Important: Use custom search function to get better results from our thousands of pages

Use " " for compulsory search eg:"electronics seminar" , use -" " for filter something eg: "electronics seminar" -"/tag/" (used for exclude results from tag pages)
Tags: Anomalies, Policy, Firewall, Resolving, Detecting, Detecting and Resolving Firewall Policy Anomalies,
Ask More Info Of  A Seminar Ask More Info Of A Project Post Reply  Follow us on Twitter
24-09-2012, 04:49 PM
Post: #1
Detecting and Resolving Firewall Policy Anomalies
Detecting and Resolving Firewall Policy Anomalies

ABSTRACT

To provide an innovative policy anomaly management framework for firewalls, adopting a rule-based segmentation technique to identify policy anomalies and derive effective anomaly resolutions
05-02-2013, 11:32 AM
Post: #2
RE: Detecting and Resolving Firewall Policy Anomalies
Detecting and Resolving Firewall Policy Anomalies


.pdf  1Detecting and Resolving.pdf (Size: 1.55 MB / Downloads: 52)

Abstract

The advent of emerging computing technologies such as service-oriented architecture and cloud computing has enabled
us to perform business services more efficiently and effectively. However, we still suffer from unintended security leakages by
unauthorized actions in business services. Firewalls are the most widely deployed security mechanism to ensure the security of private
networks in most businesses and institutions. The effectiveness of security protection provided by a firewall mainly depends on the
quality of policy configured in the firewall. Unfortunately, designing and managing firewall policies are often error prone due to the
complex nature of firewall configurations as well as the lack of systematic analysis mechanisms and tools. In this paper, we represent
an innovative policy anomaly management framework for firewalls, adopting a rule-based segmentation technique to identify policy
anomalies and derive effective anomaly resolutions. In particular, we articulate a grid-based representation technique, providing an
intuitive cognitive sense about policy anomaly. We also discuss a proof-of-concept implementation of a visualization-based firewall
policy analysis tool called Firewall Anomaly Management Environment (FAME). In addition, we demonstrate how efficiently our
approach can discover and resolve anomalies in firewall policies through rigorous experiments.

INTRODUCTION

AS one of essential elements in network and information
system security, firewalls have been widely deployed
in defending suspicious traffic and unauthorized access to
Internet-based enterprises. Sitting on the border between a
private network and the public Internet, a firewall examines
all incoming and outgoing packets based on security rules.
To implement a security policy in a firewall, system
administrators define a set of filtering rules that are derived
from the organizational network security requirements.
Firewall policy management is a challenging task due to
the complexity and interdependency of policy rules. This is
further exacerbated by the continuous evolution of network
and system environments. For instance, Al-Shaer and
Hamed [1] reported that their firewall policies contain
anomalies even though several administrators including
nine experts maintained those policies. In addition, Wool [2]
recently inspected firewall policies collected from different
organizations and indicated that all examined firewall
policies have security flaws.

ANOMALY REPRESENTATION BASED ON PACKET
SPACE


Packet Space Segmentation and Classification

As we discussed in Section 2, existing anomaly detection
methods could not accurately point out the anomaly
portions caused by a set of overlapping rules. In order to
precisely identify policy anomalies and enable a more
effective anomaly resolution, we introduce a rule-based
segmentation technique, which adopts a binary decision
diagram (BDD)-based data structure to represent rules
and perform various set operations, to convert a list of rules
into a set of disjoint network packet spaces. This technique
has been recently introduced to deal with several research
problems such as network traffic measurement [9], firewall
testing [10] and optimization [11].

Grid Representation of Policy Anomaly

To enable an effective anomaly resolution, complete and
accurate anomaly diagnosis information should be represented
in an intuitive way. When a set of rules interacts, one
overlapping relation may be associated with several rules.
Meanwhile, one rule may overlap with multiple other rules
and can be involved in a couple of overlapping relations
(overlapping segments). Different kinds of segments and
associated rules can be viewed in the uniform representation
of anomalies (Fig. 1c). However, it is still difficult for an
administrator to figure out how many segments one rule is
involved in. To address the need of a more precise anomaly
representation, we additionally introduce a grid representation
that is a matrix-based visualization of policy anomalies.

ANOMALY MANAGEMENT FRAMEWORK

Our policy anomaly management framework is composed of
two core functionalities: conflict detection and resolution, and
redundancy discovery and removal, as depicted in Fig. 3. Both
functionalities are based on the rule-based segmentation
technique. For conflict detection and resolution, conflicting
segments are identified in the first step. Each conflicting
segment associates with a policy conflict and a set of
conflicting rules. Also, the correlation relationships among
conflicting segments are identified and conflict correlation
groups (CG) are derived. Policy conflicts belonging to
different conflict correlation groups can be resolved separately;
thus, the searching space for resolving conflicts is
reduced by the correlation process. The second step
generates an action constraint for each conflicting segment
by examining the characteristics of each conflicting segment.

