You are here


Firewall Rule Set Sizes

I've heard a broad range of claims on how large a firewall rule set might be, so I decided to dig around for published data. There are lots of quotes claiming gigantic numbers, but I only found three reports of plausible-looking data collection - one from 2001 and the others from last year. I also have notes from a fourth that I haven't verified.

In practice, firewall rule sets seem to range from 5 rules to over 25,000 rules. Some claim that even larger rule sets may exist.

The number of rules seem to depend heavily on the number of users behind the firewall, and on the firewall's implementation of the rules themselves. If a firewall can create sophisticated rules, then it takes fewer rules to implement the site's policy.

As with everything, small is beautiful. If you have a lot of rules, it's hard to keep them accurate and up to date.

Wordpress tag: 
Post category: 

Six Minute History of Information Security

I have been reading the ACM's Model Curriculum on Information Technology (a prototype "IT" major) with a special eye towards the information security coverage. I've been teaching information security courses and recently developed a major in the area.

The curriculum provides minimum times to cover major topics in the field, like 3 hours to cover "Fundamental Aspects" including the "history" of information assurance and security. After factoring out the other dozen 'learning outcomes' for that topic, one is left with six minutes to cover the "history" of information security.

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer