Home

About

Advanced Search

Browse by Discipline

Scientific Societies

E-print Alerts

Add E-prints

E-print Network
FAQHELPSITE MAPCONTACT US


  Advanced Search  

 
Firewall Policy Advisor for Anomaly Detection, Rules Editing and Translation
 

Summary: Firewall Policy Advisor for Anomaly Detection,
Rules Editing and Translation
Ehab S. Al-Shaer and Hazem H. Hamed
Multimedia Networking Research Laboratory
School of Computer Science, Telecommunications and Information Systems
DePaul University, 243 S Wabash Ave, Chicago, IL 60604
Tel: (312)362-5137
{ehab, hhamed}@cs.depaul.edu
Abstract
Firewalls are core elements in network security. However, managing firewall rules, especially
for enterprise networks, has become complex and error-prone. Firewall filtering rules have to be
carefully written and organized in order to correctly implement the security policy. In addition,
inserting or modifying a filtering rule requires thorough analysis of the relationship between this
rule and other rules in order to determine the proper order of this rule and commit the updates. In
this paper, we present a set of techniques and algorithms that provide (1) automatic anomaly
detection for discovering rule conflicts and potential problems in legacy firewalls, (2) anomaly-
free policy editing for rule insertion, modification and removal, and (3) concise translation of
filtering rules to high-level textual description for user visualization and verification. This is
implemented in a user-friendly tool called "Firewall Policy Advisor." The firewall policy advisor
significantly simplifies the management of any generic firewall policy written as filtering rules,

  

Source: Al-Shaer, Ehab - School of Computer Science, Telecommunications and Information Systems, DePaul University

 

Collections: Computer Technologies and Information Sciences