Automated Framework for Policy Optimization in Firewalls and Security Gateways
نویسندگان
چکیده
The challenge to address in multi-firewall and security gateway environment is to implement conflict-free policies, necessary to avoid security inconsistency, and to optimize, at the same time, performances in term of average filtering time, in order to make firewalls stronger against DoS and DDoS attacks. Additionally the approach should be real time, based on the characteristics of network traffic. Our work defines an algorithm to find conflict free optimized device rule sets in real time, by relying on information gathered from traffic analysis. We show results obtained from our test environment demonstrating for computational power savings up to 24% with fully conflict free device policies.
منابع مشابه
Policy Algebras for Hybrid Firewalls
Firewalls are a effective means of protecting a local system or network of systems from network-based security threats. In this paper, we propose a policy algebra framework for security policy enforcement in hybrid firewalls, ones that exist both in the network and on end systems. To preserve the security semantics, the policy algebras provide a formalism to compute addition, conjunction, subtr...
متن کاملFirewall Policy Modeling, Analysis and Simulation: a Survey
Computer firewalls are widely used for security policy enforcement and access control. Current firewalls use various processing models and are configured using their own policy description languages. In this paper we will try to survey research efforts in the area of formalization of firwall operational sematnics and policy description languages and applications of such formal models and langua...
متن کاملSpecification, Analysis and Resolution of Anomalies in Firewall Security Policies
Firewalls are essential components in network security solutions. Managers have to specify their organizational security policies using low level and order-dependent rules in firewalls. Furthermore, dependency of firewalls to the network topology, frequent changes in network topology and lack of an automatic method for analysis and verification of anomalies in specified security policy lead to ...
متن کاملWS-SecurityPolicy Decision and Enforcement for Web Service Firewalls
A known weakness of Web Services is their vulnerability to Denial of Service attacks exploiting XML processing characteristics. To protect Web Services from these attacks, extended validation of SOAP messages—considering WS-Security and WS-SecurityPolicy—is made. For SOAP security is message oriented, the processing of the security content itself is vulnerable to Denial of Service attacks. Henc...
متن کاملTowards Global Verification and Analysis of Network Access Control Configuration
Network devices such as routers, firewalls, IPSec gateways, and NAT are configured using access control lists. However, recent studies and ISP surveys show that the management of access control configurations is a highly complex and error prone task [4]. Without automated global configuration management tools, unreachablility and insecurity problems due to the misconfiguration of network device...
متن کامل