Firewall Query Engine and Firewall Comparison Engine Mohamed Gouda Alex X. Liu Computer Science Department The University of Texas at Austin.

Slides:

Advertisements

Similar presentations

Case Tools Trisha Cummings. Our Definition of CASE  CASE is the use of computer-based support in the software development process.  A CASE tool is a.

Advertisements

First Step Towards Automatic Correction of Firewall Policy Faults Fei Chen Alex X. Liu Computer Science and Engineering Michigan State University JeeHyun.

Dr Gordon Russell, Napier University Unit Data Dictionary 1 Data Dictionary Unit 5.3.

A GOAL-BASED FRAMEWORK FOR SOFTWARE MEASUREMENT

Modern Software Development Fawzi Emad Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.

Distributed DBMSs A distributed database is a single logical database that is physically distributed to computers on a network. Homogeneous DDBMS has the.

Karolina Muszyńska Based on

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

Principle of Functional Verification Chapter 1~3 Presenter : Fu-Ching Yang.

Introduction to Systems Analysis and Design

1 1 File Systems and Databases Chapter 1 Prof. Sin-Min Lee Dept. of Computer Science.

CSC 351 FUNDAMENTALS OF DATABASE SYSTEMS

© SAIC. All rights reserved. NATIONAL SECURITY ENERGY & ENVIRONMENT HEALTH CYBERSECURITY The Potential High Cost of Simple Systems Engineering Errors Jim.

Kaspersky Open Space Security: Release 2 World-class security solution for your business.

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

TIBCO Designer TIBCO BusinessWorks is a scalable, extensible, and easy to use integration platform that allows you to develop, deploy, and run integration.

1 © 2006 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Using the Cisco Technical Support & Documentation Website for Security.

Skybox® Security Solutions for Symantec CCS Comprehensive IT Governance Risk and Access Compliance Management Skybox Security's.

Włodzimierz Funika, Filip Szura Automation of decision making for monitoring systems.

Database Systems: Design, Implementation, and Management Ninth Edition

Chapter 1 Database Systems. Good decisions require good information derived from raw facts Data is managed most efficiently when stored in a database.

PRESENTATION START.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

● Problem statement ● Proposed solution ● Proposed product ● Product Features ● Web Service ● Delegation ● Revocation ● Report Generation ● XACML 3.0.

Information Systems Security Computer System Life Cycle Security.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter.

SE-02 SOFTWARE ENGINEERING LECTURE 3 Today: Requirements Analysis Requirements tell us what the system should do - not how it should do it. Requirements.

AL-MAAREFA COLLEGE FOR SCIENCE AND TECHNOLOGY INFO 232: DATABASE SYSTEMS CHAPTER 1 DATABASE SYSTEMS (Cont’d) Instructor Ms. Arwa Binsaleh.

Business Analysis and Essential Competencies

Security Architecture

Chapter 1 In-lab Quiz Next week

Chapter 4: Overview of Preventive Maintenance

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 4 1 Chapter 4: Basics of Preventive Maintenance and Troubleshooting IT.

BLENDED ATTACKS EXPLOITS, VULNERABILITIES AND BUFFER-OVERFLOW TECHNIQUES IN COMPUTER VIRUSES By: Eric Chien and Peter Szor Presented by: Jesus Morales.

A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.

Modern Software Development Nelson Padua-Perez Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.

Personal Computer - Stand- Alone Database  Database (or files) reside on a PC - on the hard disk.  Applications run on the same PC and directly access.

Dec07-02: Prototype Parking Meter Phase 8 Bret Schuring: Team Leader Pooja Ramesh: Communications Wilson Kwong, Matt Swanson, Alex Wernli.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development 3.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.

Serverless Network File Systems Overview by Joseph Thompson.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 4 1 Chapter 4: Basics of Preventive Maintenance and Troubleshooting IT.

AL-MAAREFA COLLEGE FOR SCIENCE AND TECHNOLOGY INFO 232: DATABASE SYSTEMS CHAPTER 1 DATABASE SYSTEMS Instructor Ms. Arwa Binsaleh.

A Lone Wolf No More: Supporting Network Intrusion Detection with Real-Time Intelligence Shane Singh | COMPSCI 726.

PwC New Technologies New Risks. PricewaterhouseCoopers Technology and Security Evolution Mainframe Technology –Single host –Limited Trusted users Security.

Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.

Intrusion Detection on a Shoestring Budget Shane Williams UT Austin Graduate School of Library and Information Science Oct. 18, 2000 SANS Network Security.

OHTO -01 SOFTWARE ENGINEERING LECTURE 3 Today: Requirements Analysis Requirements tell us what the system should do - not how it should do it.

Software Development Problem Analysis and Specification Design Implementation (Coding) Testing, Execution and Debugging Maintenance.

