Efficient method for inferring a firewall policy

We propose a framework which infers the policy of firewall deployed in the Internet access point and computer system. The proposed methodology shows how to infer a firewall policy from restricted probing packets, using consecutive characteristics of the IP address and TCP/UDP port number. We also show the experimental results and the performance of the proposed method.

[1]  Karen A. Scarfone,et al.  Guidelines on Firewalls and Firewall Policy , 2009 .

[2]  Ehab Al-Shaer,et al.  Discovery of policy anomalies in distributed firewalls , 2004, IEEE INFOCOM 2004.

[3]  Mohamed G. Gouda,et al.  Firewall design: consistency, completeness, and compactness , 2004, 24th International Conference on Distributed Computing Systems, 2004. Proceedings..

[4]  Brian D. Noble,et al.  StrobeLight: Lightweight Availability Mapping and Anomaly Detection , 2009, USENIX Annual Technical Conference.

[5]  Chen-Nee Chuah,et al.  FIREMAN: a toolkit for firewall modeling and analysis , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[6]  T. Samak,et al.  Firewall Policy Reconstruction by Active Probing: An Attacker's View , 2006, 2006 2nd IEEE Workshop on Secure Network Protocols.

[7]  Avishai Wool,et al.  Fang: a firewall analysis engine , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[8]  E. Al-Shaer,et al.  Firewall Policy Advisor for anomaly discovery and rule editing , 2003, IFIP/IEEE Eighth International Symposium on Integrated Network Management, 2003..

[9]  Michael Ian Shamos,et al.  Geometric intersection problems , 1976, 17th Annual Symposium on Foundations of Computer Science (sfcs 1976).

[10]  Ehab Al-Shaer,et al.  FireCracker: A Framework for Inferring Firewall Policies using Smart Probing , 2007, 2007 IEEE International Conference on Network Protocols.

[11]  Avishai Wool Architecting the Lumeta Firewall Analyzer , 2001, USENIX Security Symposium.