Um sistema para análise ativa de comportamento de firewall. / A system for active analysis of firewall behavior.

Ákio Nogueira Barbosa

23 October 2006

Devido à importância dos firewalls para proteção de redes de computadores, muito se estuda no sentido do aprimoramento das técnicas de proteção e no desenvolvimento de novas técnicas para serem utilizadas na análise destes. Com enfoque neste tema, esta dissertação trata a respeito da viabilidade da técnica de injeção de pacotes e observação dos resultados para analisar o comportamento de firewalls de rede para a pilha TCP/IP, resultando em uma técnica alternativa para análise de firewalls. Para mostrar a validade da técnica foi proposta uma arquitetura e, como prova de conceito, foi implementado um protótipo do sistema de análise. Foram também efetuados alguns testes. A técnica de injeção de pacotes e observação dos resultados mostrou-se viável para algumas situações. Para outras, são necessárias estudos adicionais para redução da explosão combinatória. / Due to the importance of the firewalls for protection of network computers, a lot of studies has been done in order of the improvement of the protection techniques and in the development of new techniques to be used in the analysis of them. With focus in this theme, this thesis considers the viability of the technique of injection of packages and observation of the results to analyze the behavior of network firewalls for stack TCP/IP, resulting in an alternative technique for analysis of firewalls. To show the validity of the technique an architecture was proposed and, as a concept proof, a prototype of the analysis system was implemented. Also was implemented some tests. The technique of injection of packages and observation of the results reveled viable for some situations. For others, addictionals studies are necessary for reduction of the combinatory explosion.

Análise de firewall

Segurança de redes de computadores

Computer network security

Firewall analysis

Entfernte Analyse von Netzen / Remote network analysis

Hoefler, Torsten

27 May 2004

Remote Analyse von Netzwerken hinter Firewalls und Firewallsystemen.

Firewall Security

fingerprinting

firewalking

ddc:004

Firewall

Scanning

Comparative Firewall Study

Höfler, Torsten, Burkert, Christian, Telzer, Martin

01 October 2004

Comparative Analysis of Firewall Systems / Vergleichende Analyse von Firewall Systemen

firewall analyse

firewalls

leistungsanalyse

performaceanalyse

ddc:004

Firewall

Silicon firewall prototype

Cheng, Jin

18 December 2003

The Internet is a technological advance that provides access to information, and the ability to publish information, in revolutionary ways. There is also a major danger that provides the ability to corrupt and destroy information as well. When a computer is connected to the Internet, three things are put at risk: the data storage, the computing resources and the users reputation. In order to balance the advantages and risks, the contact between a computer and the Internet or the contact between different networks should be controlled carefully. <p>A firewall is a form of protection that allows a network to connect to the Internet or to another network while maintaining a degree of security. The firewall is an effective type of network security, and in most situations, it is the most effective tool for doing that. <p>With the availability of larger bandwidth, it is becoming more and more difficult for traditional software firewalls to function over a high-speed connection. In addition, the advances in network hardware technology, such as routers, and new applications of firewalls have caused the software firewall to be an impediment to high throughput. This network bottleneck leads to the requirement for new solutions to balance performance and security. Replacing software with hardware could lead to improved performance, enabling the firewalls to handle significantly larger amounts of data. <p> The goal of this project is to investigate if and how existing desktop computer firewall technology could be improved by replacing software functionality with hardware (i.e., silicon). A hardware-based Silicon Firewall system has been designed by choosing the appropriate architecture and implemented using Altera FPGA (Field Programmable Gate Array) on a SOPC (System On a Programmable Chip) Board. The performance of the Silicon Firewall is tested and compared with the software firewall.

