Abstract
Due to the increasing cyber threats, firewall has become the one of the core elements in network security. The effectiveness of firewall security is dependent on providing policy management techniques. For this reason, it is highly required to have an automatic tool that is real applicable to running firewalls and it should help administrators use in easy. This paper represents a first step toward a practically applicable tool called Firewall Policy Checker for firewall policy inspection based on four anomaly types. It also focuses on detecting dangerous services such as telnet, ftp and so on which many administrators set as time goes and detecting illegal servers. In addition, this tool supports a large number of rules with the high speed using efficient N-ary tree module. The experimental results using real organizations’ rules are introduced. Finally, this paper illustrates an easy 3D visualization even for non experts.
Similar content being viewed by others
References
Cadabra, “http://cadabra.phi-sci.com”.
Cheswick W. and S. Belovin (1995) “Firewalls and Internet Security”, Addison-Wesley,
Christian R. AfterGlow, “http://afterglow.sourceforge.net/”.
Ehab S. Al-Shaer and Hazem H. Hamed (2002) “Design and Implementation of Firewall Policy Advisor Tools”, Technical Report CTI-techrep0801
Ehab S. Al-Shaer and Hazem H. Hamed (2003) “Firewall Policy Advisor for Anomaly Discovery and Rule Editing”, IFIP/IEEE 8th International Symposium on Integrated Network Management
Ellson J, Gansner ER, Koutsofios E, North SC , and Woodhull G (2003). Graphviz and Dynagraph - Static and Dynamic Graph Drawing Tools. In M. Jünger and P. Mutzel, editors, Graph Drawing Software, pages 127–148. Springer-Verlag
Glatz E (2010) “Visualizing Host Traffic through Graphs”, VizSec ’10 Proceedings of the Seventh International Symposium on Visualization for Cyber Security
GNU gnash, “http://www.gnu.org/software/gnash”.
Goodall JR (2007) “Introduction to Visualization for Computer Security”, VizSec ’07 Proceedings of the Fourth International Symposium on Visualization for Cyber Security
Lee, CP., Trost J, Gibbs N, Beyah R, Copeland JA (2005) Visual Firewall: Real-time Network Security Monitor”, Proceedings of the IEEE Workshops on Visualization for Computer Security
Marty R (2009) “Applied Security Visualization”, Addison Wesley
Nidhi S (2005) “FireViz: A Personal Firewall Visualizing Tool”, Thesis, Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science
Pearlman J. and Rheingans P (2007) “Visualizing Network Security Events Using Compound Glyphs from a Service-Oriented Perspective”, VizSec ’07 Proceedings of the Fourth International Symposium on Visualization for Cyber Security
Secui NXG Firewall, “http://www.secui.com”.
Tran T, Al-Shaer E, and Boutaba R (2007) “PolicyVis: Firewall Security Policy Visualization and Inspection”, Proceedings of the 21st Large Installation System Administration Conference (LISA ’07)
Yin X, Yurcik W, and Slagell A (2005) “The Design of VisFlowConnect-IP: a Link Analysis System for IP Security Situational Awareness”, Proceedings of the Third IEEE International Workshop on Information Assurance (IWIA’ 05)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Kim, UH., Kang, JM., Lee, JS. et al. Practical firewall policy inspection using anomaly detection and its visualization. Multimed Tools Appl 71, 627–641 (2014). https://doi.org/10.1007/s11042-013-1673-8
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11042-013-1673-8