Protection of organization assets and data is the primary concern of businesses. With the advent of new technologies and mass deployment over private and public clouds also raised multiple concerns on data security and safety. Cyber attacks are on rise and organizations need security solutions which help to protect enterprise network servers and end user systems from unwanted malicious intrusions.
Usually firewalls are deployed on enterprise entry points / gateways to filter incoming / outgoing traffic – large enterprises have multiple such firewalls deployed at several entry points centralized management and monitoring of all firewalls also become quite a challenging task.
Today we will learn about one such product ‘Dog’ which is a distributed firewall management system to watch over or act as Network guard dog. We will learn about its capabilities and why it is used.
Dog : Distributed Firewall Management
‘Dog’ is a distributed firewall administration program which acts as a Network guard dog. Ideally suited for environments where consistent network access guidelines need to be set up for a bunch+ of servers in more than one zone or with multiple suppliers. If there is a need of in-depth protection beyond firewalls and restricting selection of connections and bandwidth utilization.
It is supported on cloud instances – AWS EC2, Google cloud and Microsoft Azure.
Features of ‘Dog’
- Centralized management of bunch+ of per server iptables firewalls
- Interoperability across cloud and on premises both
- Adaptable to dynamic IP Address changes
- Widely supported Blacklists/whitelists with thousands of addresses
- Reactive web interface
- External integrations via APIs
- Integration with network vulnerability scanner ‘Flan Scan’
- Supports targeted disposition (ACCEPT or DROP)
- Indicators to highlight if servers fail to keep in touch or firewalls rules are modified out of doors of dog
- Federated collectively multiple dog trainers to allow sharing of addresses and allows dog trainer to trust its security guidelines
How ‘Dog’ Works distributed firewall management?
Components of ‘Dog’ are as under :
Dog_trainer – is a central server configured and maintained to have watch over dog brokers. Multiple Dog_trainers can be federated collectively to allow sharing of broker’s addresses while allowing every Dog_trainer to trust its trust security guidelines. It stores hashes of Iptables and ipsets to send to brokers. Brokers send their trust generated hashes to Dog_trainer via scheduled check-in. They send alerts when brokers fail to keep in touch over time.
Dog agents are deployed to manage servers. Dog brokers maintain watch over the server Iptables firewalls.
Dog_park is a browser-specific person interface for Dog_trainer. Dog brokers keep in touch with Dog_trainer over RabbitMQ queues.
Dog_trainer configuration is stored in RethinkDB database
Dog_park communicates with Dog_trainer via a RESTful API , ready for integrations