Abstract

With the advent of emerging technologies like cloud computing, the security of confidential data is of prime importance. Firewalls are widely used as the most basic security device used to protect a network from unauthorized access and network intrusions. Network Administrators define some rules to filter incoming and outgoing packets which form the security policy of the firewall. The large size of firewall policies create complex interactions between policies of the same firewall as well as between multiple firewalls. In this paper, we extend the currently known classification for firewall policy anomalies. Further, we propose a tool which obtains these rules from security devices in real-time environment, detects the anomalies present in them according to the underlying network topology and propagates the consistent rules with the consent of administrator. Currently, the tool can only be used with Cisco security devices; however, it can be extended to incorporate the syntax of other vendor's devices as well.

References

• Ameya Hanamsagar, Ninad Jane, Bhagyashree Borate, Aditi Wasvand and S. A. Darade, "Firewall Anomaly Management: A survey," International Journal of Computer Applications Volume 105 Number 18
• Sandeep Reddy Pedditi, Du Zhang, and Chung-E Wang, "FIEP: An Initial Design of A Firewall Information Exchange Protocol," IEEE 14th International Conference on Information Reuse and Integration (IRI), 2013
• E. Al-Shaer and H. Hamed, "Discovery of Policy Anomalies in Distributed Firewalls,"IEEE INFOCOM '04,vol. 4, 2004. pp. 2605-2616
• L. Yuan, H. Chen, J. Mai, C. Chuah, Z. Su, P. Mohapatra, and C. Davis, "Fireman: A Toolkit for Firewall Modeling and Analysis," Proc. IEEE Symp. Security and Privacy, 2006
• Y. Bartal, A. J. Mayer, K. Nissim, A. Wool, "Firmato: A novel firewall management toolkit," ACM Transactions on Computer Systems 22, 2004, pp. 381-420
• Suchart Khummanee, Atipong Khumseela and Somnuk Puangpronpitag, "Towards a New Design of Firewall: Anomaly Elimination and Fast Verifying of Firewall Rules," 10th International Joint Conference on Computer Science and Software Engineering (JCSSE), 2013, pp. 93-98
• Chi-Shih Chao, "A flexible and feasible anomaly diagnosis system for Internet firewall rules," 13th Asia-Pacific Network Operations and Management Symposium (APNOMS), 2011
• A. X. Liu and M. G. Gouda, "Firewall policy queries," IEEE Transactions on Parallel and Distributed Systems (TPDS), 20(6), pp. 766–777, 2009
• Hongxin Hu, Gail-Joon Ahn and Ketan Kulkarni, "Detecting and Resolving Firewall Policy Anomalies," IEEE Transactions on Dependable and Secure Computing, vol. 9, issue 3, pp. 318-331
• Alan Jeffrey and Taghrid Samak, "Model Checking Firewall Policy Configurations," IEEE International Symposium on Policies for Distributed Systems and Networks, 2009, pp. 60-67
• A. Mayer, A. Wool and E. Ziskind, "Offline firewall analysis," International Journal of Information Security 5 (3), 2005, pp. 125–144
• Alex X. Liu, "Firewall policy verification and troubleshooting," The International Journal of Computer and Telecommunications Networking, Vol 53 Issue 16, 2009, pp. 2800-2809
• Cisco ASA Series Firewall ASDM Configuration Guide, Cisco Systems Inc. , updated March 31, 2014
• S. R. Pedditi, "An initial design of firewall information exchange protocol (FIEP)," MS Degree Project Report, Department of Computer Science, California State University, Sacramento, May 2012.
• Cisco Security Appliance Command Line Configuration Guide, Cisco Systems Inc. , 2009