Virtual Firewall Evaluation System (VFES) in a Private Cloud

Seref, S. (2012). Virtual Firewall Evaluation System (VFES) in a Private Cloud (MSc ASDF Dissertation). Edinburgh Napier University (Macfarlane, R., Buchanan, W.).



Cloud computing has been growing rapidly. Cloud based technologies and solutions are being implemented and used by many organizations, businesses and individuals. The new paradigm of cloud computing delivers internet based and scalable services to its consumers. The development of cloud computing services mainly depends on the foundations of virtualization. Virtual computing improves the utilization of hardware resources and cloud computing is the way of presenting this service to the public. However, the shift into cloud applications and services are bringing new issues and unknown risks as well. According to researchers and surveys, security is at the top of the known issues of cloud computing (Ramgovind, Eloff, & Smith, 2010). In order to provide security in cloud systems, the development and implementation of virtualized security solutions will become a major study area in the near future.

The rising demand and interest in cloud based services has caused the emergence of virtual threats. In order to provide security in virtual platforms, one of the important components used against the mitigation of virtual threats is the virtual firewalls. This thesis investigates the security issues in the infrastructure layer of cloud computing model, because it forms the foundation of cloud and the lack of security at this layer affects the whole systems built on top. From these issues, the real focus of this study is the evaluation of virtual firewalls in a cloud environment. In order to identify the strengths and weaknesses of virtual firewalls, a systematic literature review has been conducted and a design of an evaluation system has been proposed which will provide the cloud environment, virtual network conditions and the generation of realistic traffic. Using the evaluation methodologies reviewed in literature, a private cloud platform has been designed with VMware ESXi to accommodate the virtual fire all for the protection of internal virtual network. The implementation process includes realistic experiments which are performed by using various tools. During the implementation of experiments, physical firewall evaluation metrics are used since there seems to be no standardized methodology exists for virtual firewalls.

Finally, the conclusions were drawn from the results obtained through experiments outline the performance of virtual firewall by revealing various strengths and weaknesses. Vyatta security virtual appliance was used in the virtual platform. Between the obtained results, throughput and latency experiments showed the negative impact of filtering rule size on the network performances. However, the request/response test produced high transaction rates. There were also limitations during the implementations. The most important one was the number of filtering rule size where the maximum supported number could not be achieved. In general, the system worked according to the design plan and managed to measure performances. The results shows that more work should be done in order to evaluate virtual firewall appliances by means of the standardization and the development of metrics and methodologies for virtual firewalls.
[Read More]


Areas of Expertise

Electronic information now plays a vital role in almost every aspect of our daily lives. So the need for a secure and trustworthy online infrastructure is more important than ever. without it, not only the growth of the internet but our personal interactions and the economy itself could be at risk.

Associated Projects