IR @ Nirma University
Keeping in tune the global developments we are creating an institutional repository using DSpace Software (Digital Library Software). We are archiving institutional knowledge like, faculty papers, theses, and dissertations in PDF format at DSpace. Students can access this digital information anywhere in the campus.
Please use this identifier to cite or link to this item:
http://10.1.7.192:80/jspui/handle/123456789/68| Title: | Firewall: Optimizing Policies, Testing and Performance Evaluation |
| Authors: | Chagela, Vivek N. |
| Keywords: | Computer 2005 Project Report 2005 Computer Project Report Project Report 05MCE 05MCE003 |
| Issue Date: | 1-Jun-2007 |
| Publisher: | Institute of Technology |
| Series/Report no.: | 05MCE003 |
| Abstract: | Firewalls enforce a security policy between two networks by comparing arriving packets against the policy rules to determine whether they should be accepted or denied. As the amount of data being transferred over networks increases over a time, the firewalls used to protect private networks must process traffic both faster and with greater reliability. In order to cope with new application types like multimedia applications and as high-speed networks become more prevalent, delays will become more significant, new firewall architectures are necessary. The performance of these new architectures is a critical factor because Quality of Service (QoS) demands of such applications have to be satisfied. This thesis covered basics of firewall, which has definitions, types of firewalls, and current firewall approaches. Also as network become complex, managing firewall rules, especially for enterprise networks, has become complex and error-prone. Firewall filtering rules have to be carefully written and organized in order to correctly implement the security policy. In addition, inserting or modifying a filtering rule requires thorough analysis of the relationship between this rule and other rules in order to determine the proper order of this rule and commit the updates for this we presents firewall policies modeling and defined set of anomaly which describes any rules conflicts. This thesis covered single firewall and disturbed firewall architecture implemented using of-the-shelf components like iptables and iproute2. Iptables is a generic table structure that defines rules and commands as part of the netfilter framework that facilitates packet filtering, Network Address Translation, and packet mangling in the Linux 2.4 and later operating systems. Packet mangling is process of modifying packets TOS bits and marking packets before it goes to routing process. Finally, thesis explores the firewall security and performance relationship for single firewall and distributed firewalls. We also discuss the tradeoff between security and performance in terms of delay and throughput vs number of rules in single and distributed firewall. |
| URI: | http://hdl.handle.net/123456789/68 |
| Appears in Collections: | Dissertation, CE |
Files in This Item:
| File | Description | Size | Format | |
|---|---|---|---|---|
| 05MCE003.pdf | 05MCE003 | 1.64 MB | Adobe PDF |  View/Open |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.