Discovery of policy anomalies in distributed firewalls

Ehab S. Al-Shaer; Hazem H. Hamed

doi:10.1109/INFCOM.2004.1354680

Discovery of policy anomalies in distributed firewalls

Ehab S. Al-Shaer^*, Hazem H. Hamed

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

298 Scopus citations

Abstract

Firewalls are core elements in network security. However, managing firewall rules, particularly in multi-firewall enterprise networks, has become a complex and error-prone task. Firewall filtering rules have to be written, ordered and distributed carefully in order to avoid firewall policy anomalies that might cause network vulnerability. Therefore, inserting or modifying filtering rules in any firewall requires thorough intra- and inter-firewall analysis to determine the proper rule placement and ordering in the firewalls. In this paper, we identify all anomalies that could exist in a single- or multi-firewall environment. We also present a set of techniques and algorithms to automatically discover policy anomalies in centralized and distributed legacy firewalls. These techniques are implemented in a software tool called the "Firewall Policy Advisor" that simplifies the management of filtering rules and maintains the security of next-generation firewalls.

Original language	English
Title of host publication	IEEE INFOCOM 2004 - Conference on Computer Communications - Twenty-Third Annual Joint Conference of the IEEE Computer and Communications Societies
Pages	2605-2616
Number of pages	12
DOIs	https://doi.org/10.1109/INFCOM.2004.1354680
State	Published - 2004
Externally published	Yes
Event	IEEE INFOCOM 2004 - Conference on Computer Communications - Twenty-Third Annual Joint Conference of the IEEE Computer and Communications Societies - Hongkong, China Duration: 7 Mar 2004 → 11 Mar 2004

Publication series

Name	Proceedings - IEEE INFOCOM
Volume	4
ISSN (Print)	0743-166X

Conference

Conference	IEEE INFOCOM 2004 - Conference on Computer Communications - Twenty-Third Annual Joint Conference of the IEEE Computer and Communications Societies
Country/Territory	China
City	Hongkong
Period	7/03/04 → 11/03/04

ASJC Scopus subject areas

General Computer Science
Electrical and Electronic Engineering

Access to Document

10.1109/INFCOM.2004.1354680

Cite this

@inproceedings{698bef817a534c16bc0f14c2bf79f31e,

title = "Discovery of policy anomalies in distributed firewalls",

abstract = "Firewalls are core elements in network security. However, managing firewall rules, particularly in multi-firewall enterprise networks, has become a complex and error-prone task. Firewall filtering rules have to be written, ordered and distributed carefully in order to avoid firewall policy anomalies that might cause network vulnerability. Therefore, inserting or modifying filtering rules in any firewall requires thorough intra- and inter-firewall analysis to determine the proper rule placement and ordering in the firewalls. In this paper, we identify all anomalies that could exist in a single- or multi-firewall environment. We also present a set of techniques and algorithms to automatically discover policy anomalies in centralized and distributed legacy firewalls. These techniques are implemented in a software tool called the {"}Firewall Policy Advisor{"} that simplifies the management of filtering rules and maintains the security of next-generation firewalls.",

author = "Al-Shaer, \{Ehab S.\} and Hamed, \{Hazem H.\}",

year = "2004",

doi = "10.1109/INFCOM.2004.1354680",

language = "English",

isbn = "0780383559",

series = "Proceedings - IEEE INFOCOM",

pages = "2605--2616",

booktitle = "IEEE INFOCOM 2004 - Conference on Computer Communications - Twenty-Third Annual Joint Conference of the IEEE Computer and Communications Societies",

note = "IEEE INFOCOM 2004 - Conference on Computer Communications - Twenty-Third Annual Joint Conference of the IEEE Computer and Communications Societies ; Conference date: 07-03-2004 Through 11-03-2004",

}

Al-Shaer, ES & Hamed, HH 2004, Discovery of policy anomalies in distributed firewalls. in IEEE INFOCOM 2004 - Conference on Computer Communications - Twenty-Third Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings - IEEE INFOCOM, vol. 4, pp. 2605-2616, IEEE INFOCOM 2004 - Conference on Computer Communications - Twenty-Third Annual Joint Conference of the IEEE Computer and Communications Societies, Hongkong, China, 7/03/04. https://doi.org/10.1109/INFCOM.2004.1354680

Discovery of policy anomalies in distributed firewalls. / Al-Shaer, Ehab S.; Hamed, Hazem H.
IEEE INFOCOM 2004 - Conference on Computer Communications - Twenty-Third Annual Joint Conference of the IEEE Computer and Communications Societies. 2004. p. 2605-2616 (Proceedings - IEEE INFOCOM; Vol. 4).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Discovery of policy anomalies in distributed firewalls

AU - Al-Shaer, Ehab S.

AU - Hamed, Hazem H.

PY - 2004

Y1 - 2004

N2 - Firewalls are core elements in network security. However, managing firewall rules, particularly in multi-firewall enterprise networks, has become a complex and error-prone task. Firewall filtering rules have to be written, ordered and distributed carefully in order to avoid firewall policy anomalies that might cause network vulnerability. Therefore, inserting or modifying filtering rules in any firewall requires thorough intra- and inter-firewall analysis to determine the proper rule placement and ordering in the firewalls. In this paper, we identify all anomalies that could exist in a single- or multi-firewall environment. We also present a set of techniques and algorithms to automatically discover policy anomalies in centralized and distributed legacy firewalls. These techniques are implemented in a software tool called the "Firewall Policy Advisor" that simplifies the management of filtering rules and maintains the security of next-generation firewalls.

AB - Firewalls are core elements in network security. However, managing firewall rules, particularly in multi-firewall enterprise networks, has become a complex and error-prone task. Firewall filtering rules have to be written, ordered and distributed carefully in order to avoid firewall policy anomalies that might cause network vulnerability. Therefore, inserting or modifying filtering rules in any firewall requires thorough intra- and inter-firewall analysis to determine the proper rule placement and ordering in the firewalls. In this paper, we identify all anomalies that could exist in a single- or multi-firewall environment. We also present a set of techniques and algorithms to automatically discover policy anomalies in centralized and distributed legacy firewalls. These techniques are implemented in a software tool called the "Firewall Policy Advisor" that simplifies the management of filtering rules and maintains the security of next-generation firewalls.

UR - https://www.scopus.com/pages/publications/8344229907

U2 - 10.1109/INFCOM.2004.1354680

DO - 10.1109/INFCOM.2004.1354680

M3 - Conference contribution

AN - SCOPUS:8344229907

SN - 0780383559

T3 - Proceedings - IEEE INFOCOM

SP - 2605

EP - 2616

BT - IEEE INFOCOM 2004 - Conference on Computer Communications - Twenty-Third Annual Joint Conference of the IEEE Computer and Communications Societies

T2 - IEEE INFOCOM 2004 - Conference on Computer Communications - Twenty-Third Annual Joint Conference of the IEEE Computer and Communications Societies

Y2 - 7 March 2004 through 11 March 2004

ER -

Discovery of policy anomalies in distributed firewalls

Abstract

Publication series

Conference

ASJC Scopus subject areas

Access to Document

Fingerprint

Cite this