Fang: a firewall analysis engine

Mayer, Alain; Wool, Avishai; Ziskind, Elisha

doi:10.1109/secpri.2000.848455

Cited by 172 publications

(128 citation statements)

References 2 publications

Supporting

Mentioning

126

Contrasting

Unclassified

Order By: Relevance

“…However, it takes only one firewall into account for the process. In [15] and [17] a method and tool to discover and test a network security policy is proposed. The configuration files along with the description of the network topology are used to build an internal representation of the policy that can be verified by the user through queries in ad-hoc languages.…”

Section: Related Workmentioning

confidence: 99%

Model-Driven Extraction and Analysis of Network Security Policies

Martínez

García-Alfaro

Cuppens

et al. 2013

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Firewalls are a key element in network security. They are in charge of filtering the traffic of the network in compliance with a number of access-control rules that enforce a given security policy. In an always-evolving context, where security policies must often be updated to respond to new security requirements, knowing with precision the policy being enforced by a network system is a critical information. Otherwise, we risk to hamper the proper evolution of the system and compromise its security. Unfortunately, discovering such enforced policy is an error-prone and time consuming task that requires low-level and, often, vendor-specific expertise since firewalls may be configured using different languages and conform to a complex network topology. To tackle this problem, we propose a model-driven reverse engineering approach able to extract the security policy implemented by a set of firewalls in a working network, easing the understanding, analysis and evolution of network security policies.

show abstract

Section: Related Workmentioning

confidence: 99%

Model-Driven Extraction and Analysis of Network Security Policies

Martínez

García-Alfaro

Cuppens

et al. 2013

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Several studies have been conducted toward audit mechanisms that analyze already deployed configurations, with the goal of signaling inconsistencies and fixing the discovered anomalies. We can classify them into three categories: (I) those that are oriented towards directly querying the firewall itself [14][15][16], (II) those targeting conflict management [17,18] and (III) those focusing on the detection of anomalies [19,4,2,20,21]. In category I, the analysis problem is relayed towards a process of information retrieval by directly querying the firewall.…”

Section: Related Workmentioning

confidence: 99%

“…We can look at three rules that aim at granting authorization to FTP services, both in active and passive mode: de configurations existantes. Nous pouvons les classer dans trois catégories : (I) ceux orientés interrogation du pare-feu [14,15] ou [16], (II) ceux ciblant la gestion de conflits [17,18] et (III) ceux se focalisant sur la détection des anomalies [19,4,2,20,21]. Dans la catégorie I, la problématique d'analyse a été réorientée vers un processus de recherche d'information en interrogeant le pare-feu, ce qui déplace la difficulté vers la structuration des configurations, le langage de requêtes, l'exhaustivité et l'efficacité de ces requêtes, le besoin de mettre en vis-à-vis la politique souhaitée et les règles de filtrage ce qui rend l'analyse complexe, sujette aussi bien à des faux positifs qu'à des faux négatifs puisque la dimension histoire n'est pas prise en compte.…”

Section: Handling Inter-state Rule Anomaliesunclassified

Handling Stateful Firewall Anomalies

Cuppens

Cuppens-Boulahia

García-Alfaro

et al. 2012

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

Abstract. A security policy consists of a set of rules designed to protect an information system. To ensure this protection, the rules must be deployed on security components in a consistent and non-redundant manner. Unfortunately, an empirical approach is often adopted by network administrators, to the detriment of theoretical validation. While the literature on the analysis of configurations of first generation (stateless) firewalls is now rich, this is not the case for second and third generation firewalls, also known as stateful firewalls. In this paper, we address this limitation, and provide solutions to analyze and handle stateful firewall anomalies and misconfiguration.

show abstract

“…Mayer et al present tools for analyzing firewalls in [13]. In [8], Eronen et al propose the approach of representing the rules as a knowledge base, and present a tool based on Constraint Logic Programming to allow the user to write higher level operations and queries.…”

Section: Introductionmentioning

confidence: 99%

Detection and Resolution of Anomalies in Firewall Policy Rules

Abedin

Nessa

Khan

et al. 2006

Data and Applications Security XX

View full text Add to dashboard Cite

Abstract.A firewall is a system acting as an interface of a network to one or more external networks. It implements the security policy of the network by deciding which packets to let through based on rules defined by the network administrator. Any error in defining the rules may compromise the system security by letting unwanted traffic pass or blocking desired traffic. Manual definition of rules often results in a set that contains conflicting, redundant or overshadowed rules, resulting in anomalies in the policy. Manually detecting and resolving these anomalies is a critical but tedious and error prone task. Existing research on this problem have been focused on the analysis and detection of the anomalies in firewall policy. Previous works define the possible relations between rules and also define anomalies in terms of the relations and present algorithms to detect the anomalies by analyzing the rules. In this paper, we discuss some necessary modifications to the existing definitions of the relations. We present a new algorithm that will simultaneously detect and resolve any anomaly present in the policy rules by necessary reorder and split operations to generate a new anomaly free rule set. We also present proof of correctness of the algorithm. Then we present an algorithm to merge rules where possible in order to reduce the number of rules and hence increase efficiency of the firewall.

show abstract

Fang: a firewall analysis engine

Cited by 172 publications

References 2 publications

Model-Driven Extraction and Analysis of Network Security Policies

Model-Driven Extraction and Analysis of Network Security Policies

Handling Stateful Firewall Anomalies

Detection and Resolution of Anomalies in Firewall Policy Rules

Contact Info

Product

Resources

About