Abstract
Large enterprises employ a variety of firewalls, possibly from different vendors each with its own rule syntax. Furthermore, enterprise policy may be mapped to hundreds of rules on each device. Manual configuration of a large set of rules is a complex process that may result in misconfigurations and the resulting in security vulnerabilities. A promising alternative is the use of semantic web technologies (an ontology combined with a query language or reasoner) to detect firewall misconfigurations. However, a poorly designed ontology may result in excessive memory consumption and processing load, rendering the method ineffective. In this paper, we present an efficient ontology design for detecting misconfigurations on firewall rules, that attempts to reduce the computing resources needed to validate the firewall rules of the companys policies. The design was tested on a realworld scenario of an enterprise with equipment from 3 different vendors: Fortinet, Cisco ASA, and Checkpoint. Our solution was able to detect over a hundred misconfigured rules. Finally, an evaluation of the impact of the chosen combination of ontology, query language, and reasoner on the computational cost is also presented.
Original language | Spanish |
---|---|
Title of host publication | 2018 IEEE ANDESCON, ANDESCON 2018 - Conference Proceedings |
State | Published - 5 Dec 2018 |
Externally published | Yes |