End-to-End Network Access Analysis

© End-to-End Network Access Analysis Sruthi Bandhakavi, Sandeep Bhatt, Cat Okita, Prasad Rao HP Laboratories HPL-2008-28R1 No keywords available. Network security administrators cannot always accurately tell which end-to-end accesses are permitted within their network, and which ones are not. The problem is that every access is determined by the configurations of multiple, separately administered, components along a path. Furthermore, configurations evolve over time, and a small change in one configuration file can have widespread impact on the end-to-end accesses. Short of exhaustive testing, which is prohibitively time consuming and impractical, there are no good solutions to analyze end-to-end flows from network configurations. This paper presents a technique to analyze all the end-to-end accesses from the configuration files of network routers and firewalls. The contributions of this paper are to engineer solutions for real network instances that are based on (i) generic templates for network components and (ii) a more general treatment of firewalls, including ways to deal with certain state-dependent filter rules, and (iii) efficient generation of firewall access control rules to meet desired end-to-end flow requirements. Our goal is to help network security engineers and operators quickly determine configuration errors that may cause unexpected access behavior. External Posting Date: November 21, 2008 [Fulltext] Approved for External Publication Internal Posting Date: November 21, 2008 [Fulltext] Copyright 2008 Hewlett-Packard Development Company, L.P. End-to-end Network Access Analysis Sruthi Bandhakavi∗, Sandeep Bhatt, Cat Okita†, Prasad Rao Hewlett-Packard Laboratories 5 Vaughn Drive Princeton, NJ 08540 Abstract Network security administrators cannot always accurately tell which end-to-end accesses are permitted within their network, and which ones are not. The problem is that every access is determined by the con gurations of multiple, separately administered, components along its path. Furthermore, congurations are constantly evolving, and a small change in one con guration le can have widespread impact on the end-to-end accesses. Short of exhaustive testing, which is prohibitively time consuming and impractical, there are no good solutions to analyze end-to-end ows from network con gurations. This paper presents a technique to analyze all the end-to-end accesses from the con guration les of network routers, switches and rewalls. Our goal is to help network security engineers and operators quickly determine con guration errors that may cause unexpected behavior such as unwanted accesses or unreachable services. Our technique can be also be used as part of the change management process, to help prevent network miscon guration. We build upon the work in [6], which presented an abstract formulation of the problem. The contributions of this paper are to engineer solutions for real network instances that are based on (i) generic templates for network components and (ii) a more general treatment of rewalls, including ways to deal with certain state-dependent lter rules, and (iii) e cient generation of rewall access control rules to meet desired end-to-end ow requirements.Network security administrators cannot always accurately tell which end-to-end accesses are permitted within their network, and which ones are not. The problem is that every access is determined by the con gurations of multiple, separately administered, components along its path. Furthermore, congurations are constantly evolving, and a small change in one con guration le can have widespread impact on the end-to-end accesses. Short of exhaustive testing, which is prohibitively time consuming and impractical, there are no good solutions to analyze end-to-end ows from network con gurations. This paper presents a technique to analyze all the end-to-end accesses from the con guration les of network routers, switches and rewalls. Our goal is to help network security engineers and operators quickly determine con guration errors that may cause unexpected behavior such as unwanted accesses or unreachable services. Our technique can be also be used as part of the change management process, to help prevent network miscon guration. We build upon the work in [6], which presented an abstract formulation of the problem. The contributions of this paper are to engineer solutions for real network instances that are based on (i) generic templates for network components and (ii) a more general treatment of rewalls, including ways to deal with certain state-dependent lter rules, and (iii) e cient generation of rewall access control rules to meet desired end-to-end ow requirements.