ANOMALY DISCOVERY AND RESOLUTION IN DISTRIBUTED FIREWALL POLICY
DOI:
https://doi.org/10.20894/IJMSR.117.006.001.007Keywords:
Firewall, policy anomaly management, access control, visualization tool.Abstract
Firewalls are the most widely deployed security mechanism to ensure the security of private networks in most businesses and institutions. The effectiveness of security protection provided by a firewall mainly depends on the quality of policy configured in the firewall. Unfortunately, designing and managing firewall policies are often error prone due to the complex nature of firewall configurations as well as the lack of systematic analysis mechanisms and tools. In this paper, we represent an innovative policy anomaly management framework for firewalls, adopting a rule-based segmentation technique to identify policy anomalies and derive effective anomaly resolutions. In particular, we articulate a grid-based representation technique, providing an intuitive cognitive sense about policy anomaly. We also discuss a proof-of-concept implementation of a visualization-based firewall policy analysis tool called Firewall Anomaly Management Environment (FAME). In addition, we demonstrate how efficiently our approach can discover and resolve anomalies in firewall policies through rigorous experience
Downloads
References
[2] Wool, A., “Trends in Firewall Configuration Errors: Measuring the Holes in Swiss Cheese,” IEEE Internet Computing, vol. 14, no. 4,pp. 58-65, July/Aug. 2010.
[3] Yuan, L., Chen, H., Mai, J., Chuah, C., Su, Z., Mohapatra, P., and Davis, C., “Fireman: A Toolkit for Firewall Modeling and Analysis,”Proc. IEEE Symp. Security and Privacy, p. 15, 2006.
[4] Lupu, E., and Sloman, M., “Conflicts in Policy-Based Distributed Systems Management,” IEEE Trans. Software Eng., vol. 25, no. 6,pp. 852-869, Nov./Dec. 1999.
[5] Hu, H., Ahn, G., and Kulkarni, K., “Anomaly Discovery and Resolution in Web Access Control Policies,” Proc. 16th ACM Symp.Access Control Models and Technologies, pp. 165-174, 2011.
[6] A. El-Atawy, K. Ibrahim, H. Hamed, and E. Al-Shaer, “Policy Segmentation for Intelligent Firewall Testing,” Proc. First Workshop Secure Network Protocols (NPSec ’05), 2005.
[7] Mayer, A., Wool, A., and Ziskind, E., “Fang: A Firewall Analysis Engine,” Proc. IEEE Symp. Security and Privacy, pp. 177-189, 2000.
[8] Gouda, M., and Liu, X., “Firewall Design: Consistency, Completeness, and Compactness,” Proc. 24th Int’l Conf. Distributed Computing Systems (ICDCS ’04), p. 327, 2004.
[9] Ioannidis, S., Keromytis, A., Bellovin, S., and Smith, J., “Implementing a Distributed Firewall,” Proc. Seventh ACM Conf. Computer and Comm. Security, p. 199, 2000.
[10] Hari, A., Suri, S., and Parulkar, G., “Detecting and Resolving Packet Filter Conflicts,” Proc. IEEE INFOCOM, pp. 1203-1212, 2000.
[11] Fu, Z., Wu, S., Huang, H., Loh, K., Gong, F., Baldine, I., and Xu, C., “IPSec/VPN Security Policy: Correctness, Conflict Detection and Resolution,” Proc. Int’l Workshop Policies for Distributed Systems and Networks (POLICY ’01), pp. 39-56, 2001.
Downloads
Published
Issue
Section
License
Authors need to sign following agreement with International Journal of MC Square Scientific Research before publishing their articles:
- Authors need to return copyright form to Journal Editor-in-chief to proceed their articles for publication. Meantime, the journal licensed under a Creative Commons Attribution License, which permits other user to distribute the work with an acknowledgement of the authors for International Journal of MC Square Scientific Research.
- Authors are also able to share their separate, additional contractual arrangements for the non-restricted contribution of the journal with an acknowledgement of publication in International Journal of MC Square Scientific Research.
- Authors are allowed and encouraged to share their work during the submission process for increasing citation and exploring to increase the paper availability in worldwide way. The Effect of Open Access.
