| | |
Summary: Discovery of Policy Anomalies
in Distributed Firewalls
Ehab S. Al-Shaer and Hazem H. Hamed
Multimedia Networking Research Laboratory
School of Computer Science, Telecommunications and Information Systems
DePaul University, Chicago, USA
Email: {ehab, hhamed}@cs.depaul.edu
Abstract-- Firewalls are core elements in network security.
However, managing firewall rules, particularly in multi-firewall
enterprise networks, has become a complex and error-prone
task. Firewall filtering rules have to be written, ordered and
distributed carefully in order to avoid firewall policy anomalies
that might cause network vulnerability. Therefore, inserting
or modifying filtering rules in any firewall requires thorough
intra- and inter-firewall analysis to determine the proper rule
placement and ordering in the firewalls. In this paper, we identify
all anomalies that could exist in a single- or multi-firewall
environment. We also present a set of techniques and algorithms
to automatically discover policy anomalies in centralized and
distributed legacy firewalls. These techniques are implemented in
|
