Firewalls are always treated as the core devices for network security to protect networks from being attacked. Still, properly configuring firewall rules is no easy task due to its laboring and time-consuming characteristic. In some cases, firewall rules need to be added, deleted, modified, or order-changed from time to time to fit in the dynamic of network traffic. As a result, firewalls are subject to rule anomalies caused by misconfigurations such that network security holes can be created accordingly, and then damage the managed networks and even worse the firewalls themselves. In this paper, an enhanced firewall rule management approach is proposed where it can not only pinpoint the anomalies among firewall rules effectively and efficiently, but also provide a novel mechanism for correct and speedy removal of rule anomalies. As a demonstration, a visualized firewall rule anomaly removal system has been realized and performance evaluations on anomaly removal have been also conducted, in which our developed mechanism shows its excellence and feasibility.
- DDoS on firewalls
- Firewall rule anomaly diagnosis
- Rule anomaly removal
- System feasibility