Title :
On Optimal Firewall Rule Ordering
Author :
El-Alfy, El-Sayed M. ; Selim, Shokri Z.
Author_Institution :
KingFahd Univ. of Pet. & Miner., Dhahran
Abstract :
In today´s online connected world, almost all corporate networks use some form of perimeter firewalls to manage Internet connections and enforce a security policy at the corporate gateway. Although it can considerably enhance network security and protect business-critical information, a firewall with thousands of rules can become a bottleneck for network performance. The primary goal of this paper is to present a new rule order optimizer based on simulated annealing to find optimal configurations that minimize the average number of rule comparisons while preserving precedence relationships among disjoint rules. The proposed approach is evaluated and its effectiveness is compared with another approximate solution under several firewall configurations and policy profiles.
Keywords :
Internet; authorisation; minimisation; simulated annealing; Internet connections; business-critical information protection; minimization; network security; optimal firewall rule ordering; security policy; simulated annealing; Computer networks; Educational institutions; Filtering; Hardware; Information security; Minerals; Petroleum; Protection; Sorting; Traffic control;
Conference_Titel :
Computer Systems and Applications, 2007. AICCSA '07. IEEE/ACS International Conference on
Conference_Location :
Amman
Print_ISBN :
1-4244-1030-4
Electronic_ISBN :
1-4244-1031-2
DOI :
10.1109/AICCSA.2007.370727
