• Firewall

    A network firewall is a device placed between networks of different trust levels to filter authorized and unauthorized packets.

    This is done by sequentially checking a packet against a set of rules until one that matches the packet is found.

  • Rule Set

    A set of rules for filtering packets configured on the firewall. These are derived from the security policy of the organisation.

    Each rule specifies the action to be applied to the packet - ALLOW or DENY entry into the network.

  • Optimization

    Sequential evaluation of rule sets to find a matching rule for the packet reduces matching time; negative impact on filtering performance.

    Reducing the inspection time by applying less rules to packets is one solution investigated in this research.

 

Problem Statement

  • Firewalls cycle through a rule set sequentially to find a matching rule for a packet being inspected.

  • It is evident that not all rules in a rule set match the packet being inspected.

  • Traffic is dynamic in nature and rules not matching traffic in a given time could match packets later.

Research Goals

  • To investigate if optimizing a firewall rule set offers any gain in inspection time - Firewall throughput.

  • To come up with a tool that aids network administrators in optimizing rule sets.

Deliverables

  • Comparative results for optimized and naive or un-optimized rule sets to assess performance gain.

  • OptAid tool designed to help in rule set optimization.

  • Thesis.