Improving performance and cyber-attack resilience in multi-firewall industrial networks

Firewalls are popular cyber-security countermea-sures that are increasingly used in industrial environments to protect the network infrastructure from attacks and malicious behavior. Unfortunately, they can also become inadvertent bot-tlenecks when the traffic load they have to filter grows larger. Among the different solutions that have been proposed to mitigate this aspect and improve performance of devices, rule migration looks appealing also in industrial multi-firewall systems because, differently from other techniques appeared in the literature, it neither requires interventions on the network topology nor it is based on non-standard packet formats and protocols. This paper is aimed at presenting some preliminary results about performance achievable with the rule migration approach, when it is applied to the popular Iptables open source firewall, in the light of its possible adoption in industrial application scenarios.