Home

About

Advanced Search

Browse by Discipline

Scientific Societies

E-print Alerts

Add E-prints

E-print Network
FAQHELPSITE MAPCONTACT US


  Advanced Search  

 
FIREWALL POLICY ADVISOR FOR ANOMALY DISCOVERY AND RULE EDITING
 

Summary: FIREWALL POLICY ADVISOR FOR
ANOMALY DISCOVERY AND RULE EDITING
Ehab S. Al-Shaer and Hazem H. Hamed
Multimedia Networking Research Laboratory
School of Computer Science, Telecommunications and Information Systems
DePaul University, Chicago, USA
{ehab,hhamed}@cs.depaul.edu
Abstract: Firewalls are core elements in network security. However, managing firewall rules, es-
pecially for enterprize networks, has become complex and error-prone. Firewall filtering
rules have to be carefully written and organized in order to correctly implement the secu-
rity policy. In addition, inserting or modifying a filtering rule requires thorough analysis
of the relationship between this rule and other rules in order to determine the proper order
of this rule and commit the updates. In this paper, we present a set of techniques and al-
gorithms that provide (1) automatic discovery of firewall policy anomalies to reveal rule
conflicts and potential problems in legacy firewalls, and (2) anomaly-free policy editing
for rule insertion, removal and modification. This is implemented in a user-friendly tool
called "Firewall Policy Advisor." The Firewall Policy Advisor significantly simplifies the
management of any generic firewall policy written as filtering rules, while minimizing
network vulnerability due to firewall rule misconfiguration.
Keywords: Firewall, security management, security policy, policy conflict.

  

Source: Al-Shaer, Ehab - School of Computer Science, Telecommunications and Information Systems, DePaul University

 

Collections: Computer Technologies and Information Sciences