Home // International Journal On Advances in Security, volume 13, numbers 1 and 2, 2020 // View article
Authors:
Geert Haerens
Herwig Mannaert
Keywords: Normalized Systems; Firewall; Rule base
Abstract:
A firewall is an essential network security component. It protects network connected company resources from potential malicious traffic. The firewall rule base, the list of filters to be applied to network traffic, can quickly become complex up to the point where companies consider the rule base as unmanageable. The complexity leads to unforeseen and painful side effects when the firewall rule base is changed (add/remove filtering rules). Sufficient literature exists on the root cause of rule base evolvability issues. However, little research is available on how to properly construct a rule base such that the evolvability issues do not occur. Normalized Systems (NS) theory provides proven guidance on how to create evolvable modular systems. In this paper NS is used to study the combinatorics involved when creating a firewall rule base. Based on those combinatorics, an artifact (method) is proposed to create a firewall rule base, that has evolvability in its design. As a network rarely contains only one firewall, the impact of different filtering strategies and changes on multiple firewalls, is studied as well.
Pages: 1 to 16
Copyright: Copyright (c) to authors, 2020. Used with permission.
Publication date: June 30, 2020
Published in: journal
ISSN: 1942-2636