Title :
An experimental study on firewall performance: Dive into the bottleneck for firewall effectiveness
Author :
Chenghong Wang ; Donghong Zhang ; Hualin Lu ; Jing Zhao ; Zhenyu Zhang ; Zheng Zheng
Author_Institution :
Comput. Sci. & Techology Dept., Harbin Eng. Univ., Harbin, China
Abstract :
Performance is an important indicator of firewalls effectiveness, which represents capability of firewalls handling network requests. ModSecurity and iptables, two representative firewalls of packet filtering and application firewall, are studied experimentally in this paper. Firstly, we develop the experiments to test the capacity of these two kinds of firewalls. Secondly, we locate the bottlenecks for system resources such as CPU and memory usage that affect the firewalls performance by analyzing the collecting data from firewalls experiments. Finally, with the same settings, we compare the performance of the two kinds of firewalls by varying the parameters such as request rate, packet length, and maximum concurrent connections.
Keywords :
firewalls; ModSecurity; application firewall; experimental study; firewall effectiveness; firewall performance; iptables; maximum concurrent connections; packet filtering; packet length; request rate; system resources; Firewalls (computing); Performance evaluation; application firewall; hardware resources; network security; packet filtering firewall; performance bottleneck;
Conference_Titel :
Information Assurance and Security (IAS), 2014 10th International Conference on
Print_ISBN :
978-1-4799-8098-7
DOI :
10.1109/ISIAS.2014.7064623
