Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Concept or Reality
Denise Mangold
Department of Electrical and Computer Engineering
Villanova University College of Engineering
Villanova PA 19085
Abstract The computer industry must always evolve in the areas
of infrastructure and security. There is a growing need for
virtualization in the point of presence and datacenters. The desire to
reduce capital, environmental and operational cost by purchasing
fewer chassis and less power consumption has led to a growing push
toward virtualization, while this push makes economical sense
security must also be priority in decision making. The Halon security
router is a network operating system and software distribution based
on Open BSB, which provides a UNIX root shell. Halon claims to be
secure by design because of the OpenSource sandbox user interfaces
with backend API as the sole area of exposure. Traditional routers
have been hardware based Halon can be hardware based but also
offers a virtual security router. I investigated the ease of use, security
from the UNIX backend as well as the Web front end and web
features of the Halon security router from within a Virtual machine,
Oracles Virtual box was used to install Halon.
I. INTRODUCTION
The next generation of routers is increasingly becoming
virtual appliances. A number of vendors already have virtual
appliances on the market, Cisco has the Cisco Cloud Services
Router, Palo Alto has a PAN-OS, both companies offer an
impressive suite of tools such as malware blocking, virus
protection, spyware protection, data filtering, deep packet
inspection capabilities and promises of vulnerability detection.
To fully get an understanding of the functionality, security and
performance of a virtual appliance I built a virtual router from a
vendor that allowed a fully functional trial evaluation.
The Halon security router (SR) is a network and software
distribution based off the OpenBSD Operating system, the SR
uses a single revision managed, clear-text configuration file
that atomic commits meaning there is never a need for a reboot
even for rollbacks of changes, this is important for production
environments due to the cost of downtime. The SR also has
built in clustering meaning if one system fails there is no
downtime; this is if clustering is configured. Clustering was
not tested in the VM due to the fact reliable results could not be
obtained at this time. The SR also has a fully featured load
balancer (up to layer 7, with SSL acceleration)
The main requirement for deploying a virtual router is that
the router operation should not deteriorate as a result of
implementing a virtualized solution, this includes performance
as well as security.
The system being evaluated as a virtual secure router is a
mix of open system scripts, patches, and closed backend source
Disconnecting:Toomanyauthentication
failuresforroot[preauth]Oct15
01:00:09srsshd[9101]:Failedpassword
forrootfrom61.174.51.224port38444
ssh2Oct1501:00:11srsshd[9101]:Failed
passwordforrootfrom61.174.51.224port
38444ssh2Oct1501:00:12srsshd[28514]:
Failedpasswordforrootfrom
61.174.51.224port30879ssh2Oct15
01:00:14srsshd[9101]:Failedpassword
forrootfrom61.174.51.224port38444
ssh2Oct1501:00:15srsshd[9101]:Failed
passwordforrootfrom61.174.51.224port
38444ssh2Oct1501:00:15srsshd[9101]:
Disconnecting:Toomanyauthentication
failuresforroot[preauth]Oct15
01:00:19srsshd[17927]:Failed