Abstract
Firewalls are important network devices which provide first hand defense against network threat. This level of defense is depended on firewall rules. Traditional firewalls, i.e., Cisco ACL, IPTABLES, Check Point and Juniper NetScreen firewall use listed rule to regulate packet flows. However, the listed rules may lead to rule conflictions which make the firewall to be less secure or even slowdown in performance. Based on our previous research works, we proposed the Tree-Rule firewall which does not encounter such rule conflicts within its rule set and operates faster than the traditional firewalls. However, in big or complex networks, the Tree-Rule firewall still may face two main problems. 1. Firewall administrators may face difficulty to write big and complex rule. 2. Difficulty to select appropriate attribute column for the Root node. In this paper, we propose an improved model for the Tree-Rule firewall by extending our previous models. We offer the use of combination between IN and OUT interfaces of the firewall to separate a big rule to many small independent rules. Each separated rule then can be managed in an individual screen. Sequence of verifying attributes, i.e., Source IP, Destination IP and Destination Port numbers, can be ordered independently in each separated rule. We implement the two main schemes on Linux Cent OS 6.3. We found that the improved Tree-Rule firewall can be managed easily with low processing delay.
| Original language | English |
|---|---|
| Title of host publication | Proceedings - 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 10th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Symposium on Parallel and Distributed Processing with Applications, IEEE TrustCom/BigDataSE/ISPA 2016 |
| Publisher | Institute of Electrical and Electronics Engineers Inc. |
| Pages | 178-184 |
| Number of pages | 7 |
| ISBN (Electronic) | 9781509032051 |
| DOIs | |
| Publication status | Published - 2016 |
| Externally published | Yes |
| Event | Joint 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 10th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Symposium on Parallel and Distributed Processing with Applications, IEEE TrustCom/BigDataSE/ISPA 2016 - Tianjin, China Duration: 23 Aug 2016 → 26 Aug 2016 |
Publication series
| Name | Proceedings - 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 10th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Symposium on Parallel and Distributed Processing with Applications, IEEE TrustCom/BigDataSE/ISPA 2016 |
|---|
Conference
| Conference | Joint 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 10th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Symposium on Parallel and Distributed Processing with Applications, IEEE TrustCom/BigDataSE/ISPA 2016 |
|---|---|
| Country/Territory | China |
| City | Tianjin |
| Period | 23/08/16 → 26/08/16 |
UN SDGs
This output contributes to the following UN Sustainable Development Goals (SDGs)
-
SDG 15 Life on Land
Free Keywords
- Firewall
- Large rule size
- Low delay
- Network security
- Tree-rule firewall
ASJC Scopus subject areas
- Computer Networks and Communications
- Computer Science Applications
- Hardware and Architecture
- Information Systems
- Safety, Risk, Reliability and Quality
Fingerprint
Dive into the research topics of 'An improvement of tree-rule firewall for a large network: Supporting large rule size and low delay'. Together they form a unique fingerprint.Cite this
- APA
- Author
- BIBTEX
- Harvard
- Standard
- RIS
- Vancouver