An Efficient Method for Ontology-Based Multi-Vendor Firewall Misconfiguration Detection: A Real-Case Study

Ruben F. Cordova, Armando L. Marcovich, Cesar Santivanez

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

5 Scopus citations

Abstract

Large enterprises employ a variety of firewalls, possibly from different vendors each with its own rule syntax. Furthermore, enterprise policy may be mapped to hundreds of rules on each device. Manual configuration of a large set of rules is a complex process that may result in misconfigurations and the resulting in security vulnerabilities. A promising alternative is the use of semantic web technologies (an ontology combined with a query language or reasoner) to detect firewall misconfigurations. However, a poorly designed ontology may result in excessive memory consumption and processing load, rendering the method ineffective. In this paper, we present an efficient ontology design for detecting misconfigurations on firewall rules, that attempts to reduce the computing resources needed to validate the firewall rules of the companys policies. The design was tested on a realworld scenario of an enterprise with equipment from 3 different vendors: Fortinet, Cisco ASA, and Checkpoint. Our solution was able to detect over a hundred misconfigured rules. Finally, an evaluation of the impact of the chosen combination of ontology, query language, and reasoner on the computational cost is also presented.
Original languageSpanish
Title of host publication2018 IEEE ANDESCON, ANDESCON 2018 - Conference Proceedings
StatePublished - 5 Dec 2018
Externally publishedYes

Cite this