Classification and Discovery on Intra-Firewall Policy Anomalies

Abstract

Firewalls are core elements in network security. However, managing firewall rules is an error-prone task especially for less experience administrator. The reason is that firewall filtering rules itself might cause network vulnerability due to the firewall policy anomalies unless carefully written and ordered them. Thus, firewall rule analysis is essential to determine the proper rule placement and ordering without any policy anomalies when inserting or modifying filtering rules. In this thesis, we develop a firewall rules analyzer based on IntraFirewall Policy Anomaly Algorithm in order to discover and alert all possible policy anomalies in IPCOP firewall that is used in Small Office Home Office (SOHO) network. And the main purpose of this analyzer is to assist the administrators who setting their firewall to be able to configure conflict-free firewall rules easily by giving advising alerts. We implemented the firewall in a small campus network prototype and experimented it in a virtual network that is built by using Virtual Machine Software (VMWare) Workstation 10. Firewall policy for this system is based on our own predefined security policy for this network. We will test the system that how the developed analyzer can assist the administrators by comparing of the administrator's ability for firewall setting with the help of the analyzer and those without the help of it.