Firewall security: policies, testing and performance evaluation

@article{Lyu2000FirewallSP,
  title={Firewall security: policies, testing and performance evaluation},
  author={Michael R. Lyu and Lorrien K. Y. Lau},
  journal={Proceedings 24th Annual International Computer Software and Applications Conference. COMPSAC2000},
  year={2000},
  pages={116-121}
}
  • Michael R. Lyu, L. Lau
  • Published 25 October 2000
  • Computer Science
  • Proceedings 24th Annual International Computer Software and Applications Conference. COMPSAC2000
Explores the firewall security and performance relationships for distributed systems. [] Key Result The results reveal that a significant impact of enhanced security on performance could only be observed under some particular scenarios, and thus their relationship is not necessarily inversely related. We also discuss the tradeoff between security and performance.
View on IEEE
cse.cuhk.edu.hk
82 Citations
Highly Influential Citations
4
Background Citations
30
Methods Citations
10

Figures and Tables from this paper

82 Citations

Barbarians in the Gate: An Experimental Validation of NIC-based Distributed Firewall Performance and Flood Tolerance
  • Michael Ihde, W. Sanders
  • Computer Science
    International Conference on Dependable Systems and Networks (DSN'06)
  • 2006
TLDR
The experience validating the flood tolerance of two network interface card (NIC)-based embedded firewall solutions, the embedded firewall (EFW) and the autonomic distributed firewall (ADF) shows that when their limitations are properly considered, both the EFW and ADF can be safely deployed to enhance network security without undue risk.
Fault Localization for Firewall Policies
TLDR
This work proposes an approach to reduce the number of rules for inspection based on information collected during evaluating failed tests, and shows that this approach can reduce 56% of rules that are required for inspection in fault localization.
Formal Verification of Firewall Policies
  • A. Liu
  • Computer Science
    2008 IEEE International Conference on Communications
  • 2008
TLDR
A firewall verification tool that takes as input a firewall policy and a given property, then outputs whether the policy satisfies the property, which is very efficient and can be used in the iterative process of firewall policy design, verification, and maintenance.
Analysis of vulnerabilities in Internet firewalls
Systematic Structural Testing of Firewall Policies
TLDR
This work proposes a systematic structural testing approach for firewall policies that defines structural coverage (based on coverage criteria of rules, predicates, and clauses) on the policy under test and shows that a packet set with higher structural coverage has higher fault detection capability.
Systematic Structural Testing of Firewall Policies
TLDR
This work proposes a systematic structural testing approach for firewall policies that defines structural coverage (based on coverage criteria of rules, predicates, and clauses) on the firewall policy under test and results show that a packet set with higher structural coverage has higher fault-detection capability.
Network firewall dynamic performance evaluation and formalisation
TLDR
A novel evaluation environment allows the creation of instances of a network firewall dynamic performance model, and this modelling is part of the Integrated Security Framework, thus enabling it to highlight when particular security requirements cannot be met by the underlying systems, or how best to achieve the objectives.
Change-Impact Analysis of Firewall Policies
  • A. Liu
  • Computer Science
    ESORICS
  • 2007
TLDR
The theory and algorithms for firewall policy change-impact analysis, which take as input a firewall policy and a proposed change, then output the accurate impact of the change, so that a firewall administrator can verify a proposed changes before committing it.
Analysis of Firewall Performance Variation to Identify the Limits of Automated Network Reconfigurations.
TLDR
It is concluded that networks can be made more resilient, under heavy network loads and large rule sets, if rule sets are applied on the outgoing ports, and configuration interfaces are the performance bottleneck for multi-agent systems that may use these to reconfigure network equipments dynamically.
Performance analysis of the Linux firewall in a host
TLDR
This research focuses on studying the performance impact and the sensitivity of the Linux firewall (iptables) for a single host, and measurement results indicate that the firewall is sensitive to the number of rules, the type of filtering, and the transmission rate.
...
...

References

SHOWING 1-10 OF 10 REFERENCES
Firewalls
  • K. Chari
  • Computer Science
    Encyclopedia of Information Systems
  • 2002
Firewall Performance Analysis Report
  • Computer Science Corporation CSC
WORKLOAD in the archives of the firewall-performance mailing list. ftD.ereatcircle.com in /pub/firewallsperformance/digest/vOl
    , " Firewall Performance Analysis Report " , August 1995 . Computer Science Corporation CSC . [ 6 ] Vulnerabilities families of the Nessus Project
    • 1998
    WORKLOAD in the archives of the firewall-performance mailing list. ftp.greatcircle.com in /pub/firewalls- performance/digest/v01
    • WORKLOAD in the archives of the firewall-performance mailing list. ftp.greatcircle.com in /pub/firewalls- performance/digest/v01
    Vulnerabilities families of the Nessus Project
    • Vulnerabilities families of the Nessus Project
    http://www.bsb-software.com/download/bsb- monitor
    • http://www.bsb-software.com/download/bsb- monitor
    The Nessus Project, Renaud Deraison
      Measuring Firewall Performance
        SAINT at the World Wide Digital Security Inc. http://www.wwdsi.com/saint/ [3] The Nessus Project, Renaud Deraison
        • SAINT at the World Wide Digital Security Inc. http://www.wwdsi.com/saint/ [3] The Nessus Project, Renaud Deraison