Firewall Effects on Network Performance | Evaluation

In an age where our society relies so heavily on electronic communication, the need for information security is constantly increasing. Given the value and confidential nature of the information that exists on today’s networks, CIOs are finding that an investment in security is extremely beneficial. Without security, a company can suffer from theft or alteration of data, legal ramifications, and other issues that all result in monetary losses. [The Best Damn Firewall Book Period]

Corporations are realizing the need to create and enforce an information security policy. As a result, IT professionals are constantly being challenged to secure their networks by installing firewalls that provide more secure [Cisco Security Specialist’s Guide to PIX Firewall].

Firewalls are essential components in improving network security. Most firewalls are deployed at the edge of the network to filter legitimate traffic, and can be deployed in the core of the network to further supplement and protect the capability of the network and the application running over the network to deliver required services to the end user. Firewalls have become increasingly complex, evolving from offering traditional firewall capabilities to protect networks, to offering application-aware processing of several Internet protocols.

Brief literature review:

Firewalls are the first front line defense mechanism against intruders ,a firewall system can operate at five of the seven layers of the OSI reference model. However, most firewall systems operate at only four layers: the data link, network, transport, and, possibly, application layers. Based on the simplicity or complexity of a firewall product or solution, the number of layers covered varies. For example, a standard IP access control list (ACL) on a Cisco router functions at OSI Layer 3, and an extended IP ACL functions at Layers 3 and 4. [cisco press – cisco router firewall security]

Firewalls work by inspecting different fields in headers of the packet, finding the matching rule and doing the action specified in the rule. Common firewalls (and rules) examine at least IP addresses, next protocol type (TCP or UDP) and in case of TCP or UDP their respective port numbers. That usually gives five different variables (source & destination address, protocol, source & destination port) to work with. [Optimizing firewall performance]. [Performance analysis of the Linux firewall in a host]. As example ,a firewall that operates at only Layers 3 or 4 can filter only on IP protocol information, IP addresses, and TCP or UDP port numbers; it cannot filter on application information such as user authentication or commands that a user enters. Therefore, the more layers a firewall can process information from, the more granular it can be in its filtering process. [cisco press – cisco router firewall security]

There are many considerations that organizations should include in their firewall selection and planning processes. Organizations need to determine which network areas need to be protected, and which types of firewall technologies will be most effective for the types of traffic that require protection. [ Guidelines on Firewalls and Firewall Policy]. In addition, Incorporating a firewall into a network structure is likely to increase processing and even create bottlenecks [Evaluation of Firewall Effects on Network Performance] ,whereas Each rule that a firewall has to analyze results in additional processing overhead. This means that the more rules a firewall has, the longer it will take for the firewall to determine whether or not the packet in question may pass through. [Firewalls – Overview and Best Practices].

As result Firewalls are one key factor in network performance. If they can’t process their rules fast enough then the whole network slows down. [ Optimizing firewall performance]

Some studies shows that the firewall is sensitive to the number of rules, the type of filtering, and the transmission rate. The results of our first scenario demonstrate that for each type of filtering, latency increases linearly as the number of rules increase. [Performance analysis of the Linux firewall in a host]

Scope and limitation of the study:

There are some points may represent the scope and limitation of the study, including:

This project focus on evaluating the effect of firewall performance using an OPNET Modeler network simulator and analyzing on different scenarios and to compare the performance impact when firewall applied.

This project also focusing on effects of firewall filtering on network performance.

In this study we are going to select special type of firewall “application firewall”

The number of workstation is limited which won’t exceed 200 nodes.

The result will be collected is based on the simulation so may be this result will not be applicable in real hardware.

Statement of the research problem:

This research reports on the evaluation of using firewall in three different scenarios, which can show the impact of applying the application firewall on the performance of the network. Therefore, the research addresses the following research problem:

How can we make trade-off between the security and performance?

Essentially I argue that in order to investigate the feasibility of getting the trade-off of using the firewall, it’s necessary to compare the result when the firewall applied in different scenario, it might be depends on the policy or function nodes.

Research questions:

To address the research problem identified in the previous section, the following research questions have been designed:

• What are negative aspects of firewall?
• What are positive aspects of combined security and performance?
• What are the effects of firewall in the link utilization?
• What are the effects of firewall in the Real time application?

