Title :
Discovery of policy anomalies in distributed firewalls
Author :
Al-Shaer, Ehab S. ; Hamed, Hazem H.
Author_Institution :
Sch. of Comput. Sci., Telecommun. & Inf. Syst., DePaul Univ., Chicago, IL, USA
Abstract :
Firewalls are core elements in network security. However, managing firewall rules, particularly in multi-firewall enterprise networks, has become a complex and error-prone task. Firewall filtering rules have to be written, ordered and distributed carefully in order to avoid firewall policy anomalies that might cause network vulnerability. Therefore, inserting or modifying filtering rules in any firewall requires thorough intra- and inter-firewall analysis to determine the proper rule placement and ordering in the firewalls. We identify all anomalies that could exist in a single- or multi-firewall environment. We also present a set of techniques and algorithms to automatically discover policy anomalies in centralized and distributed legacy firewalls. These techniques are implemented in a software tool called the "Firewall Policy Advisor" that simplifies the management of filtering rules and maintains the security of next-generation firewalls.
Keywords :
authorisation; computer network management; software tools; telecommunication security; Firewall Policy Advisor; distributed firewall; firewall filtering rule management; firewall rule; multifirewall enterprise network; network security; network vulnerability; policy anomaly; software tool; Computer science; Computer security; Filtering; Information security; Intelligent networks; Laboratories; Management information systems; Multimedia systems; Software tools; Telecommunication traffic;
Conference_Titel :
INFOCOM 2004. Twenty-third AnnualJoint Conference of the IEEE Computer and Communications Societies
Print_ISBN :
0-7803-8355-9
DOI :
10.1109/INFCOM.2004.1354680