packet filtering

CAM

firewall

CS8900A

Silicon firewall prototype

Cheng, Jin

18 December 2003

The Internet is a technological advance that provides access to information, and the ability to publish information, in revolutionary ways. There is also a major danger that provides the ability to corrupt and destroy information as well. When a computer is connected to the Internet, three things are put at risk: the data storage, the computing resources and the users reputation. In order to balance the advantages and risks, the contact between a computer and the Internet or the contact between different networks should be controlled carefully. <p>A firewall is a form of protection that allows a network to connect to the Internet or to another network while maintaining a degree of security. The firewall is an effective type of network security, and in most situations, it is the most effective tool for doing that. <p>With the availability of larger bandwidth, it is becoming more and more difficult for traditional software firewalls to function over a high-speed connection. In addition, the advances in network hardware technology, such as routers, and new applications of firewalls have caused the software firewall to be an impediment to high throughput. This network bottleneck leads to the requirement for new solutions to balance performance and security. Replacing software with hardware could lead to improved performance, enabling the firewalls to handle significantly larger amounts of data. <p> The goal of this project is to investigate if and how existing desktop computer firewall technology could be improved by replacing software functionality with hardware (i.e., silicon). A hardware-based Silicon Firewall system has been designed by choosing the appropriate architecture and implemented using Altera FPGA (Field Programmable Gate Array) on a SOPC (System On a Programmable Chip) Board. The performance of the Silicon Firewall is tested and compared with the software firewall.

packet filtering

CAM

firewall

CS8900A

Firewall mit nutzerindividuellen Regeln

Jehmlich, Heiko

03 November 2003

Konzeption und Umsetzung einer Firewall mit nutzerindividuell einstellbaren Regeln mit IPTables unter Linux. Erfassung des Netztraffics aller Nutzer und Vorbereitung zur dynamischen Bandbreitenbeschränkung des Netztraffics der einzelnen Nutzer.

IPTables

Traffic

ddc:004

Firewall

Firewall Rule Set Analysis and Visualization

January 2014

abstract: A firewall is a necessary component for network security and just like any regular equipment it requires maintenance. To keep up with changing cyber security trends and threats, firewall rules are modified frequently. Over time such modifications increase the complexity, size and verbosity of firewall rules. As the rule set grows in size, adding and modifying rule becomes a tedious task. This discourages network administrators to review the work done by previous administrators before and after applying any changes. As a result the quality and efficiency of the firewall goes down. Modification and addition of rules without knowledge of previous rules creates anomalies like shadowing and rule redundancy. Anomalous rule sets not only limit the efficiency of the firewall but in some cases create a hole in the perimeter security. Detection of anomalies has been studied for a long time and some well established procedures have been implemented and tested. But they all have a common problem of visualizing the results. When it comes to visualization of firewall anomalies, the results do not fit in traditional matrix, tree or sunburst representations. This research targets the anomaly detection and visualization problem. It analyzes and represents firewall rule anomalies in innovative ways such as hive plots and dynamic slices. Such graphical representations of rule anomalies are useful in understanding the state of a firewall. It also helps network administrators in finding and fixing the anomalous rules. / Dissertation/Thesis / Masters Thesis Computer Science 2014

Computer science

firewall

rule anomaly

Análise e Detecção de Inconsistências em Políticas de Segurança - Um Estudo Prático com Firewalls

JESUS, Y. K. F.

02 September 2016

Made available in DSpace on 2018-08-02T00:03:43Z (GMT). No. of bitstreams: 1 tese_10269_ata de defesa.pdf: 633434 bytes, checksum: 225ab3b7fd1d716fae1937fdb48b3f4b (MD5) Previous issue date: 2016-09-02 / Garantir a consistência das regras que implementam uma política de segurança de rede através de um firewall é uma tarefa complexa, podendo gerar vulnerabilidades na rede quando mal executada. Este problema torna-se ainda maior quando falamos de dois ou mais firewalls interconectados visto que há a necessidade de verificar não só as regras de cada firewall individualmente como também cada par de firewall existente na rede. Neste trabalho, realizamos um estudo de teorias e algoritmos já existentes nesta área e apresentamos o DETOX, uma ferramenta para a detecção de inconsistências entre regras que compõem um firewall e entre os próprios firewalls em si. Primeiro nós validamos a implementação da ferramenta reproduzindo e extendendo os resultados apresentados na literatura para um único firewall. Após a validação, aplicamos a ferramenta em um caso real, analisando a configuração anonimizada atualmente usada na UFES. Durante essa análise, a ferramenta descobre várias inconsistências,previamente desconhecidas. Em seguida, realizamos o procedimento de validação utilizando firewalls interconectadas e, logo após, aplicamos a ferramenta em um caso sintético de múltiplos firewalls.

