Firewall Evaluation Criteria - An evaluation

In a time where more business is conducted over the Internet, the security of such systems, for instance electronic money transfer, becomes critical. A firewall serves as a frontline of the security measures that can be taken by an organisation in order to secure the integrity of a private network. This report describes methods of evaluating the security of a firewall. The existing methods on the market are presented and an evaluation of these methods is performed using a reference model, developed for this thesis. Two main categories of evaluation schemes are defined. Government schemes, that can produce a thorough evaluation and commercial schemes that are faster but does not offer such a rigor evaluation. As a tool for comparison, a framework is presented. The framework is an abstraction of security evaluation that preserves the necessary properties needed in order to gain acceptance. The master thesis is the result of study conducted at the Swedish Defence Research Agency in Linköping. iii Preface This report is the final stage of the computer science program at Växjö University. It is a 20p (full semester) master thesis conducted at the Swedish Defence Research Agency in Linköping during the spring of 2001. The report describes ways of measuring the security level of firewalls, as well as conducts an evaluation of known evaluation schemes. A special thanks to my tutors;