Open Access  Subscription or Fee Access

Protection cannot be given to an organization’s network perimeter without a firewall. A firewall is a tool to implement the security policy of the management, and filter incoming or outgoing network traffic accordingly. One of the major issues with packet filter firewall is rule anomalies. Due to human mistakes the rule configuration may be erroneous that leads to unintended behavior of the firewall. These anomalies may result in non-availability of network resources to legitimate users or may also pose a threat by increasing the attack surface. Therefore detection and mitigation of packet filter firewall rule anomalies is an important topic of research. This paper tries to stimulate the research aptitude in this direction by describing the types of anomalies along with surveying the literature for detection and mitigation techniques. This work highlights the advantage of Ant Colony Optimization in removing firewall rule misconfigurations. This paper also highlights the performance measuring parameters that are used to evaluate and assess the firewall.

Firewall, Rule Anomalies, Detection, Mitigation, Shadow, Generalization, Correlation, Redundancy, Ant Colony Optimization.

R. Macfarlane, B. William, E. Elias, U. Omair, F. Lu and L. Owen, "Formal security policy implementations in network firewalls," Computers and Security, vol. 31, no. 2, pp. 253-270, 2012.

B. Fraser, J. P. Aronson, N. Brownlee and F. Byrum, Site security handbook (RFC 2196), IETF, 1997.

Y. Bhaiji, CCIE professional development network security technologies and solutions, CISCO press, 2008.

Ravi Kiran Varma P, Valli Kumari V and Srinivas Kumar S, "Feature selection using relative fuzzy entropy and ant colony optimization applied to real-time intrusion detection system," Procedia Computer Science, vol. 85, no. 2016, pp. 503-510, 2016.

A. Wool, "A Quantitative Study of Firewall Configuration Errors," Computer, vol. 37, no. 6, pp. 62-67, 2004.

A. Wool, "Trends in Firewall Configuration Errors: Measuring the Holes in Swiss Chese," IEEE Internet Computing, vol. 14, no. 4, pp. 58-65, 2010.

E. Al-Shaer and H. Hamed, "Discovery of Policy Anomalies in Distributed Firewalls," IEEE INFOCOM 04, vol. 4, pp. 2605-2615, 2004.

L. Yuan, H. Chen, J. Mai, C. Chuah, Z. Su, P. Mohapatra and C. Davis, "Fireman: A Tool Kit for Firewall Modeling and Analysis," Proceeding of the IEEE Symposium on Security and Privacy, vol. 213, pp. 1-15, 2006.

P. R. K. Varma, V. V. Kumari and S. S. Kumar, "Ant colony optimization-based firewall anomaly mitigation engine," Springerplus, vol. 5, no. 1, pp. 1-32, 2016.

H. Hu, G.-J. Ahn and K. Kulkarni, "Detecting and Resolving Firewall Policy Anomalies," IEEE Transactions on Dependable and Secure Computing, vol. 9, no. 3, pp. 318-331, 2012.

A. Hari, S. Suri and G. Parulkar, "Detecting and Resolving Packet Filter Conflicts," INFOCOM 2000, Tel Aviv, pp. 1203-1212, 2000.

E. S. Al-Shaer and H. H. Hamed, "Modeling and Management of Firewall Policies," IEEE Transactions on Network and Service Management, vol. 1, no. 1, pp. 2-10, 2004.

M. A. Benelbahri and A. Bouhoula, "Tuple Based Approach for Anomalies Detection within Firewall Filtering Rules," 12th IEEE Symposium on Computers and Communications, Aveiro, pp. 63-70, 2007.

X. L. Alex, "Firewall Policy Verification and Troubleshooting," Computer Networks, vol. 53, no. 2009, pp. 2800-2809, 2009.

A. Muhammad, N. Syeda, K. Latifur and B. Thuraisingham, "Detection and Resolution of Anomalies in Firewal Policy Rules," Data and Application Security, Springer LNCS, pp. 15-29, 2006.

S. Matsumoto and A. Bouhoula, "Automatic Verification of Firewall Configuration with Respect to Security Policy Requirements," in Advances in Soft Computing, vol. 53, Springer Berlin Heidelberg, 2008, pp. 123-130.

X. Liang, C. Xia, J. Jiao, J. Hu and X. Li, "Modeling and Global Conflict Analysis of Firewall Policy," Communications, China, vol. 11, no. 5, pp. 124-135, 2014.

S. Pozo, R. Ceballos and R. Gasca, "Fast Algorithms for Consistency Based Diagnosys of Firewall Rule Sets," 3rd International Conference on Availability, Reliability and Security, Barcelona, pp. 229-236, 2008.

T. Abbes, A. Bouhoula and M. Rusinowitch, "An inference system for detecting firewall filtering rule anomalies," in Proceedings of the 2008 ACM Symposium on Applied Computing (SAC), Fortaleza Ceara, Brazil, 2008.

A. Bouhoula, Z. Trabelsi, E. Barka and M. Benelbahri, "Firewall filtering rules analysis for anomalies detection," International Journal of Security and Networks, vol. 3, no. 3, pp. 161-172, 2008.

A. Saadaoui, S. Y. Ben and A. Bouhoula, "Formal approach for managing firewall misconfigurations," in IEEE Eighth International Conference on Research Challenges in Information Science (RCIS), Marrakesh, Morocco, 2014.