• DocumentCode
    2799435
  • Title

    On Optimal Firewall Rule Ordering

  • Author

    El-Alfy, El-Sayed M. ; Selim, Shokri Z.

  • Author_Institution
    KingFahd Univ. of Pet. & Miner., Dhahran
  • fYear
    2007
  • fDate
    13-16 May 2007
  • Firstpage
    819
  • Lastpage
    824
  • Abstract
    In today´s online connected world, almost all corporate networks use some form of perimeter firewalls to manage Internet connections and enforce a security policy at the corporate gateway. Although it can considerably enhance network security and protect business-critical information, a firewall with thousands of rules can become a bottleneck for network performance. The primary goal of this paper is to present a new rule order optimizer based on simulated annealing to find optimal configurations that minimize the average number of rule comparisons while preserving precedence relationships among disjoint rules. The proposed approach is evaluated and its effectiveness is compared with another approximate solution under several firewall configurations and policy profiles.
  • Keywords
    Internet; authorisation; minimisation; simulated annealing; Internet connections; business-critical information protection; minimization; network security; optimal firewall rule ordering; security policy; simulated annealing; Computer networks; Educational institutions; Filtering; Hardware; Information security; Minerals; Petroleum; Protection; Sorting; Traffic control;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Systems and Applications, 2007. AICCSA '07. IEEE/ACS International Conference on
  • Conference_Location
    Amman
  • Print_ISBN
    1-4244-1030-4
  • Electronic_ISBN
    1-4244-1031-2
  • Type

    conf

  • DOI
    10.1109/AICCSA.2007.370727
  • Filename
    4231055
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2799435