stason.org logo Articles / TULARC / Security / Firewalls / lotus


previous page: 28 Shortcomings (filtering rules for a Cisco)page up: Firewalls FAQnext page: 30 What is a DMZ, and why do I want one?

29 What are the critical resources in a firewall?

stason.org

 Articles


 Development


 Books


 Teaching


 Photography


 Bits and Pieces


 TULARC


 Contact Us


 Site Map



Search






Favorites

  Free Online Books


  Meta Religion


  Healing Info


  Article Collection













Description

This article is from the Firewalls FAQ, by Matt Curtin cmcurtin@interhack.net and Marcus J. Ranum mjr@nfr.com with numerous contributions by others.

29 What are the critical resources in a firewall?

It's important to understand the critical resources of your firewall
architecture, so when you do capacity planning, performance optimizations,
etc., you know exactly what you need to do, and how much you need to do it
in order to get the desired result.

What exactly the firewall's critical resources are tends to vary from site
to site, depending on the sort of traffic that loads the system. Some people
think they'll automatically be able to increase the data throughput of their
firewall by putting in a box with a faster CPU, or another CPU, when this
isn't necessarily the case. Potentially, this could be a large waste of
money that doesn't do anything to solve the problem at hand or provide the
expected scalability.

On busy systems, memory is extremely important. You have to have enough RAM
to support every instance of every program necessary to service the load
placed on that machine. Otherwise, the swapping will start and the
productivity will stop. Light swapping isn't usually much of a problem, but
if a system's swap space begins to get busy, then it's usually time for more
RAM. A system that's heavily swapping is often relatively easy to push over
the edge in a denial-of-service attack, or simply fall behind in processing
the load placed on it. This is where long email delays start.

Beyond the system's requirement for memory, it's useful to understand that
different services use different system resources. So the configuration that
you have for your system should be indicative of the kind of load you plan
to service. A 700 MHz processor isn't going to do you much good if all
you're doing is netnews and mail, and are trying to do it on an IDE disk
with an ISA controller.

                  Table 1: Critical Resources for Firewall
                                  Services
  
              Service     Critical Resource
  
              Email       Disk I/O
  
              Netnews     Disk I/O
  
              Web         Host OS Socket Performance
  
              IP Routing  Host OS Socket Performance
  
              Web Cache   Host OS Socket Performance, Disk I/O

 

Continue to:


Share and Enjoy

Bookmark this story so others can enjoy it:
  • digg
  • Reddit
  • del.icio.us
  • Furl
  • Wists

Tags

security, Internet, firewalls, ssl, port, protection, application layer, proxy server, packet screening, filtering rules, viruses, terms



TOP
previous page: 28 Shortcomings (filtering rules for a Cisco)page up: Firewalls FAQnext page: 30 What is a DMZ, and why do I want one?

Last modified Tue Oct 14 00:26:19 2008

Created by Stas Bekman and his DocSet.

[ Privacy Policy ] [ Copyright ] [ About Us ] [ Advertise on This Site ] [ Search ]