Firewall

consistência

inconsistência

política de seguranç

Um sistema para análise ativa de comportamento de firewall. / A system for active analysis of firewall behavior.

Barbosa, Ákio Nogueira

23 October 2006

Devido à importância dos firewalls para proteção de redes de computadores, muito se estuda no sentido do aprimoramento das técnicas de proteção e no desenvolvimento de novas técnicas para serem utilizadas na análise destes. Com enfoque neste tema, esta dissertação trata a respeito da viabilidade da técnica de injeção de pacotes e observação dos resultados para analisar o comportamento de firewalls de rede para a pilha TCP/IP, resultando em uma técnica alternativa para análise de firewalls. Para mostrar a validade da técnica foi proposta uma arquitetura e, como prova de conceito, foi implementado um protótipo do sistema de análise. Foram também efetuados alguns testes. A técnica de injeção de pacotes e observação dos resultados mostrou-se viável para algumas situações. Para outras, são necessárias estudos adicionais para redução da explosão combinatória. / Due to the importance of the firewalls for protection of network computers, a lot of studies has been done in order of the improvement of the protection techniques and in the development of new techniques to be used in the analysis of them. With focus in this theme, this thesis considers the viability of the technique of injection of packages and observation of the results to analyze the behavior of network firewalls for stack TCP/IP, resulting in an alternative technique for analysis of firewalls. To show the validity of the technique an architecture was proposed and, as a concept proof, a prototype of the analysis system was implemented. Also was implemented some tests. The technique of injection of packages and observation of the results reveled viable for some situations. For others, addictionals studies are necessary for reduction of the combinatory explosion.

Análise de firewall

Computer Network Security

Computer network security

Firewall Analysis

Firewall analysis

Segurança de redes de computadores

[en] FIREWALL/NAT TRAVERSAL SOLUTIONS USING CORBA / [pt] SOLUÇÕES PARA A TRAVESSIA DE FIREWALLS/NAT USANDO CORBA

ANTONIO CARLOS THEOPHILO COSTA JUNIOR

10 March 2006

[pt] Aplicações que usam CORBA como plataforma de comunicação geralmente possuem restrições ao serem executadas em ambientes compostos por mais de um domínio administrativo. Este fato é particularmente verdade quando as aplicações precisam atravessar firewalls/NAT. Além do mais, não existe atualmente uma solução padronizada e adotada por todos os ORBs, obrigando as aplicações que utilizam este enfatizar{middleware} a adotarem soluções proprietárias que muitas vezes não são adequadas ao ambiente em que as aplicações funcionam (e.g. impossibilidade de abertura de portas no firewall). Este trabalho apresenta e avalia três soluções para a travessia de firewall/NAT por aplicações distribuídas que utilizam CORBA como camada de comunicação, cada uma explorando as vantagens de uma situação específica. Exemplos de tais situações são a possibilidade de configuração do firewall ou a possibilidade de abertura de conexões TCP para fora da rede. / [en] Applications that use CORBA as the communication layer often face some restrictions for multi-domain deployment. This is particularly true when they have to face firewall/NAT traversal. Furthermore, nowadays there is no well-accepted unique or standardized solution adopted by all ORBs, compelling applications using this type of middleware to use proprietary solutions that sometimes do not address the environment restrictions in which they are deployed (e.g. impossibility to open firewall ports). This work presents and compares three solutions for firewall/NAT traversal by CORBA-based distributed applications, each one suitable for a specific situation and exploring its advantages. Examples of such situations are the possibility of open firewall ports or the possibility of start a TCP connection to the outside network.

[pt] CORBA

[en] CORBA

[pt] TRAVESSIA DE FIREWALLS

[en] FIREWALL TRAVERSAL

[pt] MIDDLEWARE

[en] MIDDLEWARE

[pt] FIREWALL

[en] FIREWALL