Detection of firewall configuration errors with updatable tree

Abstract : The fundamental goals of security policy are to allow uninterrupted access to the network resources for authenticated users and to deny access to unauthenticated users. For this purpose, firewalls are frequently deployed in every size network. However, bad configurations may cause serious security breaches and network vulnerabilities. In particular, conflicted filtering rules lead to block legitimate traffic and to accept unwanted packets. This fact troubles administrators who have to insert and delete filtering rules in a huge configuration file. We propose in this paper a quick method for managing a firewall configuration file. We represent the set of filtering rules by a firewall anomaly tree (FAT). Then, an administrator can update the FAT by inserting and deleting some filtering rules. The FAT modification automatically reveals emerged anomalies and helps the administrator to find the adequate position for a new added filtering rule. All the algorithms presented in the paper have been implemented, and computer experiments show the usefulness of updating the FAT data structure in order to quickly detect anomalies when dealing with a huge firewall configuration file.
Complete list of metadatas

Cited literature [32 references]  Display  Hide  Download

https://hal.inria.fr/hal-01320646
Contributor : Michaël Rusinowitch <>
Submitted on : Saturday, May 28, 2016 - 2:39:06 PM
Last modification on : Tuesday, December 18, 2018 - 4:38:25 PM

File

firewall.pdf
Files produced by the author(s)

Identifiers

Collections

Citation

Tarek Abbes, Adel Bouhoula, Michaël Rusinowitch. Detection of firewall configuration errors with updatable tree. International Journal of Information Security, Springer Verlag, 2016, 15 (3), pp.301-317. ⟨http://link.springer.com/journal/10207⟩. ⟨10.1007/s10207-015-0290-0⟩. ⟨hal-01320646⟩

Share

Metrics

Record views

306

Files downloads

239