Information Technology News| IT News India | IT industry

Home > Specials > Security > Features

presented by

Managing an Enterprise Firewall

Firewalls are core elements in network security. However, due to the increasing threat of network attacks, firewalls have become important integrated elements not only in enterprise networks but also in small-size and home networks.

Naveed Ahmed, Head, Technology & Risk Management Practice , Paramount Computer Systems, Saudi Arabia

Executive Summary

Firewalls are core elements in network security. However, managing firewall rules, especially for enterprise networks, has become complex and error-prone. Due to this, there can be instances wherein firewall rules are either never hit or can be in conflict with other rules.

Firewall filtering rules have to be carefully written and organized in order to correctly implement an enterprise's security policy. In this article, I present a set of techniques and algorithms that provide for automatic discovery of firewall policy anomalies to reveal rule conflicts and potential problems in legacy firewalls. This is implemented in a user-friendly tool called �Firewall Rulebase Analysis Tool (FRAT).�

The FRAT significantly simplifies the management of any generic firewall policy written as filtering rules, while minimizing network vulnerability due to firewall rule misconfiguration.

Introduction

Due to the increasing threat of network attacks, firewalls have become important integrated elements not only in enterprise networks but also in small-size and home networks. Firewalls have been the frontier defense for secure networks against attacks and unauthorized traffic by filtering out unwanted network traffic coming into or going from the secured network. The filtering decision is taken according to a set of ordered filtering rules defined based on predefined security policy requirements. A firewall policy may include anomalies , where a packet may match with two or more different filtering rules. When the filtering rules are defined, serious attention has to be given to rule relations and interactions in order to determine the proper rule ordering and guarantee correct security policy semantics.

As the number of filtering rules increases (Enterprise setups) the difficulty of writing a new rule or modifying an existing one also increases. It is very likely, in this case, to introduce conflicting rules such as one general rule shadowing another specific rule, or correlated rules whose relative ordering determines different actions for the same packet.

Therefore, the effectiveness of firewall security is dependent on providing policy management techniques and tools that enable network administrators to analyze, purify and verify the correctness of written firewall legacy rules.

Firewall Background

Firewalls are De Facto Core Elements to Enforce Network Security. They control the traversal of packets across the boundaries of a secured network based on a specific security policy. There are currently in the Industry different Firewall technologies in vogue.

Firewall Rule Base

A Firewall Rule Base is a set of ordered filtering rules that define actions on matching packets. Each rule is composed of filtering Fields / network Fields (Source IP, Port, Destination IP etc). Each network field can either be a single value or a range of values.

<order><protocol><src_ip><src_port><dst_port><action>

If the traversing packet matches all defined fields in a rule, filtering action is taken on the packet that can be an �Accept' or �Deny' / Logging. Packet header information should match all network fields in a rule to enforce action � If Not, the following rule is checked. If there is no match, the default policy action is performed � �Deny� by Default.

The Problem

A firewall policy anomaly will occur

(1) when two or more rules match the same packet or
(2) When a rule never matches any packet that goes through the firewall.
The above problem is compounded and augmented by the following,

In large enterprises, the firewall rulebases can expand to an extent where they are simply unmanageable.
Analyses have shown that in any firewall, a large majority of the rules are simply never used.
A large rulebase also create inconsistencies in terms of redundant and shadowed rules
Large rulebases also prevent efficient security audits since insecure or vulnerable rules could get missed during an analysis of a large set of rules
Finally, large rulebases result in performance bottlenecks (packets having to traverse hundreds or thousands of rules to find a match) and resource crunches (number of objects or groups exceeds maximum allowable limits)

Next

Product Reviews
Forsa GeForce 7600 GS
Share Music over iTunes

Digital Communication
Go Local For Broadband
RFID: Emulate the Internet

Channel Tech
Super Storage On Its Way
Globalsat GPS gets certified by Dell

	Stop squeezing the data. Use ILM!
	A fault tolerant server to reduce your TCO
	Simplify Business Management. ERP solutions by IBM

	A must attend event for IT Professionals
	How to make your enterprise productive
	Unified Communication can impact business. Know how

	Making Web3.0 a Reality!
	CIOL Enterprise Next :What's NEXT in IT? :
	Decrease Total System Costs With Cyclone IV FPGAs

	Reach your desired Target Audience and realize high ROI
	Effective ways of Customer Acquisition through Demand Generation
	Reach 2,500 potential Enterprise Customers!