FireCracker: A Framework for Inferring Firewall Policy using Smart Probing
نویسندگان
چکیده
A firewall policy that is correct and complete is crucial to the safety of a computer network. An adversary will benefit a lot from knowing the policy or its semantics. In this paper, we propose a framework that could be used to blindly discover a firewall policy without prior knowledge. We show how an attacker can reconstruct a firewall’s policy by probing the firewall with tailored packets into a network and forming an idea of what the policy looks like. The proposed methodology shows how to discover a policy that is semantically equivalent to the original one used in the deployed firewall. Three techniques are proposed for reconstructing the policy as well as to intelligently choose the probing packets adaptively based on the firewall response. We show the possibility of obtaining the deployed policy in a feasible time with acceptable accuracy.
منابع مشابه
Distributed Firewall Policy Validation
With hacking attempts, the cost of security breaches, and the importance of defensive computer security in general all on the rise, strong firewalls are more relevant than ever. At the same time, demands for software diversity and increasingly complex network layouts make evaluating adherence to a unified security policy especially difficult. In this paper, I propose a method of uniformly valid...
متن کاملFirewall Mechanism in a User Centric Smart Card Ownership Model
Multi-application smart card technology facilitates applications to securely share their data and functionality. The security enforcement and assurance in application sharing is provided by the smart card firewall. The firewall mechanism is well defined and studied in the Issuer Centric Smart Card Ownership Model (ICOM), in which a smart card is under total control of its issuer. However, it is...
متن کاملDevelopment of Smart Firewall Load Balancing Framework for Multiple Firewalls with an Efficient Heuristic Firewall Rule Set
Firewalls are the devices that we are used to protect data. It might be configured to allow certain devices or applications to access our network. The Firewalls are termed as stateful devices. Traditional firewalls typically need to inspect each packet to ensure that it adheres to the policy that has been configured or not, and then perform the necessary action associated to that particular rul...
متن کاملA Framework for Enforcing User-Based Authorization Policies on Packet Filter Firewalls
Packet filter firewalls are fundamental elements to prevent unauthorized traffic to reach protected networks or hosts. However, they have to take decisions about packets based on their contents, and currently packets do not contain any information about the entity responsible for its generation. In this paper we propose a framework that tackle this problem. The framework adds extra information ...
متن کاملFirewall Management for to Resolve the Policy Anomalies
Firewall is a security system for network, that controls the network traffic based on firewall rules. Firewall depends on the policy configuration, but managing that firewall policy is complex. Existing policy analysis tools, such as Firewall Policy Advisor and FIREMAN, they can only detect the policy anomaly cannot resolve these anomalies, and detection time was also increased. Therefore, I re...
متن کامل