A novel and feasible system for rule anomaly and behavior mismatching diagnosis among firewalls

Abstract

While configuring firewalls, firewall rule ordering and distribution must be done cautiously on each of cooperative firewalls, especially in a large-scale network. However, network operators are prone to incorrectly configuring firewalls because there are typically hundreds of thousands of filtering rules (i.e., rules in the access control list file, or ACL for short) which could be set up in a firewall, not to mention these rules among firewalls could affect mutually. To speed up the crucial but laboring inspection of rule configuration on firewalls, this chapter describes our developed diagnosis system which can not only figure out anomalies among firewall rules effectively but also infer/correlate the main reasons from the diagnosed anomalies for filtering (behavior) mismatching between firewalls. At the end of this chapter, the system prototype is shown as a demonstration of our system implementation. © 2013 Springer Science+Business Media New York.