Term of Award

Spring 2014

Degree Name

Master of Science in Applied Engineering (M.S.A.E.)

Document Type and Release Option

Thesis (open access)

Copyright Statement / License for Reuse

Digital Commons@Georgia Southern License

Department

Department of Mechanical Engineering

Committee Chair

Jordan Shropshire PhD

Committee Member 1

Chris Kadlec PhD

Committee Member 2

Timur Mirzoev PhD

Abstract

The rapid expansion in networking has provided tremendous opportunities to access an unparalleled amount of information. Everyone connects to a network to gain access and to share this information. However when someone connects to a public network, his private network and information becomes vulnerable to hackers and all kinds of security threats. Today, all networks needs to be secured, and one of the best security policies is firewall implementation.

Firewalls can be hardware or cloud based. Hardware based firewalls offer the advantage of faster response time, whereas cloud based firewalls are more flexible. In reality the best form of firewall protection is the combination of both hardware and cloud firewall.

In this thesis, we implemented and configured a federated architecture using both firewalls, the Cisco ASA 5510 and Vyatta VC6.6 Cloud Based Firewall. Performance evaluation of both firewalls were conducted and analyzed based on two scenarios; spike and endurance test. Throughputs were also compared, along with some mathematical calculations using statistics. Different forms of packets were sent using a specialized tool designed for load testing known as JMeter.

After collecting the results and analyzing it thoroughly, this thesis is concluded by presenting a heuristics method on how packet filtering would fall back to the cloud based firewall when the hardware based firewall becomes stressed and over loaded, thus allowing efficient packet flow and optimized performance.

The result of this thesis can be used by Information Security Analyst, students, organizations and IT experts to have an idea on how to implement a secured network architecture to protect digital information.

Research Data and Supplementary Material

No