Automated and Optimized FDD-Based Method to Fix Firewall Misconfigurations

The firewall is a critical component of network security and is one of the most commonly used techniques to protect a network. Being based on a set of filtering rules, the accuracy and reliability of firewall protection heavily depend on the quality of the employed rule set. In this context, any mis configurations that arise between rules create ambiguity in classification of new traffic, not only affecting the performance of the firewall, but also putting the system in a vulnerable position. Manual management of this problem can be overwhelming and potentially inaccurate. Therefore, there is a need of automated methods to analyze, detect and fix mis configurations. Given these issues, algorithms and techniques have been proposed. Though these methods are useful for discovering and classifying anomalies, they still have limitations in term of the absence of the distinction between real mis configurations and intentional anomalies and in term of automatic correction of discovered mis configurations. In this paper, we present (1) a new classification of anomalies bringing out real mis configurations using a data structure (FDD) which facilitates mis configurations identification and resolution, (2) Optimal and totally automatic method to fix discovered mis configurations and (3) formal specification of proposed techniques using inference systems. The first results we obtained are very promising.