King Saud University Repository >
King Saud University >
Science Colleges >
College of Computer and Information Sciences >
College of Computer and Information Sciences >

Please use this identifier to cite or link to this item: http://hdl.handle.net/123456789/15391

Title: Security Analysis of Firewall Rule Sets in Computer Networks
Authors: Khaled Alghathbar
Muhammad khurram khan
Abdullah AlKelabi
Keywords: Security Analysis, Firewall Rule set.
Issue Date: 2010
Publisher: IEEE
Abstract: Firewalls are the screening gates for the internet/intranet traffic in computer networks. However, deploying a firewall is simply not enough since it needs to be configured by the system administrator according to the needs of the organization. There are many reasons due to which it is hard for the administrator to configure the firewall properly. Specifying firewall rule set is complicated and error prone. Once the firewall rules are defined, then firewall should be tested, whether it actually implements firewall policy. In this paper, one of the approaches of the firewall rule set analysis, i.e., the problems with the structure of the firewall rule set is being addressed. The structure of a sample firewall rule set is analyzed to detect and resolve conflicts using two structural analysis methodologies, i.e., Policy Tree and Relational Algebra. Then the results obtained from the test by using an automated tool PolicyVisor, based on the policy tree methodology, are analyzed. It is found from the analysis that even a set of only six rules has number of anomalies. Moreover, it is hard for the human to find such anomalies manually in a larger rule set and failure to find such anomalies leads to change the firewall policy.
URI: http://hdl.handle.net/123456789/15391
Appears in Collections:College of Computer and Information Sciences

Files in This Item:

File Description SizeFormat
Alghathbar_conf_16.docx12.79 kBMicrosoft Word XMLView/Open

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.


DSpace Software Copyright © 2002-2009 MIT and Hewlett-Packard - Feedback