Firewalls is one of the major components to provide network security. By using firewalls, you can solve such problems as preventing unauthorized access, and deleting, modifying and/or distributing information under protection. The process of information flows filtration by a firewall introduces additional time delays, thus possibly leading to disruption of stable operation of the protected automated system or to inaccessibility of the services provided by the system. Multimedia services are particularly sensitive to service time delays. The main purpose of the work presented in this paper is to evaluate the influence of the firewall on the time delays in data transmission process in the automated system with multimedia data transmission protocols. The evaluation is provided by the queuing theory methods while a session is initiated between two users by the Session Initiation Protocol (SIP) with firewall message filtration. A firewall is a local or functional distributing tool that provides control over the incoming and/or outgoing information in the automated system (AS), and ensures the protection of the AS by filtering the information, i.e., providing analysis of the information by the criteria set and making a decision on its distribution.
This article is a continuation of a number of works devoted to evaluation of probabilistic-temporal characteristics of firewalls when ranging a filtration rule set. This work considers a problem of the decrease in the information flow filtering efficiency. The problem emerged due to the use of a sequential scheme for checking the compliance of packets with the rules, as well as due to heterogeneity and variability of network traffic. The order of rules is non-optimal, and this, in the high-dimensional list, significantly influences the firewall performance and also may cause a considerable time delay and variation in values of packet service time, which is essentially important for the stable functioning of multimedia protocols. One of the ways to prevent decrease in the performance is to range a rule set according to the characteristics of the incoming information flows. In this work, the problems to be solved are: determination and analysis of an average filtering time for the traffic of main transmitting networks; and assessing the effectiveness of ranging the rules. A method for ranging a filtration rule set is proposed, and a queuing system with a complex request service discipline is built. A certain order is used to describe how requests are processed in the system. This order includes the execution of operations with incoming packets and the logical structure of filtration rule set. These are the elements of information flow processing in the firewall. Such level of detailing is not complete, but it is sufficient for creating a model. The QS characteristics are obtained with the help of simulation modelling methods in the Simulink environment of the matrix computing system MATLAB. Based on the analysis of the results obtained, we made conclusions about the possibility of increasing the firewall performance by ranging the filtration rules for those traffic scripts that are close to real ones.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.