Home   >   CSC-OpenAccess Library   >    Manuscript Information
Improving Firewall Performance by Eliminating Redundancies In Access Control Lists
Ajay Krishna Vasu, Ashwin Ganesh, Priya Ayyappan, Anirudhan Sudarsan
Pages - 92 - 107     |    Revised - 10-09-2014     |    Published - 10-10-2014
Volume - 6   Issue - 5    |    Publication Date - September / October 2014  Table of Contents
MORE INFORMATION
KEYWORDS
Firewall, Access Control List, Network Security, Firewall Configuration, Firewall Policy.
ABSTRACT
A firewall is a network security device that works to protect an organization's internal network from both unauthorized and malicious users. It functions by examining all packets that enter any one of its incoming interfaces and comparing the structure of the packet against a set of predefined rules. Each rule specifies if a packet corresponding to the rule is to be permitted or denied. This set of rules is called an access control list (ACL) and it forms the basis of a firewall's policy. Incorrect configuration of the firewall can lead to redundant rules which cause performance degradation. We propose an algorithm to identify and eliminate redundant rules in an access control list during the configuration phase. The proposed work defines an access control list as a linked list data structure. A comparison of the proposed work and the conventional approach is also presented.
CITED BY (2)  
1 Sudarsan, A., Ayyappan, P., Vasu, A. K., Ganesh, A., & Gokul, V. (2014). A Simple Traffic Aware Algorithm To Improve Firewall Performance.
2 Ganesh, A., Sudarsan, A., Vasu, A. K., & Ramalingam, D. (2014). improving firewall performance by using a cache table. network, 1, 2.
1 Google Scholar 
2 CiteSeerX 
3 refSeek 
4 Scribd 
5 SlideShare 
6 PdfSR 
A. Krishna and A. Victoire. “Simulation of Firewall and Comparative Study.” In Proceedings of the 3rd International conference on Electronics Computer Technology, 2011, pp. 10-14.
A. Liu, M. Gowda. “Complete Redundancy Detection in Firewalls." In the proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security, 2005, pp. 193- 206.
A. Sudarsan, A. Vasu, A. Ganesh, D. Ramalingam and V. Gokul. “Performance Evaluation of Data Structures in implementing Access Control Lists.” International Journal of Computer Networks and Security, vol. 24, issue 2, pp. 1303-1308, 2014.
C. Sheth and R. Thakker. “Performance evaluation and Comparative Analysis of Network Firewalls.” In Proceedings of the International Conference on devices and communication, 2011, pp.1-5.
H. Hamed and E. Al-Shaer. “Dynamic Rule-ordering Optimization for High-Speed Firewall Filtering.” In Proceedings of the ACM symposium on Information, computer and communications security, 2006, pp. 332-342.
H. Hamed, A. El-Atawy & E. Al-Shaer. “Adaptive Statistical Optimization Techniques for Firewall Packet Filtering.” In Proceedings of the 25th IEEE International Conference on Computer Communications, 2006, pp. 1-12.
H. Ling-Fang. “The Firewall Technology Study of Network Perimeter Security.” In Proceedings of the IEEE Asia-Pacific Services Computing Conference, 2012, pp. 410-413.
H. Mao, L. Zhu and M. Li. “Current State and Future Development Trend of Firewall Technology.” In Proceedings of the 8th International Conference on Wireless Communications, Networking and Mobile Computing, 2012, pp. 1-4.
I. Mothersole and M. Reed. “Optimizing Rule Order for a Packet Filtering Firewall.” In Proceedings of the Conference on Network and Information Systems Security (SAR-SSI), 2011, pp. 1-6.
L. Zhu, H. Mao and H. Qin. “A case study on Access Control Rules Design and Implementation of Firewall.” In Proceedings of the 8th International Conference on Wireless Communications, Networking and Mobile Computing, 2012, pp. 1-4.
M.Z.A Aziz, M.Y Ibrahim, A.M Omar, R.A Rahman, M.M.M Zan, & M.I Yusof. “Performance analysis of application layer firewall.” In Proceedings of the IEEE Symposium on Wireless Technology and Applications (ISWTA), 2012. pp. 182-186.
P. Gupta. “Algorithms for routing lookups and packet classifications.” PhD thesis, Stanford University, 2000.
T. Lammle. CCNA Routing and Switching Study Guide. Indianapolis, Indiana: Sybex, 2013, pp. 501-528.
Z. Trabelsi & S. Zeidan. “Multilevel Early Packet Filtering Technique based on Traffic Statistics and Splay Trees for Firewall performance improvement.” In Proceedings of the IEEE International Conference on Communications (ICC), 2012, pp. 1074-1078.
Z. Trabelsi, L. Zhang & S. Zeidan. “Packet flow histogram to improve firewall efficiency”, In Proceedings of the 8th International Conference on Information, Communication and Signal Processing, 2011, pp. 1-5.
Z. Trabelsi. Z. Sayed, H.E & Zeidan. “Firewall packet matching optimization using network traffic behavior and packet matching statistics.” In Proceedings of the Third International Conference Communications and Networking (ComNet), 2012, pp. 1-7.
Mr. Ajay Krishna Vasu
Computer Science Department Sri Venkateswara College of Engineering Pennalur, 602117 - India
Mr. Ashwin Ganesh
Computer Science Department Sri Venkateswara College of Engineering Pennalur, 602117 - India
Miss Priya Ayyappan
Computer Science Department Sri Venkateswara College of Engineering Pennalur, 602117 - India
Mr. Anirudhan Sudarsan
Computer Science Department Sri Venkateswara College of Engineering Pennalur, 602117 - India
anirudhan.sudarsan@gmail.com


CREATE AUTHOR ACCOUNT
 
LAUNCH YOUR SPECIAL ISSUE
View all special issues >>
 
PUBLICATION VIDEOS