Experimental results of performance not only give an idea of the effectiveness of the new scheme at boosting firewall performance and reliability, but also at improving network performance and security. In addition, the response of the new scheme in the face of threats is assessed qualitatively and its salient characteristics like tamper resistance, anti-spoofing, anti-sniffing and low end-user host processing strain, are highlighted.