International Journal of Computer Networks and Applications (IJCNA)

Published By EverScience Publications

ISSN : 2395-0455

International Journal of Computer Networks and Applications (IJCNA)

International Journal of Computer Networks and Applications (IJCNA)

Published By EverScience Publications

ISSN : 2395-0455

Optimized Firewall with Traffic Awareness

Author NameAuthor Details

Mimi Cherian, Madhumita Chatterjee

Mimi Cherian[1]

Madhumita Chatterjee[2]

[1]Computer Department, PIIT, Mumbai University, India.

[2]Computer Department, PIIT, Mumbai University, India.

Abstract

Firewall is one of the well known network-based security devices that have been widely used since the initial days of computer network security. Firewall is designed to allow or reject network traffic depending on firewall rules that displays the types of packets should be accepted or rejected in protected network. Currently growth complexity in network is high and it’s very common to find firewall policies consisting of many rules. Packet filtering is the one of the major contemporary firewall design techniques. An important design goal is to arrive at the decision at the packet only [1]. Firewall access rule list consists of rules which are sequentially checked. This implies that firewall filtering overhead and costing will be higher when the order of the matching rules is higher. Hence it is vital, to minimize the filtering overhead. It’s critical to have necessary ordering of rules in the firewall rule set. Firewall validates all inbound and outbound packets by analyzing data packet and then by comparing packets with many firewall rules, that defines whether to accept or discard the traffic. It is very important to improve the firewall policies to improve performance of network.

Index Terms

Firewall

Security

Filtering

Traffic

Reference

  1. 1.
    Gopal Pault, Amaresh Pothnal, C. R. Mandalt, Bhargab B. Bhattacharya ,Design and Implementation of Packet Filter Firewall using Binary Decision Diagram, IEEE Students Technology Symposium , 2011.
  2. 2.
    Subrata Acharya, Jia Wang, Zihui Ge, Taieb F.Znati and Albert Greenberg,Traffic-Aware Firewall Optimization Strategies, 2010.
  3. 3.
    P.R.Kadam, V.K. Bhusari, Review on Redundancy removal of rules for Optimizing Firewalls, International Journal of Research in Engineering and Technology, Sep-2014.
  4. 4.
    Anssi Kolehmainen,Optimizing Firewall Performance, 2008.
  5. 5.
    Hongxin Hu, Gail-Joon Ahn, and Ketan Kulkarni Detecting and Resolving Firewall Policy Anomalies
  6. 6.
    C. Shen, T. Chung, Y. Chang and Y. Chen, "PFC: A New High Performance Packet Filter Architecture", Journal of Internet Technology, Vo1.8, No.1, Page (s): 67-74, 2007.
  7. 7.
    Ravi Shankar P , Santosh Naidu P , “A Dynamic Approach of Malicious Node Detection for Internet Traffic Analysis” In Proceedings of IJCNA, 2014.
  8. 8.
    Zouheir Trabelsi and Safaa Zeidan, Multilevel Early Packet Filtering Technique based on Traffic Statistics and Splay Trees for Firewall Performance Improvement, Communication and Information Systems Security Symposium 2012.
  9. 9.
    Hazem Hamed, Adel El-Atawy, and Ehab Al-Shaer,On Dynamic Optimization of Packet Matching in High- Speed Firewall, IEEE Journal, Oct-2006.
  10. 10.
    A. El-Atawy, T. Samak, E. Al-Shaer and H.Li. Using online traffic statistical matching for optimizing packet filtering performance. IEEE INFOCOM’07, pages 866-874, 2007.
  11. 11.
    V. Srinivasan, S. Suri, and G. Varghese, “Packet classification using tuple space search,” in In Proceedings of SIGCOMM. ACM Press, 1999.
  12. 12.
    J. Cheng, H. Yang, S. H.Wong, and S. Lu. Design and implementation of cross-domain cooperative firewall. In Proceedings of the IEEE ICNP, pages 284 – 293, 2007.
  13. 13.
    Bremler-Barr A and Hendler D. Space-efficient tcam-based classification using gray coding. In Proceedings of the IEEE INFOCOM, 2007.
  14. 14.
    C. R. Meiners A. X. Liu and Y. Zhou. All-match based complete redundancy removal for packet classifiers in tcams. In Proceedings of the IEEE INFOCOM, pages 574 – 582, 2008.
  15. 15.
    E. Torng A. X. Liu and C. Meiners. Firewall compressor: An algorithm for minimizing firewall policies. In Proceedings of the IEEE INFOCOM, 2008.
  16. 16.
    E. Al-Shaer and H. Hamed. Discovery of policy anomalies in distributed firewalls. In Proceedings of the IEEE INFOCOM, pages 2605 – 2616, 2004.
  17. 17.
    S. Acharya, J. Wang, Z. Ge, T. Znati, and A. Greenberg, “A Traffic-Aware Framework and Optimization Strategies for Large Scale Enterprise Networks,” Technical Report, pp. 1–20, September 2005
  18. 18.
    M. Roughan, A. Greenberg, C. Kalmanek, M. Rumsewicz, J. Yates, and Y. Zhang, “Experience in measuring backbone traffic variability: Models, metrics, measurements and meaning,” in IMW ’02: Proceedings of the 2nd ACM SIGCOMM Workshop on Internet Measurement. NewYork, NY, USA: ACM Press, 2002, pp. 91–92.
IJCNA NPC