Firewall security: policies, testing and performance evaluation
@article{Lyu2000FirewallSP, title={Firewall security: policies, testing and performance evaluation}, author={Michael R. Lyu and Lorrien K. Y. Lau}, journal={Proceedings 24th Annual International Computer Software and Applications Conference. COMPSAC2000}, year={2000}, pages={116-121} }
Explores the firewall security and performance relationships for distributed systems. [] Key Result The results reveal that a significant impact of enhanced security on performance could only be observed under some particular scenarios, and thus their relationship is not necessarily inversely related. We also discuss the tradeoff between security and performance.
82 Citations
Barbarians in the Gate: An Experimental Validation of NIC-based Distributed Firewall Performance and Flood Tolerance
- Computer ScienceInternational Conference on Dependable Systems and Networks (DSN'06)
- 2006
The experience validating the flood tolerance of two network interface card (NIC)-based embedded firewall solutions, the embedded firewall (EFW) and the autonomic distributed firewall (ADF) shows that when their limitations are properly considered, both the EFW and ADF can be safely deployed to enhance network security without undue risk.
Fault Localization for Firewall Policies
- Computer Science2009 28th IEEE International Symposium on Reliable Distributed Systems
- 2009
This work proposes an approach to reduce the number of rules for inspection based on information collected during evaluating failed tests, and shows that this approach can reduce 56% of rules that are required for inspection in fault localization.
Formal Verification of Firewall Policies
- Computer Science2008 IEEE International Conference on Communications
- 2008
A firewall verification tool that takes as input a firewall policy and a given property, then outputs whether the policy satisfies the property, which is very efficient and can be used in the iterative process of firewall policy design, verification, and maintenance.
Systematic Structural Testing of Firewall Policies
- Computer Science2008 Symposium on Reliable Distributed Systems
- 2008
This work proposes a systematic structural testing approach for firewall policies that defines structural coverage (based on coverage criteria of rules, predicates, and clauses) on the policy under test and shows that a packet set with higher structural coverage has higher fault detection capability.
Systematic Structural Testing of Firewall Policies
- Computer ScienceIEEE Transactions on Network and Service Management
- 2012
This work proposes a systematic structural testing approach for firewall policies that defines structural coverage (based on coverage criteria of rules, predicates, and clauses) on the firewall policy under test and results show that a packet set with higher structural coverage has higher fault-detection capability.
Network firewall dynamic performance evaluation and formalisation
- Computer Science
- 2009
A novel evaluation environment allows the creation of instances of a network firewall dynamic performance model, and this modelling is part of the Integrated Security Framework, thus enabling it to highlight when particular security requirements cannot be met by the underlying systems, or how best to achieve the objectives.
Change-Impact Analysis of Firewall Policies
- Computer ScienceESORICS
- 2007
The theory and algorithms for firewall policy change-impact analysis, which take as input a firewall policy and a proposed change, then output the accurate impact of the change, so that a firewall administrator can verify a proposed changes before committing it.
Analysis of Firewall Performance Variation to Identify the Limits of Automated Network Reconfigurations.
- Computer Science
- 2006
It is concluded that networks can be made more resilient, under heavy network loads and large rule sets, if rule sets are applied on the outgoing ports, and configuration interfaces are the performance bottleneck for multi-agent systems that may use these to reconfigure network equipments dynamically.
Performance analysis of the Linux firewall in a host
- Computer Science
- 2002
This research focuses on studying the performance impact and the sensitivity of the Linux firewall (iptables) for a single host, and measurement results indicate that the firewall is sensitive to the number of rules, the type of filtering, and the transmission rate.
References
SHOWING 1-10 OF 10 REFERENCES
Firewall Performance Analysis Report
- Computer Science Corporation CSC
WORKLOAD in the archives of the firewall-performance mailing list. ftD.ereatcircle.com in /pub/firewallsperformance/digest/vOl
, " Firewall Performance Analysis Report " , August 1995 . Computer Science Corporation CSC . [ 6 ] Vulnerabilities families of the Nessus Project
- 1998
WORKLOAD in the archives of the firewall-performance mailing list. ftp.greatcircle.com in /pub/firewalls- performance/digest/v01
- WORKLOAD in the archives of the firewall-performance mailing list. ftp.greatcircle.com in /pub/firewalls- performance/digest/v01
Vulnerabilities families of the Nessus Project
- Vulnerabilities families of the Nessus Project
http://www.bsb-software.com/download/bsb- monitor
- http://www.bsb-software.com/download/bsb- monitor
The Nessus Project, Renaud Deraison
Measuring Firewall Performance
SAINT at the World Wide Digital Security Inc. http://www.wwdsi.com/saint/ [3] The Nessus Project, Renaud Deraison
- SAINT at the World Wide Digital Security Inc. http://www.wwdsi.com/saint/ [3] The Nessus Project, Renaud Deraison