By Topic

A method for moving rules in a network with multiple packet filters

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Mothersole, I. ; Sch. of Comput. Sci. & Electron. Eng., Univ. of Essex, Colchester, UK ; Reed, M.J.

In a network where multiple packet filtering firewalls exist, it can be beneficial to distribute the filtering rules in a certain way, for example, move all the rules towards the edge (main gateway) of the network, or to evenly distribute the rules over the firewalls. Configuring firewalls is a complex task and can be very error prone. To move rules between firewalls, many factors need to be considered to ensure the global security policy remains unchanged. In this paper we present a novel method which describes how to move rules between the firewalls and what, if any, changes need to be made to the rule(s). With this work we have also presented a generic network model which can be applied to any network topology and therefore allows the method for moving rules to be applied to any network topology (so long as it meets the criteria). Applications of the work include improving the network bandwidth utilisation, when unwanted traffic is filtered out early, and also improving the processing loads on each firewall, thus reducing delays and increasing traffic throughput. Factors to be considered when moving filtering rules include the relationships which can exist between filtering rules. Naive removal and insertion of filtering rules can alter inter-rule relationships and therefore also alter the security policy - the method we present ensures the security policy remains unchanged.

Published in:

Computer Science and Electronic Engineering Conference (CEEC), 2011 3rd

Date of Conference:

13-14 July 2011