F/Wvis: Hierarchical Visual Approach for Effective Optimization of Firewall Policy

Abstract

As an essential system for protecting internal networks and valuable information, the firewall monitors and controls network traffic in terms of access control, authentication, logging, and auditing. In particular, it carries out both allowing and blocking communications between internal and external networks based on proper Access Control List (ACL). However, a complex ACL along with huge network environments lead to exposing vulnerabilities and communication problems, because of anomalies among policies. Even though various techniques and applications combined with visualization approaches have been proposed, there is still a lack of usability caused by not only the limitation of the text-based interface but also the complexity of practical use. In order to solve these problems, this work proposes a 3D-based hierarchical visualization method, namely F/Wvis, for intuitive ACL management and analysis. The F/Wvis, particularly, supports ACL management for a large-scale network as well as analysis of detail anomalies on policies by providing a drill-down user interface through the hierarchical visualization approach. Further, the implemented system is evaluated against popular tools by network security experts to identify the usability and effectiveness in real-world situations (a demonstration video is available at: https://bit.ly/34ooEDc).