Management of stateful firewall misconfiguration

Firewall configurations are evolving into dynamic policies that depend on protocol states. As a result, stateful configurations tend to be much more error prone. Some errors occur on configurations that only contain stateful rules. Others may affect those holding both stateful and stateless rules. Such situations lead to configurations in which actions on certain packets are conducted by the firewall, while other related actions are not. We address automatic solutions to handle these problems. Permitted states and transitions of connection-oriented protocols (in essence, on any layer) are encoded as automata. Flawed rules are identified and potential modifications are provided in order to get consistent configurations. We validate the feasibility of our proposal based on a proof of concept prototype that automatically parses existing firewall configuration files and handles the discovery of flawed rules according to our approach.

Domains

Software Engineering [cs.SE]

Salvador Martínez : Connect in order to contact the contributor

https://inria.hal.science/hal-00869328

Submitted on : Thursday, October 3, 2013-12:03:51 AM

Last modification on : Friday, April 26, 2024-8:46:33 AM

Dates and versions

hal-00869328 , version 1 (03-10-2013)

Identifiers

HAL Id : hal-00869328 , version 1

Cite

García-Alfaro Joaquin, Cuppens Frédéric, Nora Cuppens-Boulahia, Salvador Martinez Perez, Jordi Cabot. Management of stateful firewall misconfiguration. Computers & Security, 2013, 39 (11), pp.64-85. ⟨hal-00869328⟩

Export

BibTeX XML-TEI Dublin Core DC Terms EndNote DataCite

Collections

UNIV-BREST UNIV-NANTES INSTITUT-TELECOM UNIV-RENNES1 CNRS INRIA IRISA LINA TELECOM-SUDPARIS LINA-ATLANMOD INFO ENIB LAB-STICC_ENIB LAB-STICC INRIA2 LAB-STICC_TB UR1-MATH-STIC LS2N UR1-UFR-ISTIC UNIV-RENNES IMT-ATLANTIQUE UR1-MATH-NUM NANTES-UNIVERSITE

347 View

0 Download