Anomaly Detection: Firewalls Capabilities and Limitations

Firewalls are the most deployed basic security devices that are used to protect private networks from unauthorized accesses and intrusions. Firewall's security protection depends mainly on the quality of the firewall's configured policies. However, as firewalls policies grow in size, the interactions between policies of the same firewall or different firewalls become complex, which makes it difficult to design and manage firewalls policies in large scale systems. This paper identifies and compares recent firewall anomaly management frameworks, tools, and algorithms. It compares the anomaly management approaches in terms of visual representation, need for manual interference, existence of implementation, features, and limitations. It also classifies these approaches as single or distributed architectures, and the modes of these approaches as real-time or offline. Useful recommendations are provided as a result of this study.

[1]  S. A. Darade,et al.  Firewall Anomaly Management: A survey , 2014 .

[2]  Chen-Nee Chuah,et al.  FIREMAN: a toolkit for firewall modeling and analysis , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[3]  M. Madhuri,et al.  Systematic Detection And Resolution Of Firewall Policy Anomalies , 2013 .

[4]  Ehab Al-Shaer,et al.  Discovery of policy anomalies in distributed firewalls , 2004, IEEE INFOCOM 2004.

[5]  Bettina Schnor,et al.  Policy anomaly detection for distributed IPv6 firewalls , 2015, 2015 12th International Joint Conference on e-Business and Telecommunications (ICETE).

[6]  Ehab S. Elmallah,et al.  Hardness of Firewall Analysis , 2014, IEEE Transactions on Dependable and Secure Computing.

[7]  Santosh Darade,et al.  Detection of Firewall Policy Anomalies in Real-time Distributed Network Security Appliances , 2015 .

[8]  Adel Bouhoula,et al.  Formal Checking of Multiple Firewalls , 2012, ArXiv.

[9]  K. Bowyer,et al.  Resolving Cross Domain Firewall Policy Anomalies , 2016 .

[10]  Michaël Rusinowitch,et al.  Detection of firewall configuration errors with updatable tree , 2015, International Journal of Information Security.

[11]  Gail-Joon Ahn,et al.  Detecting and Resolving Firewall Policy Anomalies , 2012, IEEE Transactions on Dependable and Secure Computing.

[12]  P. Pandarinath,et al.  Cross-Domain Search for Policy Anomalies in Firewall , 2014 .