Information Technology News| IT News India | IT industry

Home > Specials > Security > Features

presented by

Algorithm for Redundant Rules

If protocolx = protocoly then
if sourcey is subset of sourcex then
if desty is subset of destx then
Rule Ry is redundant to rule Rx
endif
else if sourcex is subset of sourcey then
if destx is subset of desty then
Rule Rx is redundant to rule Ry
endif
endif
endif

Algorithm for Inelegant Rules

If protocolx = protocoly then
if sourcey=sourcex AND if desty=destx and porty <> portx then
Rule Ry can be combined with Rx
endif
if sourcey <> sourcex AND if desty=destx and porty = portx then
Rule Ry can be combined with Rx
endif
if sourcey=sourcex AND if desty <> destx and porty = portx then
Rule Ry can be combined with Rx
endif
endif

Case Study

Three types of firewalls were considered as part of this study

Netscreen
PIX
Cyberguard

Approach

The approach carried out to cleaning up the above firewalls is listed below;

• Freeze Changes 2 days prior to implementation
• Obtain logs for 2 months
• Log Analysis to determine hits on rules and rules with zero hit count
• Redundant rules analysis and filtering
• Firewall rules analysis to determine unique source and destination IP's, ports, protocols
• Grouped rule analysis
• Test Changes in Lab
• Raise RFC for Changes
• Implement Changes � �permit to deny
• Monitoring for any Tickets (SOC)
• Implement Changes Permanently - Firewall Enhancement Closed

Log Analysis

Rules Analysis

Command Generation

In the case of Cisco PIX and Netscreen firewalls, the tool greatly automates the entire task by generating the commands required to clean up the configuration. The user may choose to first set the rules to �deny� in order monitoring traffic that might still be using those rules, or may choose to simply drop the rules from the database.

Conclusion

Firewalls are Critical Elements to Enforce an Enterprises' Security Policy and are considered ad hoc. More Often than Not Enterprise Firewalls Have a Voluminous Rule Base that is cluttered and burdensome and adds latency and performance overheads, not to mention inefficiency. To augment this problem, there could be an inefficient Change Control Process / System in place.

It is critical to Clean up Firewall Rule Bases to Make them More Efficient. This can only be achieved by automating the analysis of firewall logs and rules. (Anomaly Detection and Log Analysis). The automation should also extend to the change management system to account for new requests for entries in the firewall rule base.

Do not forget to Periodically Audit and maintain the rule base.

Two or more rules in the same rulebase which process the same types of packets
Two rules which process exactly the same type of packets but one rule permits them, while the other rule disallows them

Article Home

Previous

Product Reviews
Forsa GeForce 7600 GS
Share Music over iTunes

Digital Communication
Go Local For Broadband
RFID: Emulate the Internet

Channel Tech
Super Storage On Its Way
Globalsat GPS gets certified by Dell

	Stop squeezing the data. Use ILM!
	Unify & Rule your Business World with EMC
	Simplify Business Management. ERP solutions by IBM

	How to make your enterprise productive
	Unified Communication can impact business. Know how

	Making Web3.0 a Reality!
	CIOL Enterprise Next :What's NEXT in IT? :
	Decrease Total System Costs With Cyclone IV FPGAs

	Reach your desired Target Audience and realize high ROI
	Effective ways of Customer Acquisition through Demand Generation
	Reach 2,500 potential Enterprise Customers!