Network design Topic 6 Testing and documentation.

© 2008 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. Cyber Security and the National.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.

Introduction to Operations Research. MATH Mathematical Modeling 2 Introduction to Operations Research Operations research/management science –Winston:

Module 10: Windows Firewall and Caching Fundamentals.

Database Systems: Design, Implementation, and Management Eighth Edition Chapter 1 Database Systems.

Regan Little. Definition Methods of Screening Types of Firewall Network-Level Firewalls Circuit-Level Firewalls Application-Level Firewalls Stateful Multi-Level.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 4: Overview of Preventive Maintenance IT Essentials 5.0.

How to fix Missing Windows Sockets Registry Entries required for Network Connectivity in Windows 10 /pages/Reimage- Repair- Tool/ /u/6/b/

Changing IT Managing Networks in a New Reality Alex Bakman Founder and CEO Ecora Software.

IT Audit for non-IT auditors Cornell Dover Assistant Auditor General 31 March 2013.

HIPS. Host-Based Intrusion Prevention Systems  One of the major benefits to HIPS technology is the ability to identify and stop known and unknown attacks,

Working at a Small-to-Medium Business or ISP – Chapter 8

Database Systems: Design, Implementation, and Management Tenth Edition

Mcafee updates Mcafee antivirus uses a database of known virus definitions to identify malware and other threats on your computer system. So it is important.

Database Systems Chapter 1

Chapter 1 Database Systems

Presentation transcript:

Firewall Query Engine and Firewall Comparison Engine Mohamed Gouda Alex X. Liu Computer Science Department The University of Texas at Austin

Problem  Interplay of firewall rules in large enterprises is extremely complex. Rules for an enterprise can number in the thousands. Rules written by diff. people at diff. times for diff. reasons. Enterprise may have hundreds of interconnected firewalls.  As a result of this complexity: Unearthing security holes and troubleshooting errors can be difficult or impossible. Changes in one rule can cause cascade failures and severely impact the network. Large enterprises have extensive, time-consuming procedures required to implement any changes in rule sets.

Solution 1: Firewall Query Engine  Answer queries regarding firewall behavior  Simulates how a rule set will operate  Allows rapid and accurate troubleshooting  Queries can be auto-generated using vulnerability databases Firewall Query Engine Vulnerability database Firewall rule set Business requirements all malicious traffic passed all legitimate traffic blocked

Solution 2: Firewall Comparison Engine  Input into engine is 2 different rule sets Rule set before changes Rule set after the changes  Output is delta file that shows different results (i.e., impacts and risks of the changes)  Speed up process of change management, version control  Avoid the unintended impacts and risks of changes Firewall Comparison Engine Rule set before changes Rule set after changes Complete list of impacts/risks

Technology overview  Patent applications have been filed on engines.  Algorithms are mathematically proven to provide complete and accurate results.  Both engines will be implemented with a software tool that is compatible with data structures used in the major firewalls (Cisco, Checkpoint, Juniper).

Benefits  Improves and verifies security and effectiveness of enterprise firewalls  Able to efficiently troubleshoot problems  Able to streamline approval and increase certainty when implementing changes in firewall rules

Features  Accurate simulation of operation of rule set  Accurate comparison of different rule sets  These engines can be used to solve many other firewall management problems: Troubleshooting over hundreds of interconnected firewalls: “Which part of the network can be attacked by slammer worms?” “Who blocked communication between server A and B?” Continuous monitoring of firewalls Security risk assessment: “How secure is my network?”

Performance of Firewall Query Engine

Performance of Firewall Comparison Engine

Technology differentiation  Engines are first in literature  Applies formal methods to known network security problems

Availability  Prototype software has been developed and tested on over 3,000 rules (in simulation).  Commercial implementation will require user interface and data integration with existing firewall products.

Solution 3: Firewall Generation Engine  Firewall Generation Engine Automatically generates rules that are error-free and compact Uses decision tree data structure for inputs User input only requires answering yes/no questions Vastly simplifies updating rule set

Solution 4: Firewall Cleaning Engine  Firewall Cleaning Engine Eliminates redundant rules Can improve network latency Firewall Cleaning Engine Rule set Equivalent rule set with no redundant rules

Case study  To validate the effectiveness of our design methods: Took a real-life firewall (of 87 rules) and redesigned it using the structured firewall design method Compared the two firewalls, and found 84 discrepancies Discussed these discrepancies with the firewall administrator He confirmed: In 82 discrepancies, his decisions were wrong.

Case study (continued)  Out of the 82 discrepancies in his version: 72 were caused by incorrect ordering of rules. 10 were caused by missing rules.  The two discrepancies where our decisions are wrong were caused by wrong assumption of the requirements.