Cart (Loading....) | Create Account
Close category search window
 

A flexible and feasible anomaly diagnosis system for Internet firewall rules

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

1 Author(s)
Chi-Shih Chao ; Dept. of Commun. Eng., Feng Chia Univ., Taichung, Taiwan

Firewall is one of the premier devices of the current Internet, which can protect the entire network against attacks or threats. While configuring the firewalls, rule configuration has to conform to, or say be consistent with, the demands of the network security policies so that the network security would not be flawed. Accordingly, firewall rule editing, ordering, and distribution must be done very carefully on each of the cooperative firewalls, especially in a large-scale and multi-firewall-equipped network. Nevertheless, network operators are prone to incorrectly configuring the firewalls because there are typically thousands or hundreds of thousands of filtering/admission rules (i.e., rules in the Access Control List file; or ACL for short) which could be setup in a firewall, not mention these rules among firewalls which affect mutually can make the matter worse. Under this situation, the network operators would hardly know their mis-configuration until the network functions beyond the expectations. For this, our work is to build a feasible diagnosis system for checking the anomalies between firewalls' rules which often give rise to the inconsistency between the demands of network security policies and firewall rule configuration. The system collects the filtering/admission rules (or ACL rules) from all of the firewalls (and routers if they are ACL-configured) in the managed network and then a Rule Anomaly Relation tree (RAR tree) is created on the basis of these collected firewall rules. By utilizing the RAR tree, we can not only do the diagnosis of intra-ACL rule anomalies more efficiently, but make the diagnosis of inter-ACL rule anomalies much easier and more flexible. In addition, to facilitate the understanding of the diagnosis results, a systematic visualization approach is also developed. With the aid of this approach, the anomaly situation can be easily revealed and investigated. As a consequence, our prototype system with discussions is shown at the e- - nd of this paper as a demonstration our system's performance and, as of now, part of our system design and implementation has been applied to our campus network also.

Published in:

Network Operations and Management Symposium (APNOMS), 2011 13th Asia-Pacific

Date of Conference:

21-23 Sept. 2011

Need Help?


IEEE Advancing Technology for Humanity About IEEE Xplore | Contact | Help | Terms of Use | Nondiscrimination Policy | Site Map | Privacy & Opting Out of Cookies

A not-for-profit organization, IEEE is the world's largest professional association for the advancement of technology.
© Copyright 2014 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.