Automated and Optimized FDD-Based Method to Fix Firewall Misconfigurations

Saâdaoui, Amina; Souayeh, Nihel Ben Youssef Ben; Bouhoula, Adel

doi:10.1109/nca.2015.31

Cited by 6 publications

(6 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Given f i representing the domain of positive integers is a finite range, denoted D(f i ). For example, the domain of the source (D(f 1 )) and destination address (D(f 3 )) in IP v4 packet is [0, 2 32 -1], source (D(f 2 )) and destination port (D(f 4 )) is [0, 2 16 -1] and protocol (D(f 5 )) is [0, 2 8 -1]. C i defines a set of packet fields over the fields f 1 through f d specified as…”

Section: Rule Definition and Anomaliesmentioning

confidence: 99%

“…The rules are corrected by deletion if they are detected as a redundant anomaly, but ruleswapping is applied when a shadowing or correlation anomaly is detected. Additionally, some algorithms [15], [16] can detect and diagnose firewall abnormalities, but these methods are not based on actual evidence. In most of the methods mentioned above, no method perfectly corrects for anomalies in the firewall rules.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

DSSF: Decision Support System to Detect and Solve Firewall Rule Anomalies based on a Probability Approach

Khummanee

Chomphuwiset

Pruksasri

2022

ECTI-CIT Transactions

View full text Add to dashboard Cite

Currently, establishing a private network on the Internet is highly hazardous for attacks as attackers continuously scan computers for vulnerabilities within the connected network. The firewall ranked the highest as a network device is selected to protect unauthorized accesses and attacks. However, firewalls can effectively protect against assaults based on adequately defined rules without any anomalies. In order to resolve anomaly problems and assist firewall admins with the ability to manage the rules effectively, in this paper, a prototype of the decision support system has been designed and developed for encouraging admins to optimize firewall rules and minimize deficiencies that occur in rules by using the probability approach. The experimental results clearly show that the developed model encourages experts and administrators of firewalls to make significant decisions to resolve rule anomalies by expert's confidence increases by 14.8 %, and administrators' confidence soars similarly about 44.2 %. Lastly, the accuracy of correcting rule anomalies is 83 %.

show abstract

Section: Rule Definition and Anomaliesmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

DSSF: Decision Support System to Detect and Solve Firewall Rule Anomalies based on a Probability Approach

Khummanee

Chomphuwiset

Pruksasri

2022

ECTI-CIT Transactions

View full text Add to dashboard Cite

show abstract

“…Concerning cloud firewalls, the fact that WAF acts directly to the web application and the application layer does not imply serious security constraint, therefore, WAF provides a certain degree of flexibility and attracts decision-makers to opt for this solution. Furthermore, WAF is particularly effective against several vulnerabilities at the data validation level, but they can also interact and collaborate with the source code level, and then switch very quickly from denying rules to a recommended set of policy applicable in the next maintenance windows [59,60]. Some automatic rules (for example against data leakages) are configurable in last WAF application manager interfaces, such as the filtering of comments, which may involve sensitive area (i.e., passwords or other private content), and some parameters are automatically checked by the WAF, with regular ACLs update.…”

Section: Firewall Placement In Smart Healthcare Environmentmentioning

confidence: 99%

Firewall Best Practices for Securing Smart Healthcare Environment: A Review

2021

View full text Add to dashboard Cite

Smart healthcare environments are growing at a rapid pace due to the services and benefits offered to healthcare practitioners and to patients. At the same time, smart healthcare environments are becoming increasingly complex environments where a plethora of devices are linked with each other, to deliver services to patients, and they require special security measures to protect the privacy and integrity of user data. Moreover, these environments are exposed to various kinds of security risks, threats, and attacks. Firewalls are considered as the first line of defense for securing smart healthcare networks and addressing the challenges mentioned above. Firewalls are applied at different levels in networks, and range from conventional server-based to cloud-based firewalls. However, the selection and implementation of a proper firewall to get the maximum benefit is a challenging task. Therefore, understanding firewall types, the services offered, and analyzing underlying vulnerabilities are important design considerations that need addressing before implementing a firewall in a smart healthcare environment. The paper provides a comprehensive review and best practices of firewall types, with offered benefits and drawbacks, which may help to define a comprehensive set of policies for smart healthcare devices and environments.

show abstract

“…Given representing the domain of positive integers is a finite range, denoted ( ) . For example, the domain of the source and destination address in an IP packet is [0, 2 32 -1] ( ( 1 ) and ( 2 )), source and destination port is [0, 2 16 -1] ( ( 3 ) and ( 4 )) and protocol is [0, 2 8 -1] ( ( 5 )). defines a set of packet fields over the fields 1 through specified as 1 ∈ 1 ∧ 2 ∈ 2 ∧ … ∧ ∈ where is a subset of ( ).…”

Section: = →mentioning

confidence: 99%

“…It uses an automatic rule removal in the case of redundancy and contradiction anomaly, and uses an automatic rule permutation against shadowing and correlation. Besides, some techniques allow the firewall to automatically detect and analyze conflict rules such as [15] and [16], but they are not based on real tangible evidence. By most methods, the burden of resolving rule conflicts is often given to the administrator's discretion instead.…”

Section: Introductionmentioning

confidence: 99%

Decision Making System for Improving Firewall Rule Anomaly Based on Evidence and Behavior

Khummanee¹,

Chomphuwiset²,

Pruksasri³

2020

Adv. sci. technol. eng. syst. j.

View full text Add to dashboard Cite

Firewalls are controlled by rules which often incur anomalies. The anomalies are considered serious problems that administrators do not desire to happen over their firewalls because they cause more vulnerabilities and decrease the overall performance of the firewall. Resolving anomaly rules that have already occurred on the firewall is difficult and mainly depends on the firewall administrator's discretion. In this paper, a model is designed and developed to assist administrators to make effective decisions for optimizing anomaly rules using the probability approach (Bayesian). In this model, the firewall needs to add four property fields (Extra fields) to the firewall rules: frequency of packets matching against rules, evidence of creating rules, the expertise of rules creator and protocol priority. These fields are used to calculate the probability of each firewall rule. The probability for each rule is used while the rules conflict and administrators need to resolve them. The rule having the highest probability value indicates that it has the highest priority in consideration. Experimental results show that the proposed model allows firewall administrators to make significant decisions about solving anomaly rules. The data structure of this model is based on k-ary tree, therefore the speed of building tree, time complexity and space complexity: O(n), O(logmn) and O(m*n) respectively. Besides, the confidence of the proposed firewall for resolving firewall rule anomalies of the administrator increase by 29.6% against the traditional firewall, and the reliability value between the inter-raters also increase by 13.1%.

show abstract

Automated and Optimized FDD-Based Method to Fix Firewall Misconfigurations

Cited by 6 publications

References 8 publications

DSSF: Decision Support System to Detect and Solve Firewall Rule Anomalies based on a Probability Approach

DSSF: Decision Support System to Detect and Solve Firewall Rule Anomalies based on a Probability Approach

Firewall Best Practices for Securing Smart Healthcare Environment: A Review

Decision Making System for Improving Firewall Rule Anomaly Based on Evidence and Behavior

Contact Info

Product

Resources

About