International Journal For Technological Research In Engineering Volume 4, Issue 8, April-2017 ISSN (Online): 2347 - 4718 www.ijtre.com Copyright 2017.All rights reserved. 1364 A SYSTEMATIC APPROACH FOR HIGHLY SECURE FRAMEWORK FOR VIRTUAL FIREWALL Rahul Tajpuriya 1 , Prof. Vinit Gupta 2 , Prof. Indr Jeet Rajput 3 1,2,3 Department of Computer Engineering, Hasmukh Goswami College of Engineering, Vahelal, Gujarat, India Gujarat Technological University Abstract: Traditional “Physical security measures literally become blind to traffic between virtual machines” since the virtual network traffic may never leave the physical host hardware. The solution to this issue is the use of virtual firewalls. Four types of virtual firewalls can be distinguished: a traditional software firewall installed on a guest virtual machine; a purpose built virtual security appliance designed with virtual network security in mind; a virtual switch with additional security capabilities; or a managed kernel process running on the host hypervisor that sits atop all virtual machines activity. These technologies are meant to answer the new network security concerns raised by virtualized environment. To achieve all requirements various fine grained security architectures like SDN Architecture, NFV Architecture, VNGaurd Architecture, Action Slicing Mechanism, Authentication Mechanisam, Elasticity Achieve model, Fuzzy Integrated Firewall Model, Packet Filterring in security based fuzzy logic model have been put forth till date. In this paper various security mechanisms analyzed and their significance given in this research paper. Keywords: SDN, NFV, VNGaurd, FlowVisor, Resource Isolation, Packet Filtering, Firewall Security, Network Simulation, Fuzzy Logic, Packet Utilization I. INTRODUCTION In computing, virtualization refers to the creation of virtual versions of computers or operating systems where the physical characteristics of a computing platform are hidden from users. The software that controls the virtualization is called hypervisor. Virtualization benefits are multiple; it permits not only to reduce costs (electrical, space, hardware) by lowering the number of physical machines, but it also eases the management of an ever-growing number of computers and servers. [1] However, virtualization is both an opportunity and a threat. According to author, collapsing multiple servers into a single one with several virtual machines inside results in eliminating all firewall and other protections in existence prior to the virtualization. We can distinguish two types of virtual firewalls: Virtual switch with additional security capabilities. Also referred to bridge-mode virtual firewall. Virtual firewall operating in hypervisor- mode with a managed kernel process running on the host hypervisor that sits atop all virtual machines activity. Virtual firewall in bridge-mode acts like its physical-world firewall analog. Positioned in a strategic point of the virtual network infrastructure (usually between different network), it can intercept virtual traffic destined for other segments. Because a bridge-mode virtual firewall once installed is then a virtual machine itself, its relationship to the other virtual machines may become complicated over time because of virtual machines migration allowed by the virtualized infrastructure. An example of this type of product is Cisco Nexus 1000v. By contrast, a virtual firewall operating in hypervisor-mode is not actually part of the virtual network at all. A hypervisor-mode virtual firewall is located in the virtual machine monitor (VMM) where it can capture virtual machine activity, including packet injections. Since a hypervisor-mode virtual firewall is not part of the network and is not a virtual machine, its functionalities cannot be monitored or altered by users and software having access to the virtual network. Hypervisor-mode virtual firewalls can be much faster in term of throughput than the same technology running in bridge-mode because they are not doing packet inspection in a virtual machine, but rather from within the kernel at native hardware speeds. An example of this type of virtual firewall is Reflex Systems vTrust. The objective of this paper is to focus mainly on various security architectures for virtual environments. The remaining portion of the paper is organized like this Section II presents the theoretical background of this paper. Section III presents comparative study/analysis of different security techniques and section IV concludes the paper with summary and future direction. II. DEFINITION AND THEORATICAL BACKGROUD This section describes the concept of Virtul Firewall service and benefits, architecture of virtual model, challenges, security services associated with the same. A. The term Virtual Firewall A virtual firewall is a firewall service running in a virtualized environment and providing the usual packet filtering and monitoring services that a physical firewall would provide. [5] Several types of firewall technologies are available. Their capabilities depend on the OSI layers. There are four main types of network firewalls: stateless, stateful, application and application proxy firewalls. Stateless inspection firewalls operate at both the layer 3 and 4 of the OSI model (network and transport layers) and filters each packet based on information contained in the packet itself, such as source and destination IP addresses or port numbers they do not keep track of the state of each flow that passes through the firewall. Stateful inspection firewalls improve the functions of packet filters by tracking the state of connections of each flow that passes through the firewall. If a connection is permitted by an existing firewall rule, they keep track of it in