By Topic

A flexible and feasible anomaly diagnosis system for Internet firewall rules

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

1 Author(s)
Chi-Shih Chao ; Department of Communications Engineering, Feng Chia University, Taiwan 40724, ROC

Firewall is one of the premier devices of the current Internet, which can protect the entire network against attacks or threats. While configuring the firewalls, rule configuration has to conform to, or say be consistent with, the demands of the network security policies so that the network security would not be flawed. Accordingly, firewall rule editing, ordering, and distribution must be done very carefully on each of the cooperative firewalls, especially in a large-scale and multi-firewall-equipped network. Nevertheless, network operators are prone to incorrectly configuring the firewalls because there are typically thousands or hundreds of thousands of filtering/admission rules (i.e., rules in the Access Control List file; or ACL for short) which could be setup in a firewall, not mention these rules among firewalls which affect mutually can make the matter worse. Under this situation, the network operators would hardly know their mis-configuration until the network functions beyond the expectations. For this, our work is to build a feasible diagnosis system for checking the anomalies between firewalls' rules which often give rise to the inconsistency between the demands of network security policies and firewall rule configuration. The system collects the filtering/admission rules (or ACL rules) from all of the firewalls (and routers if they are ACL-configured) in the managed network and then a Rule Anomaly Relation tree (RAR tree) is created on the basis of these collected firewall rules. By utilizing the RAR tree, we can not only do the diagnosis of intra-ACL rule anomalies more efficiently, but make the diagnosis of inter-ACL rule anomalies much easier and more flexible. In addition, to facilitate the understanding of the diagnosis results, a systematic visualization approach is also developed. With the aid of this approach, the anomaly situation can be easily revealed and investigated. As a consequence, our prototype system with discussions is shown at the e- - nd of this paper as a demonstration our system's performance and, as of now, part of our system design and implementation has been applied to our campus network also.

Published in:

Network Operations and Management Symposium (APNOMS), 2011 13th Asia-Pacific

Date of Conference:

21-23 Sept. 2011