An experimental study on firewall performance: Dive into the bottleneck for firewall effectiveness

Author

Chenghong Wang ; Donghong Zhang ; Hualin Lu ; Jing Zhao ; Zhenyu Zhang ; Zheng Zheng

Author_Institution

Comput. Sci. & Techology Dept., Harbin Eng. Univ., Harbin, China

fYear

2014

Firstpage

71

Lastpage

76

Abstract

Performance is an important indicator of firewalls effectiveness, which represents capability of firewalls handling network requests. ModSecurity and iptables, two representative firewalls of packet filtering and application firewall, are studied experimentally in this paper. Firstly, we develop the experiments to test the capacity of these two kinds of firewalls. Secondly, we locate the bottlenecks for system resources such as CPU and memory usage that affect the firewalls performance by analyzing the collecting data from firewalls experiments. Finally, with the same settings, we compare the performance of the two kinds of firewalls by varying the parameters such as request rate, packet length, and maximum concurrent connections.

Keywords

firewalls; ModSecurity; application firewall; experimental study; firewall effectiveness; firewall performance; iptables; maximum concurrent connections; packet filtering; packet length; request rate; system resources; Firewalls (computing); Performance evaluation; application firewall; hardware resources; network security; packet filtering firewall; performance bottleneck;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Assurance and Security (IAS), 2014 10th International Conference on

Print_ISBN

978-1-4799-8098-7

Type

conf

DOI

10.1109/ISIAS.2014.7064623

Filename

7064623