Firewalls are core elements in network security. A firewall is a network element that controls the traversal of packets across the boundaries of a secured network based on a specific security policy. A firewall security policy is a list of ordered filtering rules that define the actions performed on matching packets. Firewall filtering rules have to be carefully written and organized in order to correctly im44plement the security policy. Therefore, inserting or modifying filtering rules in any firewall requires thorough intra- and inter-firewall analysis to determine the proper rule placement and ordering in the firewalls. In this paper all anomalies that could exist in a single- or multi-firewall environment are identified. A set of techniques and algorithms to automatically discover policy anomalies in centralized and distributed legacy firewalls is also implemented. This technique is implemented using Java programming and simplifies the management of filtering rules and maintains the security of next-generation firewalls.


Comments are closed.