Discovery of policy anomalies in distributed firewalls

Author

Al-Shaer, Ehab S. ; Hamed, Hazem H.

Author_Institution

Sch. of Comput. Sci., Telecommun. & Inf. Syst., DePaul Univ., Chicago, IL, USA

Volume

4

fYear

2004

fDate

7-11 March 2004

Firstpage

2605

Abstract

Firewalls are core elements in network security. However, managing firewall rules, particularly in multi-firewall enterprise networks, has become a complex and error-prone task. Firewall filtering rules have to be written, ordered and distributed carefully in order to avoid firewall policy anomalies that might cause network vulnerability. Therefore, inserting or modifying filtering rules in any firewall requires thorough intra- and inter-firewall analysis to determine the proper rule placement and ordering in the firewalls. We identify all anomalies that could exist in a single- or multi-firewall environment. We also present a set of techniques and algorithms to automatically discover policy anomalies in centralized and distributed legacy firewalls. These techniques are implemented in a software tool called the "Firewall Policy Advisor" that simplifies the management of filtering rules and maintains the security of next-generation firewalls.

Keywords

authorisation; computer network management; software tools; telecommunication security; Firewall Policy Advisor; distributed firewall; firewall filtering rule management; firewall rule; multifirewall enterprise network; network security; network vulnerability; policy anomaly; software tool; Computer science; Computer security; Filtering; Information security; Intelligent networks; Laboratories; Management information systems; Multimedia systems; Software tools; Telecommunication traffic;

fLanguage

English

Publisher

ieee

Conference_Titel

INFOCOM 2004. Twenty-third AnnualJoint Conference of the IEEE Computer and Communications Societies

ISSN

0743-166X

Print_ISBN

0-7803-8355-9

Type

conf

DOI

10.1109/INFCOM.2004.1354680

Filename

1354680