IMPLEMENTATION AND EVALUATION

Our framework is realized as a proof-of-concept prototype
called Firewall Anomaly Management Environment. Fig. 9
shows a high-level architecture of FAME with two levels.
The upper level is the visualization layer, which visualizes
the results of policy anomaly analysis to system administrators.
Two visualization interfaces, policy conflict viewer
and policy redundancy viewer, are designed to manage
policy conflicts and redundancies, respectively. The lower
level of the architecture provides underlying functionalities
addressed in our policy anomaly management
framework and relevant resources including rule information,
strategy repository, network asset information, and
vulnerability information.

RELATED WORK

There exist a number of algorithms and tools designed to
assist system administrators in managing and analyzing
firewall policies. Lumeta [30] and Fang [31] allow user
queries for the purpose of analysis and management of
firewall policies. Essentially, they introduced lightweight
firewall testing tools but could not provide a comprehensive
examination of policy misconfigurations. Gouda et al. [32]
devised a firewall decision diagram (FDD) to support
consistent, complete, and compact firewall policy generation.
Bellovin et al. [33] introduced a distributed firewall model
that supports centralized policy specification. Several other
approaches presenting policy analysis tools with the goal of
detecting policy anomalies are closely related to our work.
Al-Shaer and Hamed [1] designed a tool called Firewall
Policy Advisor to detect pairwise anomalies in firewall rules.
Yuan et al. [5] presented FIREMAN, a toolkit to check for
misconfigurations in firewall policies through static analysis.
As we discussed previously, our tool, FAME, overcomes the
limitations of those tools by conducting a complete anomaly
detection and providing more accurate anomaly diagnosis
information. In particular, the key distinction of FAME is its
capability to perform an effective conflict resolution, which
has been ruled out in other firwall policy analysis tools.

CONCLUDING REMARKS

In this paper, we have proposed a novel anomaly management
framework that facilitates systematic detection and
resolution of firewall policy anomalies. A rule-based
segmentation mechanism and a grid-based representation
technique were introduced to achieve the goal of effective
and efficient anomaly analysis. In addition, we have
described a proof-of-concept implementation of our anomaly
management environment called FAME and demonstrated
that our proposed anomaly analysis methodology is
practical and helpful for system administrators to enable an
assurable network management.
Our future work includes usability studies to evaluate
functionalities and system requirements of our policy
visualization approach with subject matter experts. Also,
we would like to extend our anomaly analysis approach to
handle distributed firewalls. Moreover, we would explore
how our anomaly management framework and visualization
approach can be applied to other types of access
control policies.
Rating Detecting and Resolving Firewall Policy Anomalies Options
Share Detecting and Resolving Firewall Policy Anomalies To Your Friends :- Seminar Topics Bookmark
Post Reply 

Marked Categories : firewall, detecting and resolving firewall policy anomalies doc, detecting and resolving firewall policy anomalies report, detecting and resolving firewall policy anomalies, how to find policy anomalies in firewall, detecting and resolving firewall policy anomalies project, detect and resolve firewall code project, detection and resolution of firewall policy anomaliesfull project free download, detecting and resolving firewall full project, firewall policy anomalies, abstract of detecting and resolving firewall policy anomalies, detecting and resolving firewall policy anomalies in code project, detecting and resolving firewall policy anomalies ppt,

[-]
Quick Reply
Message
Type your reply to this message here.


Image Verification
Image Verification
(case insensitive)
Please enter the text within the image on the left in to the text box below. This process is used to prevent automated posts.

Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  Distributed Firewall Application for Policy Management and Network Security seminar code 0 38 15-09-2014 11:31 AM
Last Post: seminar code
  Forensic policy and risk assessment for IT and Database organizations seminar code 0 60 08-09-2014 04:13 PM
Last Post: seminar code
  Detecting Spam Zombies by Monitoring Outgoing Messages Project Report seminar code 0 58 08-09-2014 04:06 PM
Last Post: seminar code
  Monitoring and Detecting Abnormal Behavior in Mobile Cloud Infrastructure project maker 0 34 05-09-2014 03:32 PM
Last Post: project maker
  Windows Firewall In Different Campus presentation Abstract 0 24 01-09-2014 12:15 PM
Last Post: presentation Abstract
  Discovery and Resolution of Anomalies in Web Access Control Policies project topic data seminar 0 59 30-08-2014 03:56 PM
Last Post: data seminar
  SECURITY AND COLLABORATIVE ENFORCEMENT OF FIREWALL POLICIES IN VPNS seminar code 0 38 31-07-2014 10:56 AM
Last Post: seminar code
  Optimal Self-Diagnosis Policy for project maker 0 51 07-07-2014 03:15 PM
Last Post: project maker
  ANALYSIS OF DETECTING WORMHOLE ATTACK IN WIRELESS NETWORK seminar code 0 88 28-06-2014 03:40 PM
Last Post: seminar code
  Detecting Copy-Move Forgery in Digital Images: A Survey and Analysis of Current Metho seminar code 0 104 17-06-2014 11:54 AM
Last Post: seminar code
This Page May Contain What is Detecting and Resolving Firewall Policy Anomalies And Latest Information/News About Detecting and Resolving Firewall Policy Anomalies,If Not ...Use Search to get more info about Detecting and Resolving Firewall Policy Anomalies Or Ask Here

Options: