Abstract
Due to the increasing cyber threats, firewall has become the one of the core elements in network security. The effectiveness of firewall security is dependent on providing policy management techniques. For this reason, it is highly required to have an automatic tool that is real applicable to running firewalls and it should help administrator use in easy. This paper represents a first step toward a practically applicable tool called Firewall Policy Checker for firewall policy inspection based on four anomaly types. It also focuses on detecting dangerous services such as telnet, ftp and so on which many different administrators set as time goes and detecting illegal servers. This tool also supports a large number of rules with the high speed using efficient N-ary tree module. The experimental results using real organizations’ rules are introduced. Finally, this paper illustrates an easy visualization even for non-security administrators.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Cheswick W, Belovin S (1995) Firewalls and internet security. Addison-Wesley, Reading
Al-Shaer ES, Hamed HH (2002) Design and implementation of firewall policy advisor tools, Technical report CTI-techrep0801
Al-Shaer ES, Hamed HH (2003) Firewall policy advisor for anomaly discovery and rule editing. In: IFIP/IEEE 8th international symposium on integrated network management
Tran T, Al-Shaer E, Boutaba R (2007) PolicyVis: firewall security policy visualization and inspection. In: Proceedings of the 21st large installation system administration conference (LISA ‘07)
Marty R (2009) Applied security visualization. Addison Wesley, Reading
Lee CP, Trost J, Gibbs N, Beyah R, Copeland JA (2005) Visual firewall: real-time network security monitor. In: Proceedings of the IEEE workshops on visualization for computer security
Nidhi S (2005) FireViz: a personal firewall visualizing tool. Thesis, Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science
Secui NXG Firewall. http://www.secui.com
GNU gnash. http://www.gnu.org/software/gnash
Cadabra. http://cadabra.phi-sci.com
Christian R AfterGlow. http://afterglow.sourceforge.net/
Ellson J, Gansner ER, Koutsofios E, North SC, Woodhull G (2003) Graphviz and dynagraph - static and dynamic graph drawing tools. In: Jünger M, Mutzel P (eds) Graph drawing software. Springer-Verlag, Heidelberg, pp 127–148
Yin X, Yurcik W, Slagell A (2005) The design of VisFlowConnect-IP: a link analysis system for IP security situational awareness. In: Proceedings of the 3rd IEEE international workshop on information assurance (IWIA’ 05)
Goodall JR (2007) Introduction to visualization for computer security. In: VizSec ‘07 Proceedings of the 4th international symposium on visualization for cyber security
Pearlman J, Rheingans P (2007) Visualizing network security events using compound glyphs from a service-oriented perspective. In: VizSec ‘07 Proceedings of the 4th international symposium on visualization for cyber security
Glatz E (2010) Visualizing host traffic through graphs. In: VizSec ‘10 Proceedings of the 7th international symposium on visualization for cyber security
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer Science+Business Media B.V.
About this paper
Cite this paper
Kim, UH., Kang, JM., Lee, JS., Kim, HS. (2012). Practical Firewall Policy Inspection Using Anomaly Detection and Its Visualization. In: Kim, K., Ahn, S. (eds) Proceedings of the International Conference on IT Convergence and Security 2011. Lecture Notes in Electrical Engineering, vol 120. Springer, Dordrecht. https://doi.org/10.1007/978-94-007-2911-7_61
Download citation
DOI: https://doi.org/10.1007/978-94-007-2911-7_61
Published:
Publisher Name: Springer, Dordrecht
Print ISBN: 978-94-007-2910-0
Online ISBN: 978-94-007-2911-7
eBook Packages: EngineeringEngineering (R0)