Detection of firewall configuration errors with updatable tree

Abstract : The fundamental goals of security policy are to allow uninterrupted access to the network resources for authenticated users and to deny access to unauthenticated users. For this purpose, firewalls are frequently deployed in every size network. However, bad configurations may cause serious security breaches and network vulnerabilities. In particular, conflicted filtering rules lead to block legitimate traffic and to accept unwanted packets. This fact troubles administrators who have to insert and delete filtering rules in a huge configuration file. We propose in this paper a quick method for managing a firewall configuration file. We represent the set of filtering rules by a firewall anomaly tree (FAT). Then, an administrator can update the FAT by inserting and deleting some filtering rules. The FAT modification automatically reveals emerged anomalies and helps the administrator to find the adequate position for a new added filtering rule. All the algorithms presented in the paper have been implemented, and computer experiments show the usefulness of updating the FAT data structure in order to quickly detect anomalies when dealing with a huge firewall configuration file.
Type de document :
Article dans une revue
International Journal of Information Security, Springer Verlag, 2016, 15 (3), pp.301-317. 〈http://link.springer.com/journal/10207〉. 〈10.1007/s10207-015-0290-0〉
Liste complète des métadonnées

Littérature citée [32 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01320646
Contributeur : Michaël Rusinowitch <>
Soumis le : samedi 28 mai 2016 - 14:39:06
Dernière modification le : mardi 5 juin 2018 - 15:54:02

Fichier

firewall.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

Collections

Citation

Tarek Abbes, Adel Bouhoula, Michaël Rusinowitch. Detection of firewall configuration errors with updatable tree. International Journal of Information Security, Springer Verlag, 2016, 15 (3), pp.301-317. 〈http://link.springer.com/journal/10207〉. 〈10.1007/s10207-015-0290-0〉. 〈hal-01320646〉

Partager

Métriques

Consultations de la notice

265

Téléchargements de fichiers

125