Perth, Western Australia - 6th to 10th January 2014
Today's device orientated world provides some real challenges in accurately identifying and tracking devices on your network. From smartphones to tablets you don't always know for sure who is on your network.
My presentation demonstrates a new approach to firewalls; by hooking directly into the Linux kernel packet stream we are able to produce advanced analytical data and start to manipulate packets in ways which are impossible with standard open source firewalls. The approach we demonstrate provides all firewall features based on user grouping.
When this type of firewall is combined with a LDAP or directory server; rules can be applied to the user upon authentication with the firewall application. The flexibility of treating your network activity by user allows all packets to be monitored, limited or manipulated based on the user or the user's pre-defined group. Your user's device essentially becomes irrelevant in terms of network activity and usage.
Combine these features with an IDS and you can even start to manage your user's networking based on event driven rules.
With a user driven approach to your firewall you can eliminate the need for VLANs and proxy servers, and really start to protect your network without the management overhead of traditional firewall/proxy applications.
The product we develop is called Sphirewall; a GPL licensed stateful firewall/router developed here in New Zealand. It has been in active development for the last few years and offers features previously only found in enterprise class firewalls.
Michael Lawson is a software engineer with a knack for security and networking and a passion for doing things a little bit differently. He is the creator and founder of the Sphirewall Project and has extensive experience in the field of Software Development and Networking. He is very passionate about opensource development, and believes the best software is always free and opensource, contrary to other beliefs.