Title :
Firewall Policy Reconstruction by Active Probing: An Attacker´s View
Author :
Samak, Taghrid ; El-Atawy, Adel ; Al-Shaer, Ehab ; Li, Hong
Author_Institution :
Sch. of Comput. Sci., Telecommun., & Inf. Syst., DePaul Univ. Chicago, Chicago, IL
Abstract :
Having a firewall policy that is correct and complete is crucial to the safety of the computer network. An adversary will benefit a lot from knowing the policy or its semantics. In this paper we show how an attacker can reconstruct a firewall´s policy by probing the firewall by sending tailored packets into a network and forming an idea of what the policy looks like. We present two approaches of compiling this information into a policy that can be arbitrary close to the original one used in the deployed firewall. The first approach is based on region growing from single firewall response to sample packets. The other approach uses split-and-merge in order to divide the space of the firewall´s rules and analyzes each independently. Both techniques merge the results obtained into a more compact version of the policies reconstructed.
Keywords :
authorisation; computer networks; active probing; computer network; firewall policy reconstruction; split-and-merge method; Computer networks; Computer science; Filtering; Information systems; Information technology; Network servers; Partitioning algorithms; Performance analysis; Probes; Protection;
Conference_Titel :
Secure Network Protocols, 2006. 2nd IEEE Workshop on
Conference_Location :
Santa Barbara, CA
Print_ISBN :
1-4244-0773-7
Electronic_ISBN :
1-4244-0774-5
DOI :
10.1109/NPSEC.2006.320342
