A secure Web-based global management system for firewall/VPN devices

Abstract

A firewall is a security device placed between a private network and a public network such as the Internet. It is designed to protect the private network resources from unauthorized user access. Today, various firewalls are widely used in many places (e.g., Internet data centers, company headquarters, branch office, telecommuters' homes). What is desperately needed is a management system that can easily configure, monitor and manage multisite deployed firewalls from a central location. For flexibility, such a management system must be divided into components and needs to use an open management protocol, such as the Simple Network Management Protocol (SNMP). Yet the SNMP has a security defect. Further, the proposed standard Management Information Base (MIB) for firewalls is insufficient for supporting centralized global management of a lot of firewall devices. In this paper, we present the design and implementation of a secure Web and SNMP-based global firewall management system. We have focused on two aspects: 1) extending the existing proposed standard MIB to support the configuration and monitoring of hundreds or thousands of firewall and VPN devices; 2) providing secure communication among global manager system components in order to provide secure firewall management. We also present our work on developing our firewall global manager (FGM) on commercial firewal/VPN devices.