AUTOMATED FIREWALL RULE SET GENERATION THROUGH PASSIVE TRAFFIC INSPECTION

10
Georg-Christian Pranschke Supervisor: Barry Irwin Security and Networks Research Group Department of Computer Science Rhodes University AUTOMATED FIREWALL RULE SET GENERATION THROUGH PASSIVE TRAFFIC INSPECTION

description

AUTOMATED FIREWALL RULE SET GENERATION THROUGH PASSIVE TRAFFIC INSPECTION. Georg-Christian Pranschke Supervisor: Barry Irwin Security and Networks Research Group - PowerPoint PPT Presentation

Transcript of AUTOMATED FIREWALL RULE SET GENERATION THROUGH PASSIVE TRAFFIC INSPECTION

Page 1: AUTOMATED FIREWALL RULE SET GENERATION THROUGH PASSIVE TRAFFIC INSPECTION

Georg-Christian Pranschke Supervisor: Barry Irwin

Security and Networks Research Group

Department of Computer Science

Rhodes University

AUTOMATED FIREWALL RULE SET GENERATION

THROUGH PASSIVE TRAFFIC INSPECTION

Page 2: AUTOMATED FIREWALL RULE SET GENERATION THROUGH PASSIVE TRAFFIC INSPECTION

AU

TO

MA

TED

FIREW

ALL R

ULE

SET

GEN

ER

ATIO

NBackground

Wireshark Tcpdump / Windump

ACM Classification System (1998) C.2.0. Security and Protection

• Introducing firewalls into existing networks is often problematic

• Production traffic cannot be interrupted

• Necessitates time consuming manual analysis of network traffic

• Ever increasing traffic volumes make manual analysis less feasible

Page 3: AUTOMATED FIREWALL RULE SET GENERATION THROUGH PASSIVE TRAFFIC INSPECTION

AU

TO

MA

TED

FIREW

ALL R

ULE

SET

GEN

ER

ATIO

NTraffic Analyser – Flow Creation

Page 4: AUTOMATED FIREWALL RULE SET GENERATION THROUGH PASSIVE TRAFFIC INSPECTION

AU

TO

MA

TED

FIREW

ALL R

ULE

SET

GEN

ER

ATIO

NHigh Level Design Overview – System Components

Page 5: AUTOMATED FIREWALL RULE SET GENERATION THROUGH PASSIVE TRAFFIC INSPECTION

Pipeline: bpf -> sql -> scripts -> fwbuilder

Page 6: AUTOMATED FIREWALL RULE SET GENERATION THROUGH PASSIVE TRAFFIC INSPECTION
Page 7: AUTOMATED FIREWALL RULE SET GENERATION THROUGH PASSIVE TRAFFIC INSPECTION

Charybdis screencast

Scylla screencast

Page 8: AUTOMATED FIREWALL RULE SET GENERATION THROUGH PASSIVE TRAFFIC INSPECTION

AU

TO

MA

TED

FIREW

ALL R

ULE

SET

GEN

ER

ATIO

NResults / Critical Evaluation

• Misconfigured firewall provides only the illusion of network security

• Imperfect information -> no proof of correctness

• “Dancing bears”

• HTTP universal firewall traversal protocol -> SQLi

Page 9: AUTOMATED FIREWALL RULE SET GENERATION THROUGH PASSIVE TRAFFIC INSPECTION
Page 10: AUTOMATED FIREWALL RULE SET GENERATION THROUGH PASSIVE TRAFFIC INSPECTION

AU

TO

MA

TED

FIREW

ALL R

ULE

SET

GEN

ER

ATIO

NQuestions ?


Managing DNS Firewall - Cisco · Managing DNS Firewall • ManagingDNSFirewall,page1 Managing DNS Firewall DNSfirewallcontrolsthedomainnames,IPaddresses,andnameserversthatareallowedtofunctiononthe

Managing DNS Firewall - Cisco · Managing DNS Firewall • ManagingDNSFirewall,page1 Managing DNS Firewall DNSfirewallcontrolsthedomainnames,IPaddresses,andnameserversthatareallowedtofunctiononthe

Where firewalls fit in the corporate landscape. Firewall topics Why firewall? What is a firewall? What is the perfect firewall? What types of firewall.

Where firewalls fit in the corporate landscape. Firewall topics Why firewall? What is a firewall? What is the perfect firewall? What types of firewall.

Towards the automated detection and occupancy estimation of primates using passive ... · 2015-10-01 · we investigated using passive acoustic monitoring (PAM) for wild primate populations

Towards the automated detection and occupancy estimation of primates using passive ... · 2015-10-01 · we investigated using passive acoustic monitoring (PAM) for wild primate populations

Project 3b Stateless, Passive Firewall (3a) Stateful, Active Firewall (3b)

Project 3b Stateless, Passive Firewall (3a) Stateful, Active Firewall (3b)

Annual Firewall Survey Report - web.tufin.comweb.tufin.com/hubfs/resources/surveys/firewall-survey-report-2012.pdf · Insights on the state of firewall management ... firewall management

Annual Firewall Survey Report - web.tufin.comweb.tufin.com/hubfs/resources/surveys/firewall-survey-report-2012.pdf · Insights on the state of firewall management ... firewall management

Windows 7 Firewall. Windows 7 Firewall Topics What is a firewall? What is a firewall? Firewall types Firewall types How a firewall works How a firewall.

