It sounds like Fred needs a measurement like MIPS (was that Meaningless
Information Put out by Sales? ) which contributed so much to the marketing
of UNIX hardware. You could use FIPS but I think NIST already has the
copyright on that one.
Looking at performance in firewalls is rather like looking at performance in
automobiles. If you put the pedal to the metal and leave it there you will
eventually hear some alarming noises, like wheels falling off. That point
will be reached at different times for different types of vehicles. An
armoured truck will reach that point some time before Thrust III reaches it,
but then someone who feels the need for an armoured truck will probably not
be that interested in achieving a supersonic land speed record.
Firewalls are almost as diverse as automobiles. Many firewalls are still
built from erector kits of some type, probably drawing on the concept as
described by C&B, and are roll-your-own. Of those which are replicated
products, many are 'designed-to-meet' quoting either a criteria such as
TCSEC or ITSEC, or claim to have been tested against all known (? known to
whom) threats. Progressively, as the vendor and consumer groups become more
sophisticated, replicated products will be independently evaluated under one
of the established secure system criteria. Increasingly, customers will feel
the need to accredit systems. During evaluation and accreditation, testing
will deal with the performance against published criteria. At the higher
levels, important areas, such as covert channel analysis, will be examined.
Most of today's typical firewall 'products' will fail those tests.
Security functionality introduces overheads. Potentially, the higher the
level of trust, the higher the overhead. Having said that, some low trust
firewalls will not be as well designed as some high trust firewalls and lack
of knowledge/skill on the part of the designer could result in an
unnecessary overhead.
If the flavour of UNIX employed by a firewall has been designed as a trusted
operating system and thoroughly tested (either by the vendor or an
evaluation facility) and all later modifications have been applied, a known
level of security performance will be achieved. However, many firewalls use
standard flavours of UNIX and dont even have basic C2 functionality switched
on. In that case, it would seem unreasonable to expect the Operating System
to behalf in a well ordered and trusted way.
The real question is - what level of trust is necessary to match a given
risk policy?
Ian J-B
|
|
