Virtual Firewall Security on Virtual Machines in Cloud Environment

Abstract

Virtualization is revolutionizing how information technology resources and services are used and managed and has led to an explosive growth in the cloud computing industry, illustrated by Google’s Cloud Platform and Amazon’s Elastic Cloud. It brings unique security problems such as virtual traffic, denial of service and intrusion, resulting in penetration of virtual machines, which is disastrous for the enterprise, the user and the cloud provider. Virtual traffic between virtual machines may never leave the physical host hardware; making traditional physical firewalls hopeless to monitor and secure it. This paper proposes a virtual firewall which allows managing the network security of the virtual infrastructure per-virtual machine basis, defining network traffic rules, and hardening the security of the virtual environment. A private cloud is designed using open source solutions and to manage the firewall rules, we implement a Tree-Rule firewall technique which filters packets in a tree-like way based on their attributes such as IP address and protocols. The speed of filtering and processing packets on virtual firewall is highly improved to avoid overload of the firewall in the particular case. It permits to log and analyze network traffic logs for each of the monitored virtual machines. The virtual firewall will provide the power to control the bandwidth utilization of each virtual machine in the infrastructure, preventing overutilization and denial of service to critical applications.