An Efficient Method for Ontology-Based Multi-Vendor Firewall Misconfiguration Detection: A Real-Case Study

Ruben F. Cordova, Armando L. Marcovich, Cesar A. Santivanez

Producción científica: Capítulo del libro/informe/acta de congresoContribución a la conferenciarevisión exhaustiva

4 Citas (Scopus)


Large enterprises employ a variety of firewalls, possibly from different vendors each with its own rule syntax. Furthermore, enterprise policy may be mapped to hundreds of rules on each device. Manual configuration of a large set of rules is a complex process that may result in misconfigurations and the resulting in security vulnerabilities. A promising alternative is the use of semantic web technologies (an ontology combined with a query language or reasoner) to detect firewall misconfigurations. However, a poorly designed ontology may result in excessive memory consumption and processing load, rendering the method ineffective. In this paper, we present an efficient ontology design for detecting misconfigurations on firewall rules, that attempts to reduce the computing resources needed to validate the firewall rules of the companys policies. The design was tested on a realworld scenario of an enterprise with equipment from 3 different vendors: Fortinet, Cisco ASA, and Checkpoint. Our solution was able to detect over a hundred misconfigured rules. Finally, an evaluation of the impact of the chosen combination of ontology, query language, and reasoner on the computational cost is also presented.

Idioma originalInglés
Título de la publicación alojada2018 IEEE ANDESCON, ANDESCON 2018 - Conference Proceedings
EditoresJose David Cely Callejas
EditorialInstitute of Electrical and Electronics Engineers Inc.
ISBN (versión digital)9781538683729
EstadoPublicada - 5 dic. 2018
Evento9th IEEE ANDESCON, ANDESCON 2018 - Cali, Colombia
Duración: 22 ago. 201824 ago. 2018

Serie de la publicación

Nombre2018 IEEE ANDESCON, ANDESCON 2018 - Conference Proceedings


Conferencia9th IEEE ANDESCON, ANDESCON 2018


Profundice en los temas de investigación de 'An Efficient Method for Ontology-Based Multi-Vendor Firewall Misconfiguration Detection: A Real-Case Study'. En conjunto forman una huella única.

Citar esto