How to Improve your Firewall Performance. Prof. Avishai Wool AlgoSec CTO & Co-Founder and Tel Aviv University. Agenda. The Problem Static Analysis Usage-based Analysis Rule Reordering Demo. Does Your Firewall Look like this?. Causes for Clutter in Firewall Rules.
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
How to Improve your Firewall Performance
Prof. Avishai Wool
AlgoSec CTO & Co-FounderandTel Aviv University
Does Your Firewall Look like this?
Rule-base complexity = Rules + Objects + (Interfaces) **2
Source: IEEE Computer magazine, June 2004
A survey of the firewall policies of 30 US-based large corporations suggest that more complex policies are more exposed to serious risk.
Cleanup Phase 1: Static Analysis
Name is different – but all IP addresses are covered !
Rule 7 is a special case of rule 52
Rule 7 is not a special case: rule 16 gets in the way
Cleanup Phase 2: Usage-based Analysis
Challenge #2: Unreliable rule numbers
Which rule was “rule 9” on March 11?
Move the popular rules to the top
Move the popular rules as high as possible without changing the firewall policy
Arrange the rules to minimize the RMPP, without changing the firewall policy
The AlgoSec Firewall AnalyzerLive demo – Optimization
Check Point FireWall-1 (all versions)
Sun SolarisLinux Win-NTNokia
SecurePlatform Alteon NSF Provider-1
Crossbeam OPSEC integration
Cisco PIX (all versions)
Cisco IOS Router Access Control Lists
Juniper Firewalls (NetScreen)