CFP last date
22 April 2024
Reseach Article

Detection of Firewall Policy Anomalies in Real-time Distributed Network Security Appliances

by Ameya Hanamsagar, Bhagyashree Borate, Ninad Jane, Aditi Wasvand, Santosh Darade
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 116 - Number 23
Year of Publication: 2015
Authors: Ameya Hanamsagar, Bhagyashree Borate, Ninad Jane, Aditi Wasvand, Santosh Darade
10.5120/20497-2769

Ameya Hanamsagar, Bhagyashree Borate, Ninad Jane, Aditi Wasvand, Santosh Darade . Detection of Firewall Policy Anomalies in Real-time Distributed Network Security Appliances. International Journal of Computer Applications. 116, 23 ( April 2015), 7-13. DOI=10.5120/20497-2769

@article{ 10.5120/20497-2769,
author = { Ameya Hanamsagar, Bhagyashree Borate, Ninad Jane, Aditi Wasvand, Santosh Darade },
title = { Detection of Firewall Policy Anomalies in Real-time Distributed Network Security Appliances },
journal = { International Journal of Computer Applications },
issue_date = { April 2015 },
volume = { 116 },
number = { 23 },
month = { April },
year = { 2015 },
issn = { 0975-8887 },
pages = { 7-13 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume116/number23/20497-2769/ },
doi = { 10.5120/20497-2769 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T22:57:56.434261+05:30
%A Ameya Hanamsagar
%A Bhagyashree Borate
%A Ninad Jane
%A Aditi Wasvand
%A Santosh Darade
%T Detection of Firewall Policy Anomalies in Real-time Distributed Network Security Appliances
%J International Journal of Computer Applications
%@ 0975-8887
%V 116
%N 23
%P 7-13
%D 2015
%I Foundation of Computer Science (FCS), NY, USA
Abstract

With the advent of emerging technologies like cloud computing, the security of confidential data is of prime importance. Firewalls are widely used as the most basic security device used to protect a network from unauthorized access and network intrusions. Network Administrators define some rules to filter incoming and outgoing packets which form the security policy of the firewall. The large size of firewall policies create complex interactions between policies of the same firewall as well as between multiple firewalls. In this paper, we extend the currently known classification for firewall policy anomalies. Further, we propose a tool which obtains these rules from security devices in real-time environment, detects the anomalies present in them according to the underlying network topology and propagates the consistent rules with the consent of administrator. Currently, the tool can only be used with Cisco security devices; however, it can be extended to incorporate the syntax of other vendor's devices as well.

References
  1. Ameya Hanamsagar, Ninad Jane, Bhagyashree Borate, Aditi Wasvand and S. A. Darade, "Firewall Anomaly Management: A survey," International Journal of Computer Applications Volume 105 Number 18
  2. Sandeep Reddy Pedditi, Du Zhang, and Chung-E Wang, "FIEP: An Initial Design of A Firewall Information Exchange Protocol," IEEE 14th International Conference on Information Reuse and Integration (IRI), 2013
  3. E. Al-Shaer and H. Hamed, "Discovery of Policy Anomalies in Distributed Firewalls,"IEEE INFOCOM '04,vol. 4, 2004. pp. 2605-2616
  4. L. Yuan, H. Chen, J. Mai, C. Chuah, Z. Su, P. Mohapatra, and C. Davis, "Fireman: A Toolkit for Firewall Modeling and Analysis," Proc. IEEE Symp. Security and Privacy, 2006
  5. Y. Bartal, A. J. Mayer, K. Nissim, A. Wool, "Firmato: A novel firewall management toolkit," ACM Transactions on Computer Systems 22, 2004, pp. 381-420
  6. Suchart Khummanee, Atipong Khumseela and Somnuk Puangpronpitag, "Towards a New Design of Firewall: Anomaly Elimination and Fast Verifying of Firewall Rules," 10th International Joint Conference on Computer Science and Software Engineering (JCSSE), 2013, pp. 93-98
  7. Chi-Shih Chao, "A flexible and feasible anomaly diagnosis system for Internet firewall rules," 13th Asia-Pacific Network Operations and Management Symposium (APNOMS), 2011
  8. A. X. Liu and M. G. Gouda, "Firewall policy queries," IEEE Transactions on Parallel and Distributed Systems (TPDS), 20(6), pp. 766–777, 2009
  9. Hongxin Hu, Gail-Joon Ahn and Ketan Kulkarni, "Detecting and Resolving Firewall Policy Anomalies," IEEE Transactions on Dependable and Secure Computing, vol. 9, issue 3, pp. 318-331
  10. Alan Jeffrey and Taghrid Samak, "Model Checking Firewall Policy Configurations," IEEE International Symposium on Policies for Distributed Systems and Networks, 2009, pp. 60-67
  11. A. Mayer, A. Wool and E. Ziskind, "Offline firewall analysis," International Journal of Information Security 5 (3), 2005, pp. 125–144
  12. Alex X. Liu, "Firewall policy verification and troubleshooting," The International Journal of Computer and Telecommunications Networking, Vol 53 Issue 16, 2009, pp. 2800-2809
  13. Cisco ASA Series Firewall ASDM Configuration Guide, Cisco Systems Inc. , updated March 31, 2014
  14. S. R. Pedditi, "An initial design of firewall information exchange protocol (FIEP)," MS Degree Project Report, Department of Computer Science, California State University, Sacramento, May 2012.
  15. Cisco Security Appliance Command Line Configuration Guide, Cisco Systems Inc. , 2009
Index Terms

Computer Science
Information Sciences

Keywords

Firewalls ACL rules anomaly Firewall Policy Policy conflicts