Inlämning av Examensarbete / Submission of Thesis

MUHAMMAD ZEESHAN AHMAD , pp. 62. ING/School of Engineering, 2012.

The work

Författare / Author: MUHAMMAD ZEESHAN AHMAD
mzah08@student.bth.se
Titel / Title: Comparative Analysis of Iptables and Shorewall
Abstrakt Abstract:

The use of internet has increased over the past years. Many users may not have good intentions. Some people use the internet to gain access to the unauthorized information. Although absolute security of information is not possible for any network connected to the Internet however, firewalls make an important contribution to the network security. A firewall is a barrier placed between the network and the outside world to prevent the unwanted and potentially damaging intrusion of the network.

This thesis compares the performance of Linux packet filtering firewalls, i.e. iptables and shorewall. The firewall performance testing helps in selecting the right firewall as needed. In addition, it highlights the strength and weakness of each firewall. Both firewalls were tested by using the identical parameters.

During the experiments, recommended benchmarking methodology for firewall performance testing is taken into account as described in RFC 3511. The comparison process includes experiments which are performed by using different tools. To validate the effectiveness of firewalls, several performance metrics such as throughput, latency, connection establishment and teardown rate, HTTP transfer rate and system resource consumption are used.

The experimental results indicate that the performance of Iptables firewall decreases as compared to shorewall in all the aspects taken into account. All the selected metrics show that large numbers of filtering rules have a negative impact on the performance of both firewalls. However, UDP throughput is not affected by the number of filtering rules. The experimental results also indicate that traffic sent with different packet sizes do not affect the performance of firewalls.

Ämnesord / Subject: Datavetenskap - Computer Science\Electronic Security
Datavetenskap - Computer Science\Networks and Communications
Säkerhetsteknik - Security Engineering
Nyckelord / Keywords: Linux Iptables, Firewall Performance, Comparison of Linux Firewalls

Publication info

Dokument id / Document id: houn-92pe96
Program:/ Programme Electrical Engineering with emphasis on Telecommunication
Registreringsdatum / Date of registration: 12/05/2012
Uppsatstyp / Type of thesis: Examensarbete för högskoleingenjörsexamen/Degreeproject, Bachelor of Science in Engineering

Context

Handledare / Supervisor: Raja M. Khurram Shahzad
rks@bth.se
Examinator / Examiner: Sven Johansson
Organisation / Organisation: Blekinge Institute of Technology
Institution / School: ING/School of Engineering

+46 455 38 50 00
Anmärkningar / Comments:

Muhammad Zeeshan Ahmad: +46-700228942

Files & Access

Bifogad uppsats fil(er) / Files attached: bth2012 zeeshan.pdf (2352 kB, öppnas i nytt fönster)