Research objectives:

The main objective of this research is to investigate the impact of firewall policy on the performance of the network.

• To identify negative aspects of firewall.
• To determine positive aspects of combined security and performance.
• To examine the effects of firewall in the link utilization.
• To identify the impact of firewall in real-time application.
• To compare the result from different scenario to estimate the effects of policy.

Significance of the study:

The growing Demand for using firewall by the internet users and companies to provide more protection for them and the influence of apply firewall policy in the network performance gave the impetus for this study. To verify that we propose here three different scenarios,

CNTs as the one of the components of MMIC transmission lines to enhance the electrical performance. This material offer some remarkable characteristics for microelectronics applications and their large kinetic inductance (skin effect), long mean free paths, high current carrying capability and high thermal conductivity made them ideal candidates for RF/microwave applications as transmission lines.

Research methodology:

The research methodology work will go through four stages namely: theoretical stage, data analysis and design stage, lab stage, and evaluation stage.

Theoretical stage:

The objective of the theoretical stage is to constitute a theoretical frame to enable the success of the lab stage through that frame.

Data analysis and design stage:

In this stage, all related data obtained in the theoretical stage will be analyzed and then a selection process will be done in order to get the high quality CNT and the right design for CNT-based TLs to be able to accomplish the research questions through synthesis and characterization process.

Lab stage:

At this stage, firstly, the growth parameters will be optimized by using chemical vapor deposition growth method In order to produce large scale and well-aligned CNTs. Next, the characterization process will be done on the samples. SEM, FESEM, and HRTEM techniques will be used to study the morphology of the samples. XRD and EDEX techniques are used to study the sample’s crystallographic structures and composition elements in the samples respectively. For electrical characterization, I-V and resistivity measurements using four point probes will be applied for low frequency. Lastly, in the implementation process, the determined high quality CNT will be used to fabricate transmission lines, and then RF characterization will be done using VNA at different frequencies.

Evaluation stage:

The experimental results are analyzed to evaluate the effectiveness of the new variables in order to get the best CNT for the TLs.

Current Stage:

For device applications, the orientation of the CNT is particularly important. Therefore currently, the growth parameters are optimized by using chemical vapor deposition growth method and then, scanning electron microscopy (SEM) is used to study the morphology of the samples in order to get large scale and well-aligned CNTs.

The fabrication of CNTs on P-type silicon substrates; size 1 cm by 1 cm were done using nickel (Ni) as catalyst. The first process is to remove any impurity and oxidization on the Si substrate surface. The substrate will go through stages of cleaning process, starting with acetone, methanol and then rinsed with deionized water to remove organic contaminants and particles. Then, the Si wafer was cleaned by hydrogen gas to remove natural oxide. Next, a thin Ni film was deposited on a substrate as catalyst using Electron-Beam evaporator and the substrate was placed on alumina boat before placed inside a double-heater TCVD. The first heater was set at 1000°C to decompose methane, while the second was set at 800 to 1000°C for pre-treatment of the catalytic film. As A. Awang Teh et. al. proposed [41] a precursor of ammonia and methanol solution at ratios of 5:8 was used to enhance the growth of CNT in methane ambient. The second heater was first switched in flowing Argon at 100 sccm. When the temperature of the second heater reached setting point and stayed stable, first heater was then switched on and methane gas was flown at flow rate of 10-50 sccm. The total growth time of the CNTs varied from 30 to 3 hours. Finally, methane gas was turned off and the furnaces were cooled down to room temperature in flowing Argon at 100 sccm to avoid carbon oxidation. After fabrication is completed, The CNT morphology was examined using SEM.

Figures 1- 6 show the growth of CNTs on Si substrate using Ni with different thicknesses and subjected to methane ambient at 850 oC for 2 hours. One of the first things to note is that the catalyst thickness affects the diameter and density of the CNT. The catalyst film thicker, the larger diameter and more density CNT we can get. Also, it can be seen clearly this relationship from the SEM results shown in fig.11 to 14. Furthermore, from the SEM image shown in figure 4 the least nickel or carbon nanoparticles protrude from the nanotubes was observed. These conductive nanoparticles cause electrical shorts between interconnects for device fabrication. For this reason we can consider that the optimum nickel catalyst thickness in our case is 10 nm. A final point to note is that there is no CNT at all in figure 1. It means that the catalyst film thickness is very thin and after recombination the size of catalyst nanoparticles is too small to synthesis CNTs.

