Georg-Christian Pranschke Supervisor: Barry Irwin Security and Networks Research Group Department of...
-
Upload
charleen-hoover -
Category
Documents
-
view
217 -
download
1
Transcript of Georg-Christian Pranschke Supervisor: Barry Irwin Security and Networks Research Group Department of...
Georg-Christian Pranschke Supervisor: Barry Irwin
Security and Networks Research Group
Department of Computer Science
Rhodes University
AUTOMATED FIREWALL RULE SET GENERATION
THROUGH PASSIVE TRAFFIC INSPECTION
AU
TO
MA
TED
FIREW
ALL R
ULE
SET
GEN
ER
ATIO
NBackground
Wireshark Tcpdump / Windump
ACM Classification System (1998) C.2.0. Security and Protection
• Introducing firewalls into existing networks is often problematic
• Production traffic cannot be interrupted
• Necessitates time consuming manual analysis of network traffic
• Ever increasing traffic volumes make manual analysis less feasible
AU
TO
MA
TED
FIREW
ALL R
ULE
SET
GEN
ER
ATIO
NResults / Critical Evaluation
• Misconfigured firewall provides only the illusion of network security
• Imperfect information -> no proof of correctness
• “Dancing bears”
• HTTP universal firewall traversal protocol -> SQLi