Hi, I am undergrad student researching on my senior project idea. Basically I have a different idea implementing firewall (have not seen anyone done this yet).
Essentially, I want to develop a software based bandwidth allocator, something similar to multiple queues in FRED gateways. There will be queues for each subnet in an organization. This way I can separate the type of traffic I have in my network. The servers can be put on a separate queue and (say) internet users can be put on another (the number of queues will be proportional to the number of subnets or security categories). With this I can provide different subnets with different bandwidths. Once I have achieved this I want to provide each queue different security levels depending on their traffic. I am thinking of editing the relevant parts of Squid proxy for this, this will help me in providing all the caching capabilities to internet users and the servers' traffic will just be allowed to go through. As the idea is still developing I just wanted someone to critique it and pose the problems or improvements. The bandwidth allocation part is fairly trivial but I really want to know is that if it would be a good idea to apply security in this fashion. I am also attaching a diagram which gives a very basic idea of my design. Regards, usman.
basicIDA-ver1.gif
Description: GIF image
