Firewall security: policies, testing and performance evaluation

@article{Lyu2000FirewallSP,
  title={Firewall security: policies, testing and performance evaluation},
  author={Michael R. Lyu and Lorrien K. Y. Lau},
  journal={Proceedings 24th Annual International Computer Software and Applications Conference. COMPSAC2000},
  year={2000},
  pages={116-121}
}
  • Michael R. Lyu, L. Lau
  • Published 2000
  • Computer Science
  • Proceedings 24th Annual International Computer Software and Applications Conference. COMPSAC2000
Explores the firewall security and performance relationships for distributed systems. [...] Key Result The results reveal that a significant impact of enhanced security on performance could only be observed under some particular scenarios, and thus their relationship is not necessarily inversely related. We also discuss the tradeoff between security and performance.Expand
Barbarians in the Gate: An Experimental Validation of NIC-based Distributed Firewall Performance and Flood Tolerance
  • Michael Ihde, W. Sanders
  • Computer Science
  • International Conference on Dependable Systems and Networks (DSN'06)
  • 2006
TLDR
The experience validating the flood tolerance of two network interface card (NIC)-based embedded firewall solutions, the embedded firewall (EFW) and the autonomic distributed firewall (ADF) shows that when their limitations are properly considered, both the EFW and ADF can be safely deployed to enhance network security without undue risk. Expand
Fault Localization for Firewall Policies
TLDR
This work proposes an approach to reduce the number of rules for inspection based on information collected during evaluating failed tests, and shows that this approach can reduce 56% of rules that are required for inspection in fault localization. Expand
Formal Verification of Firewall Policies
  • A. Liu
  • Computer Science
  • 2008 IEEE International Conference on Communications
  • 2008
TLDR
A firewall verification tool that takes as input a firewall policy and a given property, then outputs whether the policy satisfies the property, which is very efficient and can be used in the iterative process of firewall policy design, verification, and maintenance. Expand
Analysis of vulnerabilities in Internet firewalls
TLDR
A novel methodology for analyzing vulnerabilities in Internet firewalls is described, and a set of matrices are described that illustrate the distribution of firewall vulnerability causes and effects over firewall operations. Expand
Systematic Structural Testing of Firewall Policies
TLDR
This work proposes a systematic structural testing approach for firewall policies that defines structural coverage (based on coverage criteria of rules, predicates, and clauses) on the policy under test and shows that a packet set with higher structural coverage has higher fault detection capability. Expand
Systematic Structural Testing of Firewall Policies
TLDR
This work proposes a systematic structural testing approach for firewall policies that defines structural coverage (based on coverage criteria of rules, predicates, and clauses) on the firewall policy under test and results show that a packet set with higher structural coverage has higher fault-detection capability. Expand
Network firewall dynamic performance evaluation and formalisation
TLDR
A novel evaluation environment allows the creation of instances of a network firewall dynamic performance model, and this modelling is part of the Integrated Security Framework, thus enabling it to highlight when particular security requirements cannot be met by the underlying systems, or how best to achieve the objectives. Expand
Change-Impact Analysis of Firewall Policies
  • A. Liu
  • Computer Science
  • ESORICS
  • 2007
TLDR
The theory and algorithms for firewall policy change-impact analysis, which take as input a firewall policy and a proposed change, then output the accurate impact of the change, so that a firewall administrator can verify a proposed changes before committing it. Expand
Analysis of Firewall Performance Variation to Identify the Limits of Automated Network Reconfigurations.
TLDR
It is concluded that networks can be made more resilient, under heavy network loads and large rule sets, if rule sets are applied on the outgoing ports, and configuration interfaces are the performance bottleneck for multi-agent systems that may use these to reconfigure network equipments dynamically. Expand
Performance analysis of the Linux firewall in a host
Firewalls are one of the most commonly used security systems to protect networks and hosts. Most researchers have focused on analyzing the latency and throughput of router firewalls. Different fromExpand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 10 REFERENCES
Firewalls
  • K. Chari
  • Computer Science
  • Encyclopedia of Information Systems
  • 2002
TLDR
With the rapid pace of advancement of networking technology, there is a pressing need to address security issues that hamper further development and remove impediments on the path towards a global information vill age. Expand
, " Firewall Performance Analysis Report " , August 1995 . Computer Science Corporation CSC . [ 6 ] Vulnerabilities families of the Nessus Project
  • 1998
Firewall Performance Analysis Report
  • Computer Science Corporation CSC
Measuring Firewall Performance
    SAINT at the World Wide Digital Security Inc. http://www.wwdsi.com/saint/ [3] The Nessus Project, Renaud Deraison
    • SAINT at the World Wide Digital Security Inc. http://www.wwdsi.com/saint/ [3] The Nessus Project, Renaud Deraison
    The Nessus Project, Renaud Deraison
      Vulnerabilities families of the Nessus Project
      • Vulnerabilities families of the Nessus Project
      WORKLOAD in the archives of the firewall-performance mailing list. ftD.ereatcircle.com in /pub/firewallsperformance/digest/vOl
        WORKLOAD in the archives of the firewall-performance mailing list. ftp.greatcircle.com in /pub/firewalls- performance/digest/v01
        • WORKLOAD in the archives of the firewall-performance mailing list. ftp.greatcircle.com in /pub/firewalls- performance/digest/v01
        http://www.bsb-software.com/download/bsb- monitor
        • http://www.bsb-software.com/download/bsb- monitor