Windows 7 Firewall. Windows 7 Firewall Topics What is a firewall? What is a firewall? Firewall types Firewall types How a firewall works How a firewall.

Automated Task Load Detection with Electroencephalography ... · Automated Task Load Detection with Electroencephalography: Towards Passive Brain-Computer Interfacing in Robotic Surgery

Automated Task Load Detection with Electroencephalography ... · Automated Task Load Detection with Electroencephalography: Towards Passive Brain-Computer Interfacing in Robotic Surgery

Comodo Firewall Pro 2.4 - Personal Firewall · PDF fileComodo Firewall Pro 2.4 – User Guide 1 Comodo Firewall Pro 2.4

Comodo Firewall Pro 2.4 - Personal Firewall · PDF fileComodo Firewall Pro 2.4 – User Guide 1 Comodo Firewall Pro 2.4

Surrogate models and automated CAD of passive microwave ...Surrogate models and automated CAD of passive microwave components Adam Lame¸cki Ph.D. Thesis ... (SoP) applications. SoP

Surrogate models and automated CAD of passive microwave ...Surrogate models and automated CAD of passive microwave components Adam Lame¸cki Ph.D. Thesis ... (SoP) applications. SoP

FIREWALL WAN HAIL FIREWALL INTERNET …FIREWALL WAN HAIL FIREWALL INTERNET SERVERS PROXY WEB ROUTER CLIENT pcs

FIREWALL WAN HAIL FIREWALL INTERNET …FIREWALL WAN HAIL FIREWALL INTERNET SERVERS PROXY WEB ROUTER CLIENT pcs

Filtering in Firewall By Fantastic 5. Agenda What is Firewall? Types Of Firewall Pros and Cons Of Different Firewalls What Firewall can do? What Firewall.

Filtering in Firewall By Fantastic 5. Agenda What is Firewall? Types Of Firewall Pros and Cons Of Different Firewalls What Firewall can do? What Firewall.

AUTOMATED SECURITY SCANNING GUIDE - … · Discover network details, firewall issues and security vulnerabilities with these types of scans. Nmap Port Scan ... AUTOMATED SECURITY

AUTOMATED SECURITY SCANNING GUIDE - … · Discover network details, firewall issues and security vulnerabilities with these types of scans. Nmap Port Scan ... AUTOMATED SECURITY

#FutureWAN · • Firewall & Encryption delivering security • Local internet access • WAN Optimization • Automated Documentation of branch network Zero Touch • Provisions

#FutureWAN · • Firewall & Encryption delivering security • Local internet access • WAN Optimization • Automated Documentation of branch network Zero Touch • Provisions

DCOM and Windows Firewall Configuration for Automated Solutions OPC Servers

DCOM and Windows Firewall Configuration for Automated Solutions OPC Servers

Georg-Christian Pranschke Supervisor: Barry Irwin Security and Networks Research Group Department of Computer Science Rhodes University AUTOMATED FIREWALL.

Georg-Christian Pranschke Supervisor: Barry Irwin Security and Networks Research Group Department of Computer Science Rhodes University AUTOMATED FIREWALL.

FortiGate 600D Next Generation Firewall Internal Segmentation Firewall · Next Generation Firewall Internal Segmentation Firewall The FortiGate 600D delivers next generation firewall

FortiGate 600D Next Generation Firewall Internal Segmentation Firewall · Next Generation Firewall Internal Segmentation Firewall The FortiGate 600D delivers next generation firewall

Controlling Access Through the Firewall · Firewall# show firewall The result is either “Firewall mode: Router” or “Firewall mode: Transparent”. If you need to configure

Controlling Access Through the Firewall · Firewall# show firewall The result is either “Firewall mode: Router” or “Firewall mode: Transparent”. If you need to configure

Maximising Firewall Performance - alcatron.net Live 2013 Melbourne/Cisco Live... · Maximising Firewall Performance BRKSEC-3021 . ... Firewall and VPN Firewall Multiservice ASA 5540

Maximising Firewall Performance - alcatron.net Live 2013 Melbourne/Cisco Live... · Maximising Firewall Performance BRKSEC-3021 . ... Firewall and VPN Firewall Multiservice ASA 5540

Firewall - piya.ee.engr.tu.ac.th · Firewall Pro & Cons Types of Firewalls Firewall Configuration Firewall Products Firewall Alternatives Firewall Pro & Cons Pros Keeping unwanted

Firewall - piya.ee.engr.tu.ac.th · Firewall Pro & Cons Types of Firewalls Firewall Configuration Firewall Products Firewall Alternatives Firewall Pro & Cons Pros Keeping unwanted

Firewall and SmartDefense - asm.mdstorage.asm.md/docs/CheckPoint NGX R65/CheckPoint_R65...Reporter, Eventia Suite, FireWall-1, FireWall-1 GX, FireWall-1 SecureServer, FloodGate-1,

Firewall and SmartDefense - asm.mdstorage.asm.md/docs/CheckPoint NGX R65/CheckPoint_R65...Reporter, Eventia Suite, FireWall-1, FireWall-1 GX, FireWall-1 SecureServer, FloodGate-1,