Graduation Term

2015

Degree Name

Master of Science (MS)

Department

School of Information Technology: Information Systems

Committee Chair

Yongning Tang

Committee Member

Douglas Twitchell

Abstract

This study is concerned with migrating traditional networks and their inherent firewall architecture to Software Defined Networking (SDN) architecture to provide an initial attempt at preventing application downtime due to hidden firewall domain rules. In legacy organization environments the networking engineers, firewall teams, and application analysts are often silo groups, but Software Defined Networking (SDN) can blur the lines between these group silos.

This thesis first outlines the interworking of SDN, traditional firewall architecture and how it interacts with SDN, an experiment of implementation, and the resulting conclusions.

Testing with SDN shows we are approaching new environments where the edges of network are no longer dominated by firmware on switches and routers. The technologies behind SDN allow for the programmability of the entire network, which creates a logical flow of both network traffic and firewall policies that allow us to bypass traditional errors that may arise from physically segmented networks.

The physical and logical level network programming inherent in SDN allows organizations to merge and adapt skill sets of networking engineer and application developers to reduce the risk and reliance on firewall expertise.

Utilizing OpenFlow protocols and flow table concepts presented in SDN we can propagate firewall rules centrally and logically, which provides end-to-end traffic with firewall rules in our network. Using these concepts reduces the traditional firewall complexity for organizations. In this study we present a paper prototype that demonstrates that we may add in firewall rules to a centralized instance allowing our SDN controllers to provide firewall protection throughout the entire network instead of isolated risk domains or tiers. In the prototype application developers are prevented from calling incorrect ports and possibly missing hidden local firewalls not previously known. The approach described in this paper is based on a case study of several large American firms.

Access Type

Thesis-Open Access

DOI

http://doi.org/10.30707/ETD2015.Vogel.J

Share

COinS