Home   >   CSC-OpenAccess Library   >    Manuscript Information
Full Text Available

(466.98KB)
This is an Open Access publication published under CSC-OpenAccess Policy.
Improving Firewall Performance by Eliminating Redundancies In Access Control Lists
Ajay Krishna Vasu, Ashwin Ganesh, Priya Ayyappan, Anirudhan Sudarsan
Pages - 92 - 107     |    Revised - 10-09-2014     |    Published - 10-10-2014
Volume - 6   Issue - 5    |    Publication Date - September / October 2014  Table of Contents
MORE INFORMATION
KEYWORDS
Firewall, Access Control List, Network Security, Firewall Configuration, Firewall Policy.
ABSTRACT
A firewall is a network security device that works to protect an organization's internal network from both unauthorized and malicious users. It functions by examining all packets that enter any one of its incoming interfaces and comparing the structure of the packet against a set of predefined rules. Each rule specifies if a packet corresponding to the rule is to be permitted or denied. This set of rules is called an access control list (ACL) and it forms the basis of a firewall's policy. Incorrect configuration of the firewall can lead to redundant rules which cause performance degradation. We propose an algorithm to identify and eliminate redundant rules in an access control list during the configuration phase. The proposed work defines an access control list as a linked list data structure. A comparison of the proposed work and the conventional approach is also presented.
CITED BY (2)  
1 Sudarsan, A., Ayyappan, P., Vasu, A. K., Ganesh, A., & Gokul, V. (2014). A Simple Traffic Aware Algorithm To Improve Firewall Performance.
2 Ganesh, A., Sudarsan, A., Vasu, A. K., & Ramalingam, D. (2014). improving firewall performance by using a cache table. network, 1, 2.
1 Google Scholar
2 CiteSeerX
3 refSeek
4 Scribd
5 SlideShare
6 PdfSR
1 A. Liu, M. Gowda. “Complete Redundancy Detection in Firewalls." In the proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security, 2005, pp. 193- 206.
2 H. Ling-Fang. “The Firewall Technology Study of Network Perimeter Security.” In Proceedings of the IEEE Asia-Pacific Services Computing Conference, 2012, pp. 410-413.
3 L. Zhu, H. Mao and H. Qin. “A case study on Access Control Rules Design and Implementation of Firewall.” In Proceedings of the 8th International Conference on Wireless Communications, Networking and Mobile Computing, 2012, pp. 1-4.
4 C. Sheth and R. Thakker. “Performance evaluation and Comparative Analysis of Network Firewalls.” In Proceedings of the International Conference on devices and communication, 2011, pp.1-5.
5 H. Mao, L. Zhu and M. Li. “Current State and Future Development Trend of Firewall Technology.” In Proceedings of the 8th International Conference on Wireless Communications, Networking and Mobile Computing, 2012, pp. 1-4.
6 M.Z.A Aziz, M.Y Ibrahim, A.M Omar, R.A Rahman, M.M.M Zan, & M.I Yusof. “Performance analysis of application layer firewall.” In Proceedings of the IEEE Symposium on Wireless Technology and Applications (ISWTA), 2012. pp. 182-186.
7 A. Krishna and A. Victoire. “Simulation of Firewall and Comparative Study.” In Proceedings of the 3rd International conference on Electronics Computer Technology, 2011, pp. 10-14.
8 T. Lammle. CCNA Routing and Switching Study Guide. Indianapolis, Indiana: Sybex, 2013, pp. 501-528.
9 I. Mothersole and M. Reed. “Optimizing Rule Order for a Packet Filtering Firewall.” In Proceedings of the Conference on Network and Information Systems Security (SAR-SSI), 2011, pp. 1-6.
10 H. Hamed, A. El-Atawy & E. Al-Shaer. “Adaptive Statistical Optimization Techniques for Firewall Packet Filtering.” In Proceedings of the 25th IEEE International Conference on Computer Communications, 2006, pp. 1-12.
11 Z. Trabelsi, L. Zhang & S. Zeidan. “Packet flow histogram to improve firewall efficiency”, In Proceedings of the 8th International Conference on Information, Communication and Signal Processing, 2011, pp. 1-5.
12 H. Hamed and E. Al-Shaer. “Dynamic Rule-ordering Optimization for High-Speed Firewall Filtering.” In Proceedings of the ACM symposium on Information, computer and communications security, 2006, pp. 332-342.
13 Z. Trabelsi. Z. Sayed, H.E & Zeidan. “Firewall packet matching optimization using network traffic behavior and packet matching statistics.” In Proceedings of the Third International Conference Communications and Networking (ComNet), 2012, pp. 1-7.
14 Z. Trabelsi & S. Zeidan. “Multilevel Early Packet Filtering Technique based on Traffic Statistics and Splay Trees for Firewall performance improvement.” In Proceedings of the IEEE International Conference on Communications (ICC), 2012, pp. 1074-1078.
15 A. Sudarsan, A. Vasu, A. Ganesh, D. Ramalingam and V. Gokul. “Performance Evaluation of Data Structures in implementing Access Control Lists.” International Journal of Computer Networks and Security, vol. 24, issue 2, pp. 1303-1308, 2014.
16 P. Gupta. “Algorithms for routing lookups and packet classifications.” PhD thesis, Stanford University, 2000.
Mr. Ajay Krishna Vasu
Computer Science Department Sri Venkateswara College of Engineering Pennalur, 602117 - India
Mr. Ashwin Ganesh
Computer Science Department Sri Venkateswara College of Engineering Pennalur, 602117 - India
Miss Priya Ayyappan
Computer Science Department Sri Venkateswara College of Engineering Pennalur, 602117 - India
Mr. Anirudhan Sudarsan
Computer Science Department Sri Venkateswara College of Engineering Pennalur, 602117 - India
anirudhan.sudarsan@gmail.com