Advertisement

A Novel Concept of Firewall-Filtering Service Based on Rules Trust-Risk Assessment

  • Faouzi JaïdiEmail author
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 942)

Abstract

The importance given to firewalls as a security mechanism for protecting sensitive and private infrastructures has been well justified in literature. Nowadays, we consider firewalls as one of the most important security mechanisms that is widely deployed and highly approved. The main goal of this fundamental security component is to provide a filtering service by blocking or providing access to specific areas and segments of a network based on a set of filtering rules defined with regards to the global security policy. Hence, the effectiveness of the protection provided by a firewall is governed by the efficiency of the filtering policy deployed in that firewall. To enhance the quality of the filtering service provided by firewalls, we propose a novel filtering technique that integrates a risk assessment approach to evaluate the risk associated to firewalls rules. Our goal is to strengthen the filtering service with pertinent information relative to rules risk values that allows (i) changing the actions associated to critical rules in specific/critical contexts or (ii) dynamically injecting new rules in the firewall that refine other rules (by giving precision or reducing domains) to reduce the risk or (iii) changing the behavior of the firewall by changing its configuration (the set of rules) to avoid malicious scenarios.

Keywords

Data and networks security Security policies Firewalls Risk assessment 

References

  1. 1.
    Kumar, D., Gupta, M.: Implementation of firewall & intrusion detection system using pfSense to enhance network security. Int. J. Electr. Electron. Comput. Sci. Eng. 5(ICSCAAIT–2018), 131–137 (2018)Google Scholar
  2. 2.
    Diekmann, C., Hupel, L., Michaelis, J., et al.: Verified iptables firewall analysis and verification. J. Autom. Reason. (2018).  https://doi.org/10.1007/s10817-017-9445-1MathSciNetCrossRefzbMATHGoogle Scholar
  3. 3.
    Hu, H., Ahn, G.J., Kulkarni, K.: Detecting and resolving firewall policy anomalies. IEEE Trans. Dependable Secur. Comput. 9(3), 318–331 (2012)CrossRefGoogle Scholar
  4. 4.
    Saâdaoui, A., Souayeh, N.B.Y.B., Bouhoula, A.: FARE: FDD-based firewall anomalies resolution tool. J. Comput. Sci. 23, 181–191 (2017)MathSciNetCrossRefGoogle Scholar
  5. 5.
    Abbes, T., Bouhoula, A., Rusinowitch, M.: Detection of firewall configuration errors with updatable tree. Int. J. Inf. Secur. 15(3), 301–317 (2016)CrossRefGoogle Scholar
  6. 6.
    Halle, S., Ngoupe, E.L., Villemaire, R., Cherkaoui, O.: Distributed firewall anomaly detection through LTL model checking. In: 2013 IFIP/IEEE International Symposium on Integrated Network Management (IM 2013), pp. 194-201 (2013)Google Scholar
  7. 7.
    Cuppens, F., Cuppens-Boulahia, N., Garcia-Alfaro, J.: Detection and removal of firewall misconfiguration. In: Proceedings of the 2005 IASTED International Conference on Communication, Network and Information Security, vol. 1, pp. 154-162 (2005)Google Scholar
  8. 8.
    Hu, H., Ahn, G.J., Kulkarni, K.: Fame: a firewall anomaly management environment. In: Proceedings of the 3rd ACM Workshop on Assurable and Usable Security Configuration, pp. 17-26 (2010)Google Scholar
  9. 9.
    Mayer, A., Wool, A., Ziskind, E.: Offline firewall analysis. Int. J. Inf. Secur. 5(3), 125–144 (2006).  https://doi.org/10.1007/s10207-005-0074-zCrossRefGoogle Scholar
  10. 10.
    Yuan, L., Chen, H., Mai, J., Chuah, C.N., Su, Z., Mohapatra, P.: FIREMAN: a toolkit for firewall modeling and analysis. In: IEEE Symposium on Security and Privacy, pp. 199–213 (2006)Google Scholar
  11. 11.
    Bodei, C., Degano, P., Focardi, R., Galletta, L., Tempesta, M., Veronese, L.: Firewall management with firewall synthesizer. In: CEUR Workshop Proceedings, vol. 2058, no. 16 (2018)Google Scholar
  12. 12.
    Phillips, I.: Assessing risk associated with firewall rules. U.S. Patent Application No 15/215,792 (2018)Google Scholar
  13. 13.
    Jaidi, F., Ayachi, F.L.: A risk awareness approach for monitoring the compliance of RBAC-based policies. In: Proceedings of the 12th International Conference on Security and Cryptography, (SECRYPT 2015), pp. 454–459 (2015)Google Scholar
  14. 14.
    Haslum, K., Abraham, A., Knapskog, S.: Fuzzy online risk assessment for distributed intrusion prediction and prevention systems. In: Proceedings of the Tenth International Conference on Computer Modeling and Simulation, pp. 216–223 (2008)Google Scholar
  15. 15.
    Ralstona, P.A.S., Grahamb, J.H., Hiebb, J.L.: Cyber security risk assessment for SCADA and DCS networks. ISA Trans. 46, 583–594 (2007)CrossRefGoogle Scholar
  16. 16.
    Jaidi, F., Ayachi, F.L., Bouhoula, A.: A methodology and toolkit for deploying reliable security policies in critical infrastructures. Secur. Commun. Netw. 2018, 22 (2018)CrossRefGoogle Scholar
  17. 17.
    Scarfone, K.J., Hoffman, P.: Guidelines on firewalls and firewall policy. In: National Institute of Standards and Technology, NIST Special Publication 800-41, Revision 1 (2009)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.ESPRIT School of EngineeringTunisTunisia

Personalised recommendations