Policy Optimization and Anomaly Detection of Firewall

Firewalls are core entity in network security. Though, management of firewall rules/policies, mainly in multiple firewall enterprise networks, has grown to be a complex and error-prone task. A firewall always checks every incoming or outgoing packet to decide which packet should be accept or discard based on its policy. To avoid policy anomalies, it must be consider that firewall filtering rules must be written, well-organized and distributed suspiciously. These firewall policy anomalies might cause network vulnerability. Hence, insertion or modification of filtering rules in every firewall requires thorough intra-firewall and inter-firewall analysis. This analysis determines the correct rule position and order in the firewalls. In this paper, firstly, identification of all anomalies which may exist in a single or multiple firewall environments is addressed with various anomaly detection techniques. Secondly, this paper describes the cross-domain privacy-preserving protocol for cooperative firewall policy optimization. Specially, for several two neighbouring firewalls belonging to two different administrative domains, protocol which is define in this paper may identify in every firewall policies that can be eliminated because of the another firewall.