Firewall Anomaly Management: A survey

secures a private network from intrusions from other networks. The firewall has ACLs (Access Control List) that contain rules used to allow or deny incoming traffic. These rules form the security policy of the firewall. The large size and complexity of modern networks result in large and complex firewall policies. Designing policies for a network of firewalls is a difficult task as a number of cases have to be taken into consideration for access control. Also, a network administrator may want to update the policies in order to replace them with new ones. The process of updating firewall policies is difficult and error prone. In this paper, we provide a structured and comprehensive overview of various techniques in regards to firewall anomaly detection. We briefly describe and compare various known algorithms and tools used to detect and/or resolve the firewall anomalies.

[1]  Mohamed G. Gouda,et al.  Firewall Policy Queries , 2009, IEEE Transactions on Parallel and Distributed Systems.

[2]  Avishai Wool,et al.  Fang: a firewall analysis engine , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[3]  Chi-Shih Chao,et al.  A flexible and feasible anomaly diagnosis system for Internet firewall rules , 2011, 2011 13th Asia-Pacific Network Operations and Management Symposium.

[4]  Suchart Khummanee,et al.  Towards a new design of firewall: Anomaly elimination and fast verifying of firewall rules , 2013, The 2013 10th International Joint Conference on Computer Science and Software Engineering (JCSSE).

[5]  Avishai Wool,et al.  Offline firewall analysis , 2006, International Journal of Information Security.

[6]  Alex X. Liu,et al.  Firewall policy verification and troubleshooting , 2009, Comput. Networks.

[7]  Du Zhang,et al.  FIEP: An initial design of a firewall information exchange protocol , 2013, 2013 IEEE 14th International Conference on Information Reuse & Integration (IRI).

[8]  Gail-Joon Ahn,et al.  Detecting and Resolving Firewall Policy Anomalies , 2012, IEEE Transactions on Dependable and Secure Computing.

[9]  Avishai Wool,et al.  Firmato: A novel firewall management toolkit , 2004, TOCS.

[10]  Angelos D. Keromytis,et al.  Designing Firewalls: A Survey , 2007 .

[11]  Chen-Nee Chuah,et al.  FIREMAN: a toolkit for firewall modeling and analysis , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[12]  Ehab Al-Shaer,et al.  Discovery of policy anomalies in distributed firewalls , 2004, IEEE INFOCOM 2004.

[13]  Alan Jeffrey,et al.  Model Checking Firewall Policy Configurations , 2009, 2009 IEEE International Symposium on Policies for Distributed Systems and Networks.

[14]  Alex X. Liu Formal Verification of Firewall Policies , 2008, 2008 IEEE International Conference on Communications.