Tugkan Tuglular Dept. of Computer Engineering, Izmir Institute of Technology, Izmir, Turkey [email protected] Firewall tests have to be performed to verify that the firewall works as specified. In this work, a test case generation approach is developed, which defines test cases based on the firewall rule sequence and uses real traffic database to prepare test packets. Test packets can ...

The common match fields in firewall rules refer to a packet’s source and destination IP addresses, protocol, and source and destination port numbers. However, most firewalls are also capable of filtering based on a packet’s direction: which network interface card the packet is crossing, and whether the packet is crossing the interface from the network into the firewall (‘‘inbound’’) or vice ver...

Firewall admins and auditors face some tough questions: • Is the firewall really enforcing the corporate security policy? • How will the new admin learn the firewall rules? • We're acquiring company Y. What does their firewall allow?

Firewalls are important elements of enterprise security and have been the most widely adopted technology for protecting private networks. The quality of protection provided by a firewall mainly depends on the quality of its policy (i.e., configuration). However, due to the lack of tools for verifying and troubleshooting firewall policies, most firewalls on the Internet have policy errors. A fir...

Firewalls are critical security devices handling all traffic in and out of a network. When under heavy load of both malicious and legitimate traffic, firewalls may be overloaded and start discarding or permitting packets without checking firewall rules, which can cause huge revenue losses or security breaches. In this paper, we study Denial of Firewalling attacks, where attackers use well-craft...

Firewalls are the cornerstones of network security. To make firewalls working effectively, firewall manager must design firewall rules and the rule order correctly. In this paper, we present a firewall management toolkit which makes firewall rules understandable, designable and testable. Understandable means that the rules shown to the manager are easily understood. Designable means that it is ...

Treating modern firewall policy languages as imperative, special purpose programming languages, in this article we will try to apply static code analysis techniques for the purpose of anomaly detection. We will first abstract a policy in common firewall policy language into an intermediate language, and then we will try to apply anomaly detection algorithms to it. The contributions made by this...

In this paper, we propose a method to analyze the firewall policy or rule-set using Relational Algebra and Raining 2D-Box Model. It can discover all the anomalies in the firewall rule-set in the format that is usually used by many firewall products such as Cisco Access Control List, IPTABLES, IPCHAINS and Check Point Firewall-1. While the existing analyzing methods consider the anomalies betwee...