We report in this paper on research in progress concerning the integration of different security techniques. A main purpose of the project is to integrate as many security functionality as possible into the firewall. We will report in this paper on the concept of an intelligent firewall that contains a smart detection engine for potentially malicious data packets.

In this paper we provide three firewall patterns. The firewall pattern describes how access to internal networks can be restricted in general. It shows the basic problems and indicates a general solution. The other two patterns are more specific variants which are usually used in order to implement access control at the network border. This paper is also an experiment of understanding what it m...

Writing and managing firewall ACLs are hard and error-prone tasks for a wide range of reasons. During these tasks, inconsistent rules can be introduced. An inconsistent firewall ACL implies in general a design error, and indicates that the firewall is accepting traffic that should be denied or vice versa. However, the administrator is who ultimately decides if an inconsistent rule is a fault or...

Communication security and regulatory compliance have made the firewall a vital element for networked computers. They provide the protections between parties that only wish to communicate over an explicit set of channels, expressed through protocols, traveling over a network. These explicit set of channels are described and implemented in a firewall using a set of rules. The firewall implements...

This paper introduces a new method to improve the performance of list oriented firewall systems. Specifically, the paper addresses reordering a firewall rule set to minimize the average number of comparisons to determine the action, while maintaining the integrity of the original policy. Integrity is preserved if the reordered and original rules always arrive at the same result given a packet. ...

From a security point of view, the Internet is too open. The central idea of a traditional “firewall” is to constrain service requests from the Internet to a local network. As an enterprise network becomes larger and more flexible, an Internet worm can easily find a way to enter it. Based on the “defense-in-depth” principle, we present a “Firewall Network System” for worm defense in an enterpri...

Application layer firewalls protect the trusted area network against information security risks. However, firewall performance may affect user experience. Therefore, performance analysis plays a significant role in the evaluation of application layer firewalls. This paper presents an analytic model of the application layer firewall, based on a system analysis to evaluate the capability of the f...