Abstract
<p>The classification of data traffic in a firewall using parameters such as port number, IP address, and MAC address is not sufficient. For example, currently, many applications can be used without a port number meaning they can easily circumvent a firewall. Firewalls inspecting up to only layer four could allow malicious data to pass. Next-generation deep packet inspection (DPI) is a method that can be used for firewalls as a method of classification up to layer seven in data traffic control.</p><p>This research recommends the use of nDPI and L7-filter by network administrators on existing open source firewalls. Eleven internet applications were used to test and analyze nDPI and L7-filter which are capable of detecting traffic based on the data signature. nDPI and L7-filter were tested for accuracy and speed. We conclude that the development of next-generation deep packet inspection is important for the future of system and network security.</p>
Highlights
A firewall is sometimes called a packet filter in UNIX/Linux (Rash, 2007) (Ciampa, 2011), CISCO call it an access list (Cisco, 2003), Juniper call it a firewall filter (Garrett, Drenan, & Morris, 2002) and Sonicwall refer to it as access rules (SonicWALL, 2015)
The network used in the testing of nDPI firewall and L7-filter firewall consisted of a firewall and three virtual computers connected to the firewall. nDPI firewall and L7-filter firewall were used interchangeably as corresponding test scenarios were run
Most of the download processes through eDonkey client could still run. This was showed by the low data sensitivity, in other words, there were more eDonkey data packets that were not stopped by both firewalls, in this case the sensitivity value of L7-filter was higher than nDPI
Summary
A firewall is sometimes called a packet filter (pf ) in UNIX/Linux (Rash, 2007) (Ciampa, 2011), CISCO call it an access list (Cisco, 2003), Juniper call it a firewall filter (Garrett, Drenan, & Morris, 2002) and Sonicwall refer to it as access rules (SonicWALL, 2015). Vice versa, making incorrect or hasty decisions would create an insecure network infrastructure It is important, for proper controls to be configured correctly in order to provide the optimum level of network security policy for the organization (Liu et al, 2006) (Casado et al, 2016). By testing the accuracy and speed of nDPI (using Aho-Corasick string matching process) and L7-filter (using regular expression matching process), this research aims to provide recommendation for network and system administrator in optimizing existing open source firewalls. Those optimization can be carried out by modifying the kernel module on Linux (especially using iptables), using nDPI and L7-filter as stateless firewalls.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
