Abstract
The FIEP is a mechanism that enables firewalls to communicate with each other’s firewalls and form firewall groups in a network. The information the firewalls communicate with each other would improve their ability to detect any attack and thus protects the network from attack. The FIEP also improves the ability to adapt to changes in the network, informing other firewalls when there is an attack, it also informs about an update in the access control rules in the firewalls in a secure way. Besides this, the FIEP keeps all the firewalls in the group informed about the activity going on in the group such as messaging the entire group about a new firewall joining in or moving away from the group etc. This improves the ability to detect any attack in a more efficient way. In the current scenario, there is no protocol that enables firewalls to communicate with each other and exchange information. Until recently, not much thought was given to the need for firewalls to talk to each other; firewalled network is isolated from the rest of the network and considered to be secure. But that is not true firewalled network is safe but not totally secure it is prone to distributed attacks. To overcome this drawback, I propose the FIEP, using which firewalls can talk to each other and exchange information. The FIEP is like the Border Gateway Protocol (BGP) which enables routers to exchange routing information and keeps them updated. Similarly, FIEP will enable the firewalls to update firewall rules, form groups and alert the other firewall in the network about attacks, this method will improve the security and increase the robustness of the network. The Goal of this project is to create an initial design of the FIEP which specifies how the firewalls interact with each other and how they can be formed into groups. In version 1 of FIEP, I intend to show the detailed steps involved in communication with other firewalls, for example what type of connection is required, TCP or UDP, how these connections should be established, its requirements and what information will be exchanged e.g. access control rules and establishing a group such as having a lead firewall which will maintain the group information etc. To design FIEP an example network with firewalls in it will be designed first and this example network will be used throughout the project and to finally aid in designing the FIEP. The project will also show current best practices in firewall deployment. The FIEP will be a breakthrough in not just the Network Security domain but will also pave the way for firewall communications. Future and extensive study in this regard can help improve the current problems that the networks face.