Thursday, 17 September 2015

A Novel Management Framework for Policy Anomaly in Firewall

IJSRD Found good research work on Computer Science & Engineering Research Area related to Anomaly in Firewall.

The advent of emerging technologies such as Web services, service-oriented architecture, and cloud computing has enabled us to perform business services more efficiently and effectively. However, we still suffer from unintended security leakages by unauthorized actions in business services. Firewalls are the most widely deployed security mechanism to ensure the security of private networks in most businesses and institutions. The effectiveness of security protection provided by a firewall mainly depends on the quality of policy configured in the firewall. Unfortunately, designing and managing firewall policies are often error-prone due to the complex nature of firewall configurations as well as the lack of systematic analysis mechanisms and tools. In this paper, we represent an innovative policy anomaly management framework for firewalls, adopting a rule-based segmentation technique to identify policy anomalies and derive effective anomaly resolutions. We also discuss a proof-of-concept implementation of a visualization-based firewall policy analysis tool called Firewall Anomaly Management Environment (FAME). In addition, we demonstrate how efficiently our approach can discover and resolve anomalies in firewall policies through rigorous experiments using Automatic rule generation technique.

Key words: FAME, policy anomaly, firewall, segment


A distributed firewall preserves central control of access policy, which eliminates the dependency on topology. The proposed work introduces new ARG (Automatic Rule Generation) algorithm for distributed firewalls. The ARG algorithm proposed for automatically generating rules, detecting and resolving policy anomaly in distributed firewalls. By automating the task of administrator in distributed environment, it reduces the complexity and increases flexibility.[1]

The proposed system architecture in Fig.1 which has the following advantages: (i) No restriction for topological boundary. (ii) Automatic rule generation detects and resolves the policy anomalies in distributed firewalls. (iii) Eliminates redundancy (iv) Reduces complexity and increases flexibility.
In the proposed work, rules and actions are generated or modified according to the changes in the requirements of the dynamic environment. When a client sends a data packet to network, firewall checks the packet characteristics and decides to allow/deny the packet flow into the network. [1] The firewall rule anomalies are identified using packet space segmentation technique, and then the risk of anomalies is assessed, based upon the risk, the firewall rules are re-ordered. Risk assessment is measured using an upper bound and lower bound threshold values.
Fig. Data Flow Diagram

 The proposed work includes the following stages:
  Automatic rule generation
  Packet Space Segmentation
  Action Constraint Generation
  Rule Reordering
  Data Package

 A. Automatic Rule Generation:

When the client wants to send data packets to the network, some set of firewall rules should be satisfied to allow the packets in Fig 2. For this, network administrators from different location allocate certain firewall rules to the server. Here generation of firewall rules and actions are done automatically. This process is performed by taking certain specifications and constraints. [1] The specification are taken and mapped randomly to generate the firewall rules. The rules are generated in the rule engine, the action happens when a client sends data packet to rule engine.

For More Click Here...


No comments:

Post a Comment