ABSTRACT

Firewall is a common terminology that is widely used in the security field. It is the essential system security component to provide inspections on various networking components. Firewall technologies have been evolved in the past several decades from the simplest dedicated packet filter to today's advanced security appliance that can be easily deployed on any network segments. In addition to guarding against north-south bound ‘bad’ traffic transported in-and-out of a trusted domain, firewalls have been used to filter east-west traffic within a trusted domain to prevent malicious traffic moving laterally to explore internal vulnerabilities. The granularity level of protected networks within a trust domain can be at the level of a subnetwork, a VLAN, an interface, an application, or a data flow, in which it is usually implemented through a virtual networking approach called “microsegmentation.”

Microsegmentation is a method of creating secure zones in data centers and cloud deployments to isolate workloads from one another and secure them individually to make network security more granular. The rise of SDN and NFV has paved the way for microsegmentation to be realized in software to ease the deployment and management.

In this chapter, a brief history of firewall and transitions to microsegmentation is firstly described in Section 6.1 and followed with distributed firewall in Section 6.2, microsegmentation system and models are described in Section 6.3, and finally the implementation based on VMWare solutions is presented in Section 6.4.