EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Principles of Eliminating Access Control Lists within a Domain

John N. Davies, Paul Comerford and Vic Grout
Additional contact information
John N. Davies: Centre for Applied Internet Research (CAIR), Glyndŵr University, Wrexham LL11 2AW, UK
Paul Comerford: Centre for Applied Internet Research (CAIR), Glyndŵr University, Wrexham LL11 2AW, UK
Vic Grout: Centre for Applied Internet Research (CAIR), Glyndŵr University, Wrexham LL11 2AW, UK

Future Internet, 2012, vol. 4, issue 2, 1-17

Abstract: The infrastructure of large networks is broken down into areas that have a common security policy called a domain. Security within a domain is commonly implemented at all nodes. However this can have a negative effect on performance since it introduces a delay associated with packet filtering. When Access Control Lists (ACLs) are used within a router for this purpose then a significant overhead is introduced associated with this process. It is likely that identical checks are made at multiple points within a domain prior to a packet reaching its destination. Therefore by eliminating ACLs within a domain by modifying the ingress/egress points with equivalent functionality an improvement in the overall performance can be obtained. This paper considers the effect of the delays when using router operating systems offering different levels of functionality. It considers factors which contribute to the delay particularly due to ACLs and by using theoretical principles modified by practical calculation a model is created. Additionally this paper provides an example of an optimized solution which reduces the delay through network routers by distributing the security rules to the ingress/egress points of the domain without affecting the security policy.

Keywords: routing domain, performance; delay through routers; access control list; ACL optimization; off-line verification of ACLs; firewalls; inter-firewall optimization; IP packet filtering (search for similar items in EconPapers)
JEL-codes: O3 (search for similar items in EconPapers)
Date: 2012
References: View complete reference list from CitEc
Citations:

Downloads: (external link)
https://www.mdpi.com/1999-5903/4/2/413/pdf (application/pdf)
https://www.mdpi.com/1999-5903/4/2/413/ (text/html)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:gam:jftint:v:4:y:2012:i:2:p:413-429:d:17296

Access Statistics for this article

Future Internet is currently edited by Ms. Grace You

More articles in Future Internet from MDPI
Bibliographic data for series maintained by MDPI Indexing Manager ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:gam:jftint:v:4:y:2012:i:2:p:413-429:d:17296