A distributed firewall is a software system used to protect networked computers from unauthorized access and potential installation of malicious software. This is somewhat similar to a traditional or perimeter firewall, but rather than establishing topography for access and trust in a network, it gives individual systems protection. A distributed firewall essentially works through software that is “distributed” to each computer on a network, which then communicates with a central control system. Approval for access to users or different network ports is then issued on an individual basis to each computer and user, rather than to the network as a whole.
The basic idea behind a distributed firewall is for a system to have protection at each client or computer on a network. A traditional firewall system, sometimes called a perimeter firewall, functions by providing protection for an entire network at a router or modem level. For example, if there are five computers on a network, which are all connected to a router that provides them with Internet access, then the router is likely to have the primary firewall for that network.
Everything within the “wall” of the router, the five computers, is considered safe and trusted. Those computers or systems outside of this “wall” are considered unsafe, and not inherently trusted. This is called topography, as it creates an “inside” and “outside” which are safe and unsafe zones.
In contrast to this, a distributed firewall functions on an individual level without establishing any kind of topography for the network. Each computer has software on it that functions as a firewall, which has been “distributed” throughout the network rather than isolated on a single system. A central controller for this distributed firewall is then established on one terminal, typically the one used for system administration.
Permissions for access controls and port connections then go through each individual computer, which pulls a request from the control system. A distributed firewall uses a system of “policies” that identify the users and ports that can be connected to by a system. These policies are maintained at the administrator computer, and sent to the other systems to indicate what files or ports on a network are safe or trusted. This gives each computer on a network individual security from an attack, even from one that may come from within the network and the perimeter firewall.
Networks should typically use both a perimeter and distributed firewall to ensure optimal security. The perimeter allows for more widespread control over a system and deflects a wide range of potential attacks. Use of a distributed firewall, however, gives additional security and allows for protection from more precise and targeted attacks.