On optimal firewall rule ordering

El Sayed M. El-Alfy; Shokri Z. Selim

doi:10.1109/AICCSA.2007.370727

On optimal firewall rule ordering

El Sayed M. El-Alfy^*
, Shokri Z. Selim

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

7 Scopus citations

Abstract

In today's online connected world, almost all corporate networks use some form of perimeter firewalls to manage Internet connections and enforce a security policy at the corporate gateway. Although it can considerably enhance network security and protect business-critical information, a firewall with thousands of rules can become a bottleneck for network performance. The primary goal of this paper is to present a new rule order optimizer based on simulated annealing to find optimal configurations that minimize the average number of rule comparisons while preserving precedence relationships among disjoint rules. The proposed approach is evaluated and its effectiveness is compared with another approximate solution under several firewall configurations and policy profiles.

Original language	English
Title of host publication	2007 IEEE/ACS International Conference on Computer Systems and Applications, AICCSA 2007
Pages	819-824
Number of pages	6
DOIs	https://doi.org/10.1109/AICCSA.2007.370727
State	Published - 2007

Publication series

Name	2007 IEEE/ACS International Conference on Computer Systems and Applications, AICCSA 2007

ASJC Scopus subject areas

Computer Networks and Communications
Computer Science Applications
Hardware and Architecture
Signal Processing

Access to Document

10.1109/AICCSA.2007.370727

Cite this

@inproceedings{06b0c601708b4d8fbaa1d4dbb7db3041,

title = "On optimal firewall rule ordering",

abstract = "In today's online connected world, almost all corporate networks use some form of perimeter firewalls to manage Internet connections and enforce a security policy at the corporate gateway. Although it can considerably enhance network security and protect business-critical information, a firewall with thousands of rules can become a bottleneck for network performance. The primary goal of this paper is to present a new rule order optimizer based on simulated annealing to find optimal configurations that minimize the average number of rule comparisons while preserving precedence relationships among disjoint rules. The proposed approach is evaluated and its effectiveness is compared with another approximate solution under several firewall configurations and policy profiles.",

author = "El-Alfy, \{El Sayed M.\} and Selim, \{Shokri Z.\}",

year = "2007",

doi = "10.1109/AICCSA.2007.370727",

language = "English",

isbn = "1424410312",

series = "2007 IEEE/ACS International Conference on Computer Systems and Applications, AICCSA 2007",

pages = "819--824",

booktitle = "2007 IEEE/ACS International Conference on Computer Systems and Applications, AICCSA 2007",

}

On optimal firewall rule ordering. / El-Alfy, El Sayed M.; Selim, Shokri Z.
2007 IEEE/ACS International Conference on Computer Systems and Applications, AICCSA 2007. 2007. p. 819-824 4231055 (2007 IEEE/ACS International Conference on Computer Systems and Applications, AICCSA 2007).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - On optimal firewall rule ordering

AU - El-Alfy, El Sayed M.

AU - Selim, Shokri Z.

PY - 2007

Y1 - 2007

N2 - In today's online connected world, almost all corporate networks use some form of perimeter firewalls to manage Internet connections and enforce a security policy at the corporate gateway. Although it can considerably enhance network security and protect business-critical information, a firewall with thousands of rules can become a bottleneck for network performance. The primary goal of this paper is to present a new rule order optimizer based on simulated annealing to find optimal configurations that minimize the average number of rule comparisons while preserving precedence relationships among disjoint rules. The proposed approach is evaluated and its effectiveness is compared with another approximate solution under several firewall configurations and policy profiles.

AB - In today's online connected world, almost all corporate networks use some form of perimeter firewalls to manage Internet connections and enforce a security policy at the corporate gateway. Although it can considerably enhance network security and protect business-critical information, a firewall with thousands of rules can become a bottleneck for network performance. The primary goal of this paper is to present a new rule order optimizer based on simulated annealing to find optimal configurations that minimize the average number of rule comparisons while preserving precedence relationships among disjoint rules. The proposed approach is evaluated and its effectiveness is compared with another approximate solution under several firewall configurations and policy profiles.

UR - https://www.scopus.com/pages/publications/36248993407

U2 - 10.1109/AICCSA.2007.370727

DO - 10.1109/AICCSA.2007.370727

M3 - Conference contribution

AN - SCOPUS:36248993407

SN - 1424410312

SN - 9781424410316

T3 - 2007 IEEE/ACS International Conference on Computer Systems and Applications, AICCSA 2007

SP - 819

EP - 824

BT - 2007 IEEE/ACS International Conference on Computer Systems and Applications, AICCSA 2007

ER -

On optimal firewall rule ordering

Abstract

Publication series

ASJC Scopus subject areas

Access to Document

Fingerprint

Cite this