Another key parameter to affect CNT growth is temperature gradient. As we can see from the SEM results shown in figures 7-20, by controlling the growth temperature we can increase the growth efficiency and purity. At reaction temperature 900°C, the growth of clean CNTs was observed. However, no CNTs were formed when the growth temperature exceeded 900°C. Instead, amorphous carbon was observed on the surface of the substrate.

Besides catalyst and temperature gradient, carbon source flow rate also plays an important role in the CNT growth. It can be stand out from experimental results shown in figures 21 to 28 that a higher flow rate will increase the decomposition rate, and consequently the growth rate of CNT. However, when the flow rate of Ni was 10 sccm there is not enough reactant to react with the catalyst and just catalyst nanoparticles were observed.

The gas flow rate affects not only CNT density but also nanotubes diameter. The higher gas flow rate, the larger diameter of nanotubes will grow. However, after a critical point, increasing the flow will change the carbon product from CNTs to carbon nano-fibers (CNFs), as it was observed from the result.

The last growth parameter we have optimized is syntheses time. From experimental results shown in figures 29 to 32 we can find the relationship between the syntheses time and the length on nanotubes. Longer synthesis time with longer catalyst lifetime, longer CNT we can get.

More optimization and characterizations must be done on the samples in order to get well-aligned and density MWCNT, before transmission line fabrication.

Preview of the thesis:

This thesis is organized into five chapters.

• Chapter One serves as an introduction to this study, providing the theoretical framework, research objectives and significance of the present study. It also offers a brief overview of the methodology that is employed. Definitions and delimitations that map out the boundaries for the present study are also outlined.
• Chapter Two provides the literature review for this study and serves to develop key issues related to the theoretical framework.
• The third chapter is on methodology. This study approaches the issues of fabrication, simulation and modulation.
• The fourth chapter reports the results of the content analysis and discusses the findings.
• The fifth chapter reviews the research questions and summarizes the thesis. This chapter also provides suggestions for future research.

Network Security is one of the most important fields dealing with the Internet. The ability to access and transfer information in a few seconds allows the government, companies, educational institutions, and individuals to accelerate the decision process or simply be “informed.” However, information can be very valuable and there is a need for better and faster security systems to protect information and networks.

Therefore, it is best to limit the number of rules to no more than 30-50. However, for best performance, less than 25 rules are recommended. Also, firewalls process their rule base from the top down. As soon as the firewall finds a rule that applies to a particular packet, the rule is applied and the packet is processed (either allowed to continue or dropped). It is recommended that the most important and most utilized rules should be at the top of the rule list. This prevents the firewall from having to process through a number of rarely used rules to finally get to rules that apply to the majority of the network traffic. Determining the correct order of rules for a particular implementation is an ongoing process. Initially, there is a significant amount of testing and trial-and-error involved in determining the correct order that the rules should be in. Also, the rule base should be reviewed periodically to see if the organization’s requirements or network usage has changed that would require the reordering of existing rules as well as adding or removing rules. Finally, one should make sure to keep the number of domain objects in the rule base to a minimum, and also make sure that these objects are kept towards the bottom of the rule base list.

Firewalls – Overview and Best Practices

There are many aspects to firewall management. For example, choosing the type or types of firewalls to deploy and their positions within the network can significantly affect the security policies that the firewalls can enforce. Policy rules may need to be updated as the organization’s requirements change, such as when new applications or hosts are implemented within the network. Firewall component performance also needs to be monitored to enable potential resource issues to be identified and addressed before components become overwhelmed. Logs and alerts should also be continuously monitored to identify threats-both successful and unsuccessful. Firewall rulesets and policies should be managed by a formal change management control process because of their potential to impact security and business operations, with ruleset reviews or tests performed periodically to ensure continued compliance with the organization’s policies. Firewall software should be patched as vendors provide updates to address vulnerabilities. [ Guidelines on Firewalls and Firewall Policy]

The firewall can become a bottleneck. All network traffic that passes between the Internet and the DMZ, the DMZ and the private network, and potentially, the Internet and the private network, must be inspected by the firewall. This can result in the firewall becoming a bottleneck and reducing the performance between the network and the Internet.