Self-adaptative Distributed Firewall (SADF)
distributed firewall. self-adaptive. network security. software vulnerability.
The border firewall exercises a fundamental role for corporative network security, acting as
the first defense barrier. However, distributed firewall systems emerged with the proposal
to provide protection to individual hosts in a structured and distributed way. In these
systems, the rules are created centrally and then distributed and enforced on all the
servers that compose the firewall. Unfortunately, vulnerabilities in software can make
network services susceptible to attacks, since firewalls usually do not analyze application
protocols. Vulnerable services are the gateway to criminals, their exploitation can bring
many implications, such as information leakage and services unavailability. Sometimes
the hacked server remains idle until it receives remote commands, and may be part of a
zombie network that is responsible for DDoS attacks. From the vulnerability discovery
until the application of patches there is an exposure window that should be reduced. In
this context, this work presents an architecture for distributed firewall systems, in which a
vulnerability assessment system is integrated to provide a self-adaptive mechanism capable
of detecting vulnerabilities and performing actions to reduce the exposure, contributing to
mitigate the risk of vulnerability exploitation.