Centralized application-context aware firewall
ABSTARCT :
Description: Develop an application firewall for end-points that can identity and restrict access of application to external network/hosts. The application firewall should provide further granular control of restricting domains, IP addresses and protocols for each application.
The firewall should be manageable through a centralized web console where policies for each end-point and application can be centrally deployed. Firewall agent should also be able to monitor network usage behaviour of each application and generate alerts on central dashboard for any traffic anomaly using AI/ML.
Challenge: Applying separate firewall policies for each application running on the end-point and managing them through a central web console.
Usage: End-point security, network security Users: Cyber security teams Available Solutions (if Yes, reasons for not using them): Individual components are available Desired Outcome: The solution should provide following components: 1. Solution should identify the domains and protocols that any application is trying to access.
Context-aware application firewall agent that shall manage firewall policies for each application running on end-point. The agent shall also collect network usage logs of each application and send it to central server.
3. Central web management console that shall be able to manage all end-points and applications 4. Solution should work for Windows end-points. Bonus points for Linux 5. Solution should also detect abnormal network behaviour of applications
EXISTING SYSTEM :
There is a great number of works that deal with contextawareness in pervasive and mobile applications ([3],[4],[8]- [12], [14], [15]). The majority deals with utilizing contextual information about the users and their environment and utilizing the latter to adapt the content that is to presented or exchanged between the devices and remote services ([8], [9]).
Appropriate selection of the available content resources can be also performed ([15]). To our best knowledge there is no complete framework that allows users to build end-to-end context-aware applications for mobile devices. Regarding commercial or open source frameworks for Cloud-based deployment of Internet of Things applications and services, there is also a number of platforms available.
Xively [25], Nimbits [28] ThingSpeak [26], Evrythng [29] and iDigi [27] are a few that could be mentioned. Xively has been one of the first on-line database service providers that allow developers to connect sensor data to the Web.
Nimbits is a data processing service you can use to record and share sensor data on the cloud. It is a free, social and open source platform for the Internet of Things based on Google App Engine.
DISADVANTAGE :
Single Point of Failure: If the centralized firewall fails, it can disrupt the entire network’s security posture. Redundancy and high availability measures are necessary but can add complexity and cost.
Performance Bottlenecks: A centralized firewall may become a bottleneck if it’s handling a large volume of traffic. This can lead to latency issues or reduced network performance if not properly scaled.
Scalability Challenges: As the network grows, scaling a centralized solution to handle increased traffic and more complex security policies can be difficult and costly.
Complex Configuration and Management: Managing and configuring a centralized application-context aware firewall can be complex, particularly in large or dynamic environments. This complexity can increase the risk of misconfigurations, which can lead to security vulnerabilities or operational issues.
PROPOSED SYSTEM :
The logical architecture of the COMPOSE platform is depicted in Fig. 1. The main components of the framework are the COMPOSE Marketplace, the Run-Time engine and the Ingestion layer consisting of Smart Objects and services. The COMPOSE marketplace implements a ServiceOriented Architecture, where any resource is provided and consumed in the form of a service.
An Object is then elicited to a service object when it becomes accessible through a network connection. While an object would be the sensing device monitoring the status of a house, for example, its corresponding service object is the abstraction of a given feature provided, such as data on the temperature inside the house.
Service objects will comply to the COMPOSE standardized interfaces, and will be potentially running the COMPOSE runtime environment in order to be (i) accessed from the Marketplace for gathering information (ii) actuated (iii) dynamically reprogrammed at run-time. Different interfaces will be defined in order to address objects heterogeneity.
Service objects can be stand-alone or composite. Composite service objects are the aggregation or composition of simple ones. For example, the house service object is the aggregation of various objects providing information on temperature, presence, light, sound, and more.
Composite service objects can provide information obtained from the aggregation of multiple data flows coming from different stand-alone service objects.
ADVANTAGE :
Comprehensive Visibility and Control: These firewalls provide deep visibility into application traffic, allowing for precise control over which applications and services can communicate across the network. This granular control helps prevent unauthorized access and mitigate application-layer attacks.
Enhanced Security: By understanding and inspecting traffic at the application level, centralized firewalls can identify and block sophisticated threats that might bypass traditional, port-based firewalls. They can recognize and manage application-specific vulnerabilities and enforce security policies more effectively.
Simplified Policy Management: Centralizing security policies in one place makes it easier to create, deploy, and manage rules across the entire network. This can lead to more consistent enforcement and simpler policy updates.
Efficient Resource Use: Centralized firewalls can optimize resource utilization by applying security policies and performing traffic inspection in a single location, rather than distributing these tasks across multiple devices.
|