Information game of public firewall rules

Firewalls are among the most important components in network security. Traditionally, the rules of the firewall are kept private under the assumption that privacy of the ruleset makes attacks on the network more difficult. We posit that this assumption is no longer valid in the Internet of today due to two factors: the emergence of botnets reducing probing difficulty and second, the emergence of distributed applications where private rules increase the difficulty of troubleshooting. We argue that the enforcement of the policy is the key, not the secrecy of the policy itself. In this paper, we demonstrate through the application of game theory that public firewall rules when coupled with false information (lying) are not only viable but actually better.

[1]  T. Basar,et al.  A game theoretic analysis of intrusion detection in access control systems , 2004, 2004 43rd IEEE Conference on Decision and Control (CDC) (IEEE Cat. No.04CH37601).

[2]  S. Cobb Establishing firewall policy , 1996, Southcon/96 Conference Record.

[3]  J. Nash Equilibrium Points in N-Person Games. , 1950, Proceedings of the National Academy of Sciences of the United States of America.

[4]  E. Rowland Theory of Games and Economic Behavior , 1946, Nature.

[5]  Anne H. H. Ngu,et al.  Firewall Queries , 2004, OPODIS.

[6]  T. Samak,et al.  Firewall Policy Reconstruction by Active Probing: An Attacker's View , 2006, 2006 2nd IEEE Workshop on Secure Network Protocols.

[7]  Ehab Al-Shaer,et al.  FireCracker: A Framework for Inferring Firewall Policies using Smart Probing , 2007, 2007 IEEE International Conference on Network Protocols.