Firewalls are core elements in network security. However,
managing firewall rules, particularly in multi-firewall enterprise networks,
has become a complex and error-prone task. Firewall filtering rules have to
be written, ordered and distributed carefully in order to avoid firewall
policy anomalies that might cause network vulnerability. Therefore,
inserting or modifying filtering rules in any firewall requires thorough
intra- and inter-firewall analysis to determine the proper rule placement
and ordering in the firewalls.
In this project, we identify all anomalies that could exist in a single- or
multi-firewall environment. We also develop a set of techniques and
algorithms to automatically discover policy anomalies in centralized and
distributed legacy firewalls. These techniques are implemented in a software
tool called the "Firewall Policy Advisor" or "PolicyVisor" that simplifies
the management of filtering rules and maintains the security of
next-generation firewalls.
Project director: Prof. Ehab Al-Shaer
Ph.D. students: Hazem Hamed
Sponsors*: National Science Foundation,
Intel Corp, and
Cisco
Companies used/downloaded this tool:
Lisle Technology Partners, USA;
Phontech, Norway;
Naval Surface Warfare Center, Panama City, USA;
Cisco Systems, USA;
At&T, USA;
Gateshead Council, UK;
Danet Group, Germany;
TNT Express Worldwide, UK Ltd, United Kingdom;
Checkpoint, USA;
FireWall-1, The Netherlands;
DataConsult, Lebanon;
Rosebank Consulting, GB;
Mayer Consulting, USA;
Panduit Corp, USA;
UPMC Paris 5 University, France;
Royal institute of Science, Sweden;
GE, US;
Aligo, USA;
Motorola, Inc., USA; Landmark communications, inc., us; uekae.tubitak.gov, Turkey; Duke Energy, USA; The Midland Co, USA; NITW,INDIA, INDIA; Deloitte & Touche LLP, US; 8818 Limited, Hong Kong; National Taiwan University, Taiwan,R.O.C; eircom.net. Irland; GE CF, USA; AIT, Thailand; Celestica, Thailand;
and Others not listed
Universities used/downloaded this tool:
ISRC, Queensland University of Technology, Australia;
Imperial College and UCL, London, UK;
Columbia University, USA;
Georgia Institute of Technology ;NCSU, USA; USC, USA; University of Pittsburgh, PA; University of Waterloo, Canada; University Student in Cyprus International University, Cyprus; University of Rochester, US; UQAM, University of Quebec in Montreal, Canada; Saarland University, Germany; Technical University of Berlin, Computer Science Departement, Germany; UCSB, US; Edith Cowan University, Australia; Universitat Oberta de Catalunya, Spain; ISG, Tunisia; York U, Toronto, Canada; Universidade Federal do Rio Grande do Sul, Brazil; UCL, Belgium; Kent State University, USA; UFRGS, Brazil; University of Stuttgart, IKR, Germany;
*Disclaimer: Any opinions, findings, and conclusions or recommendations
expressed in this material are those of the author(s) and do not necessarily
reflect the views of the funding sources.
