| With the rapid development of network technology, the pattern of management and organization of enterprises encountered dramatic changes. Network technology satisfies the demand of mass information communication of companies and also becomes a significant platform for business activities. A great deal profits are created for the companies which make them more rely on the internet. However, the risks in data security are also affronted with the convenience of resources sharing. In fact, it is always a conflict between resource sharing and information security. Under these circumstances, firewall technology is emerged as the major method for enterprises to maintain the security of the network.Firewall rules table is the foundation for firewall to filter data packets and it represents the enterprise security policy. However, firewall efficiency is usually compromised by ineffective configuration of firewall rules table. Traditional researches on the configuration of firewall rules table mainly concern two aspects: solving conflict of rules and sequencing rules. However, the results are not as prominent as expected. So we try to solve the problem from a fire-new perspective—filtering fields. In this paper, (1) we calculate and analyze the amount of tuple-comparisons; (2) a sequencing method for filtering fields is provided; (3) we discuss the basis of sequencing filtering fields-capability of filtering (CF); (4) The formula for quantitatively weighting the CF is presented; (5) we also provide the optimized sequencing method for some specific conditions. Our experiments objectively demonstrate the superiority of the proposed method over conventional methods in terms of the efficiency of firewall. |
PDF Full Text Request