Classification and Discovery on Intrafirewall Policy Anomalies

Abstract

Firewalls are core elements in network security. However, managing firewall rules is an error-prone task especially for less experienced administrator. The reason is that firewall filtering rules itself might cause network vulnerability due to the firewall policy anomalies were not carefully written and ordered them. Thus, firewall rule classification is essential to determine the proper rule placement and ordering without any policy anomalies when they are inserting or modifying filtering rules. In this thesis, a firewall rules classifier is developed based on IntraFirewall Policy Anomaly Algorithm in order to discover and alert all possible policy anomalies in IPCop firewall that is used in Small Office Home Office (SOHO) network. And the main purpose of this classifier is to assist the administrator who he or she is setting their firewall to be able to configure conflict-free firewall rules easily by giving advising alerts. This firewall is implemented in a small campus network prototype and experimented it in a virtual network that is built by using VMware Workstation 10. Firewall policy for this system is based on own predefined security policy for this network. The developed classifier can assist the administrators by advising all possible types of firewall anomalies in firewall setting.