1 / 10

AUTOMATED FIREWALL RULE SET GENERATION THROUGH PASSIVE TRAFFIC INSPECTION

AUTOMATED FIREWALL RULE SET GENERATION THROUGH PASSIVE TRAFFIC INSPECTION. Georg-Christian Pranschke Supervisor: Barry Irwin Security and Networks Research Group

rue
Download Presentation

AUTOMATED FIREWALL RULE SET GENERATION THROUGH PASSIVE TRAFFIC INSPECTION

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. AUTOMATED FIREWALL RULE SET GENERATIONTHROUGH PASSIVE TRAFFIC INSPECTION Georg-Christian Pranschke Supervisor: Barry Irwin Security and Networks Research Group Department of Computer Science Rhodes University

  2. Background Wireshark Tcpdump / Windump ACM Classification System (1998) C.2.0. Security and Protection • Introducing firewalls into existing networks is often problematic • Production traffic cannot be interrupted • Necessitates time consuming manual analysis of network traffic • Ever increasing traffic volumes make manual analysis less feasible AUTOMATED FIREWALL RULE SET GENERATION

  3. Traffic Analyser – Flow Creation AUTOMATED FIREWALL RULE SET GENERATION

  4. High Level Design Overview – System Components AUTOMATED FIREWALL RULE SET GENERATION

  5. Pipeline: bpf -> sql -> scripts -> fwbuilder

  6. Charybdis screencast Scylla screencast

  7. Results / Critical Evaluation AUTOMATED FIREWALL RULE SET GENERATION • Misconfigured firewall provides only the illusion of network security • Imperfect information -> no proof of correctness • “Dancing bears” • HTTP universal firewall traversal protocol -> SQLi

  8. Questions ? AUTOMATED FIREWALL RULE SET GENERATION

More Related