A Real-Time Firewall Policy Rule Set Anomaly-Free Mechanism

  IJETT-book-cover  International Journal of Engineering Trends and Technology (IJETT)          
  
© 2019 by IJETT Journal
Volume-67 Issue-9
Year of Publication : 2019
Authors : Mohamed M.A. Elgazzar , Mohamed E. Elhamahmy , Abdel-Hamid M. Emara
DOI :  10.14445/22315381/IJETT-V67I9P217

Citation 

MLA Style: Mohamed M.A. Elgazzar , Mohamed E. Elhamahmy , Abdel-Hamid M. Emara  "A Real-Time Firewall Policy Rule Set Anomaly-Free Mechanism" International Journal of Engineering Trends and Technology 67.9 (2019):104-115.

APA Style:Mohamed M.A. Elgazzar , Mohamed E. Elhamahmy , Abdel-Hamid M. Emara. A Real-Time Firewall Policy Rule Set Anomaly-Free Mechanism International Journal of Engineering Trends and Technology, 67(9),104-115.

Abstract
a lot of work has been done on detecting firewall policy anomalies. There are tools have been proposed to help dependent on these studies, for example, Policy Advisor Tool. However, it dependent on the insertion of policy rules manually into the tool. There is a real need for a tool that acquire the firewall policy rules in real-time. There are also tools produced by firewall vendors developed for firewall systems to work on the management of their devices only and therefore does not work with the devices produced by other companies. Due to the growing network and its dependence on many of the firewall devices of different types and brands, it has become difficult to manage policies on various Firewall of different types and vendors and rely on many different tools as well. In this paper we proposed a method for investigating the firewall rule-set anomalies and suggest how to fix them. We also have built a practical tool that can obtain a copy of the policy rule-set in real time and dealing with several devices of different brands using the same tool. The proposed tool is considered as a way to help the network administrator and not an alternative him.

Reference

[1] Mayer, A. Wool and E. Ziskind, “Offline firewall analysis,” International Journal of Information Security 5 (3), 2005, pp. 125–144.
[2] E. Al-Shaer and H. Hamedl,” Firewall policy advisor for anomaly detection and rule editing”, In Proceedings of Data and Application Security (LNCS4127), March 2006.
[3] L. Yuan, H. Chen, J. Mai, C. Chuah, Z. Su, P. Mohapatra, and C.Davis, “Fireman: A Toolkit for Firewall Modeling and Analysis” , Proc. IEEE Symp. Security and Privacy, p. 15, 2006
[4] A. Hanamsagar, N. Jane, B. Borate, A. Wasvand, and S. A. Darade, “Firewall Anomaly Management : A survey,” vol. 105, no. 18, pp. 1–5, 2014.
[5] E. Al-Shaer and H. Hamed, “Discovery of Policy Anomalies in Distributed Firewalls,” IEEE INFOCOM ’04, vol. 4, 2004. pp. 2605-2616.
[6] M. Abedin, S. Nessa, L. Khan, and B. Thuraisingham, “Detection and resolution of anomalies in firewall policy rule “, Data and Applications Security XX, pages 15-29, 2006.
[7] Y. Bartal, A.J. Mayer, K. Nissim, A. Wool, “Firmato: A novel firewall management toolkit,” ACM Transactions on Computer Systems 22, 2004, pp. 381-420.
[8] Martínez A. Yannuzzi M. López J. Serral-Gracià R. Ramirez W. (2015). Applying information extraction for abstracting and automating the CLI-based configuration of network devices in heterogeneous environments.
[9] Kim H., Ko S., Kim D. S. and Kim H. K. (2017). Firewall ruleset visualization analysis tool based on segmentation. IEEE Symposium on Visualization for Cyber Security (VizSec), Phoenix, AZ, pp. 1-8. http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=8062196&isnumber=8062166
[10] Tran, T., Al-Shaer, E., &Boutaba, R. (2007). PolicyVis: Firewall Security Policy Visualization and Inspection. LISA.
[11] X. Wang et al. (2018). PNPL: Simplifying programming for protocol-oblivious SDN networks. Computer Networks. 147, 64–80.
[12] Antonio JesúsFernández-García, Luis Iribarne, Antonio Corral, Javier Criado, James Z. Wang. (2018). A flexible data acquisition system for storing the interactions on mashup user interfaces. Computer Standards & Interfaces, Volume 59, Pages 10-34, ISSN 0920-5489. International Journal of Scientific & Engineering Research, Volume 6, Issue 2, February-2015. ISSN 2229-5518.
[13] Voronkov, A., Iwaya, L.H., Martucci, L.A., &Lindskog, S. (2017). Systematic Literature Review on Usability of Firewall Configuration. ACM Comput. Surv, 50, 87:1-87:35.

Keywords
Firewall; rule; policy; API; REST API; Anomaly detection and correction