ABSTRACT
Firewalls are crucial equipments for protecting private networks. However by only deploying firewalls, administrators are far from securing their enterprises networks. Bad configurations may cause serious security breaches and network vulnerabilities. In particular, conflicting filtering rules lead to block legitimate traffic or to accept unwanted packets.
We present in this paper a new classification method to detect overlaps between packet filters within one firewall. Our method processes a set of filtering rules that have a variable number of fields. A field has a range of values, represented by an interval or a variable length bit string, that may intersect with the corresponding field ranges of other rules. In order to detect overlaps we organize the conditions of each filtering rule in such a way that we can quickly separate non overlapping rules. This strategy allows us to avoid considering the entire rule header in many cases.
- E. Al-Shaer and H. Hamed. Firewall policy advisor for anomaly detection and rule editing. In Proc. IEEE/IFIP 8th Int. Symp. Integrated Network Management (IM 2003), pages 17--30, Mar 2003.Google Scholar
- E. Al-Shaer and H. Hamed. Modeling and management of firewall policies. IEEE Transactions on Network and Service Management, 1(1), 2004. Google ScholarDigital Library
- E. Al-Shaer and H. Hamed. Taxonomy of conflicts in network security policies. IEEE Communications Magazine, 44(3), March 2006. Google ScholarDigital Library
- F. Baboescu and G. Varghese. Fast and scalable conflict detection for packet classifiers. In ICNP '02: Proceedings of the 10th IEEE International Conference on Network Protocols, pages 270--279, Washington, DC, USA, 2002. IEEE Computer Society. Google ScholarDigital Library
- CERT Coordination Center. CERT Advisory CA-2003-20 W32/Blaster worm. www.cert.org/advisoriesCA-2003-20.html.Google Scholar
- D. Eppstein and S. Muthukrishnan. Internet packet filter management and rectangle geometry. In SODA '01: Proceedings of the twelfth annual ACM-SIAM symposium on Discrete algorithms, pages 827--835, Philadelphia, PA, USA, 2001. Society for Industrial and Applied Mathematics. Google ScholarDigital Library
- M. Gouda and X. Liu. Firewall design: Consistency, completeness, and compactness. In ICDCS '04: Proceedings of the 24th International Conference on Distributed Computing Systems (ICDCS '04), pages 320--327, Washington, DC, USA, 2004. IEEE Computer Society. Google ScholarDigital Library
- P. Gupta and N. McKeown. Algorithms for packet classification. IEEE Network, vol. 15, no. 2, pp. 24--32, 2001. Google ScholarDigital Library
- D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, and N. Weaver. The spread of the sapphire/slammer worm. http://www.caida.org/publications/papers/2003/sapphire/sapphire.html, 2003.Google Scholar
- J. Qian. Acla: A framework for access control list (acl) analysis and optimization. In Proceedings of the IFIP TC6/TC11 International Conference on Communications and Multimedia Security Issues of the New Century, page 4, Deventer, The Netherlands, The Netherlands, 2001. Kluwer, B. V. Google ScholarDigital Library
- A. Wool. A quantitative study of firewall configuration errors. Computer, 37(6):62--67, 2004. Google ScholarDigital Library
- L. Yuan, J. Mai, Z. Su, H. Chen, C. Chuah, and P. Mohapatra. Fireman: A toolkit for firewall modeling and analysis. In S&P, pages 199--213, 2006. Google ScholarDigital Library
- C. Zhang, M. Winslett, and C. Gunter. On the safety and efficiency of firewall policy deployment. In SP '07: Proceedings of the 2007 IEEE Symposium on Security and Privacy, pages 33--50, Washington, DC, USA, 2007. IEEE Computer Society. Google ScholarDigital Library
Index Terms
- An inference system for detecting firewall filtering rules anomalies
Recommendations
Firewall filtering rules analysis for anomalies detection
Firewalls are key components in network security architectures. A firewall controls the access into and from the network based on a set of predefined filtering rules. Hence, choosing well defined and coherent filtering rules becomes the important factor ...
A web-based firewall simulator tool for information security education
ACE '14: Proceedings of the Sixteenth Australasian Computing Education Conference - Volume 148Teaching practical information security requires the use of techniques, security and network devices and software, simulator tools, testbed networks, and hands-on lab exercises to support the educational process. This paper presents an educational web-...
Improving cloud network security using the Tree-Rule firewall
This study proposes a new model of firewall called the 'Tree-Rule Firewall', which offers various benefits and is applicable for large networks such as 'cloud' networks. The recently available firewalls (i.e., Listed-Rule firewalls) have their ...
Comments