On Firewalls Evaluation Criteria zyxw Noureldien A.Noureldien Sudan University of Science and Technology e-mail: noureldien@,,hotniail.com Khartoum, Sudan Abstract: zyxwvutsrqpon Firewalls are one of the major products in the networks and Internet security arsenal. No satisfactory criterion is currently available for evaluating firewalk This paper enumerates considerations that have to be zyxwvuts taken into account in order to develop an appropriate and meaningfiul evaluation criteria, and proposes a multi-dimensional criterion for evaluating firewalls. The criterion consists of three major components: security, performance and management. The analytical results of applying the proposed criteria on Check Point’s Firewall-1 show the strength and benefit of the proposed multi-dimensional approach. Keywords Firewall evaluation criteria, firewall testing, Security, Performance, Management, Certification Authorities, Standards. 1. INTRODUCTION How to pick an Internet Firewall is a question that arises due to existence of dozens of firewall products in the market from different vendors, which claim that their products provide enough security measures. The competition in the firewalls market between the different firewall types causes in a state of confusion for customers about the quality provided by these products. Determining whether a firewall is effective necessitates certification and firewall testing. zyxwvutsr 1.1 Certification The importance of certification comes from customers need for a third party zyxwvutsrqp - rather than vendors - that has the expertise and tools to test for customer legal requirement that govern a minimal standard quality for products that he\she may buy. Customers of the certified product or users of certified system can gain reassurance that the product or system meets minimum standards and that the Certification Authority has taken due care, having addressed the security issue, at least to the minimum level. Therefore Izzeldin M. Osman Khartoum, Sudan Sudan University of Science and Technology e-mail: izzeldin@,acm.org certification serves to reassure customers and users. Certification can also decrease liability in the inevitable event of a security breach or a failure. [lo]. Certification Authorities issue their certificates to products that satisfy their evaluation criteria and pass their tests. This results in an evaluation standards arena, which is a highly charged battlefield in which vendors are actively lobbying standards makers to manipulate present and future standards to their advantage [ 131. The problem with certification authorities is ’that, each authority has its own evaluation criteria and tests, even for authorities that certify firewalls that run on the same platform. In other words, there are no standards for evaluating firewalls and probably would not be. This is because firewalls by nature are flexible and whether a firewall is good or not depends on whether the firewall satisfies the site’s requirements in terms of security provided, performance, management, and cost. That is, a firewall has to be correct for its proposed use and that needs to be taken into account when it is certified [ 131. / 1.2 Firewall Testing Testing a firewall system and verifying that it operates properly increases the confidence that it will perform as designed. Confidence in a secure system requires having confidence in the strength of the cryptographic algorithms used, and in the correctness of the hardware and software implementations [6]. Features that must be tested include: hardware (processor, disk, memory, network interfaces, etc.), operating system software (booting, console access, etc.), firewall software, network interconnection equipment (cables, switches, hubs, etc.), firewall configuration software, routing rules, packet filtering rules and associated logging and alert options [3]. There are three obvious situations in which firewall testing makes sense: right after the initial installation, to make sure it was performed correctly; after any significant changes to the network; and periodically thereafter, to make sure it is still working properly. Consistent, recurrent (sometimes random) testing is an important part of maintaining an effective firewall. Two approaches to test firewalls have been suggested. These approaches are not necessarily mutually exclusive. zyx 0-7803-6355-8/00/$10.0002000 IEEE I 111- 104