An Efficient Method for Ontology-Based Multi-Vendor Firewall Misconfiguration Detection: A Real-Case Study

Ruben F. Cordova, Armando L. Marcovich, Cesar A. Santivanez

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

5 Scopus citations

Abstract

Large enterprises employ a variety of firewalls, possibly from different vendors each with its own rule syntax. Furthermore, enterprise policy may be mapped to hundreds of rules on each device. Manual configuration of a large set of rules is a complex process that may result in misconfigurations and the resulting in security vulnerabilities. A promising alternative is the use of semantic web technologies (an ontology combined with a query language or reasoner) to detect firewall misconfigurations. However, a poorly designed ontology may result in excessive memory consumption and processing load, rendering the method ineffective. In this paper, we present an efficient ontology design for detecting misconfigurations on firewall rules, that attempts to reduce the computing resources needed to validate the firewall rules of the companys policies. The design was tested on a realworld scenario of an enterprise with equipment from 3 different vendors: Fortinet, Cisco ASA, and Checkpoint. Our solution was able to detect over a hundred misconfigured rules. Finally, an evaluation of the impact of the chosen combination of ontology, query language, and reasoner on the computational cost is also presented.

Original languageEnglish
Title of host publication2018 IEEE ANDESCON, ANDESCON 2018 - Conference Proceedings
EditorsJose David Cely Callejas
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781538683729
DOIs
StatePublished - 5 Dec 2018
Event9th IEEE ANDESCON, ANDESCON 2018 - Cali, Colombia
Duration: 22 Aug 201824 Aug 2018

Publication series

Name2018 IEEE ANDESCON, ANDESCON 2018 - Conference Proceedings

Conference

Conference9th IEEE ANDESCON, ANDESCON 2018
Country/TerritoryColombia
CityCali
Period22/08/1824/08/18

Keywords

  • anomaly detection
  • Firewall management
  • misconfigured rules
  • ontology
  • semantic web

Fingerprint

Dive into the research topics of 'An Efficient Method for Ontology-Based Multi-Vendor Firewall Misconfiguration Detection: A Real-Case Study'. Together they form a unique fingerprint.

Cite this