| Abstract: |
Firewalls are core elements in network security. However, managing firewall
rules, especially for enterprise networks, has become complex and error-prone.
Firewall filtering rules have to be carefully written and organized in order to
correctly implement the security policy. In addition, inserting or modifying a
filtering rule requires thorough analysis of the relationship between this rule
and other rules in order to determine the proper order of this rule and commit
the updates. In this paper, we present a set of techniques and algorithms that
provide (1) automatic anomaly detection for discovering rule conflicts and
potential problems in legacy firewalls, (2) anomaly-free policy editing for rule
insertion, modification and removal, and (3) concise translation of filtering
rules to high-level textual description for user visualization and verification.
This is implemented in a user-friendly tool called “Firewall Policy Advisor.”
The firewall policy advisor significantly simplifies the management of any
generic firewall policy written as filtering rules, while minimizing network
vulnerability due to firewall rule misconfiguration. |