Nenad Stojanovski and Marjan Gusev


Classic firewall systems are built to filter traffic based on IP addresses, source and destination ports and protocol types. The modern networks have grown to a level where the possibility for users’ mobility is a must. In such networks, modern firewalls may introduce such complexity where administration can become very frustrating since it needs the intervention of a firewall administrator. The solution for this problem is an identity based firewall system. In this paper we will present a new design of a firewall system that uses the user’s identity to filter the traffic. In the design phase we will define key points which have to be satisfied as a crucial milestone for the functioning of the whole Identity based firewall system. The design process includes the process of researching a possibility to create an agentless identity based firewall system. During this process we explored the whole logon process in a Microsoft Windows domain. Based on the results from the logon process we designed the architecture of the agentless identity based firewall. As a result from this architecture we are able to define the key components of the identity based firewall solution. These components are the core components of the system and they will provide the functionality of the identity based firewall. Based on the newly architecture, we were able to roughly compare our design with some existing solutions that can be found on the market and based on that comparison we can show what the benefits from our solution will be.


Identity based firewalls, user identity, firewalls, network security, computer networks, firewall systems design.