AUTOMATED FIREWALL RULE SET GENERATION THROUGH PASSIVE TRAFFIC INSPECTION
description
Transcript of AUTOMATED FIREWALL RULE SET GENERATION THROUGH PASSIVE TRAFFIC INSPECTION
![Page 1: AUTOMATED FIREWALL RULE SET GENERATION THROUGH PASSIVE TRAFFIC INSPECTION](https://reader036.fdocuments.us/reader036/viewer/2022062422/56813e00550346895da7db7b/html5/thumbnails/1.jpg)
Georg-Christian Pranschke Supervisor: Barry Irwin
Security and Networks Research Group
Department of Computer Science
Rhodes University
AUTOMATED FIREWALL RULE SET GENERATION
THROUGH PASSIVE TRAFFIC INSPECTION
![Page 2: AUTOMATED FIREWALL RULE SET GENERATION THROUGH PASSIVE TRAFFIC INSPECTION](https://reader036.fdocuments.us/reader036/viewer/2022062422/56813e00550346895da7db7b/html5/thumbnails/2.jpg)
AU
TO
MA
TED
FIREW
ALL R
ULE
SET
GEN
ER
ATIO
NBackground
Wireshark Tcpdump / Windump
ACM Classification System (1998) C.2.0. Security and Protection
• Introducing firewalls into existing networks is often problematic
• Production traffic cannot be interrupted
• Necessitates time consuming manual analysis of network traffic
• Ever increasing traffic volumes make manual analysis less feasible
![Page 3: AUTOMATED FIREWALL RULE SET GENERATION THROUGH PASSIVE TRAFFIC INSPECTION](https://reader036.fdocuments.us/reader036/viewer/2022062422/56813e00550346895da7db7b/html5/thumbnails/3.jpg)
AU
TO
MA
TED
FIREW
ALL R
ULE
SET
GEN
ER
ATIO
NTraffic Analyser – Flow Creation
![Page 4: AUTOMATED FIREWALL RULE SET GENERATION THROUGH PASSIVE TRAFFIC INSPECTION](https://reader036.fdocuments.us/reader036/viewer/2022062422/56813e00550346895da7db7b/html5/thumbnails/4.jpg)
AU
TO
MA
TED
FIREW
ALL R
ULE
SET
GEN
ER
ATIO
NHigh Level Design Overview – System Components
![Page 5: AUTOMATED FIREWALL RULE SET GENERATION THROUGH PASSIVE TRAFFIC INSPECTION](https://reader036.fdocuments.us/reader036/viewer/2022062422/56813e00550346895da7db7b/html5/thumbnails/5.jpg)
Pipeline: bpf -> sql -> scripts -> fwbuilder
![Page 6: AUTOMATED FIREWALL RULE SET GENERATION THROUGH PASSIVE TRAFFIC INSPECTION](https://reader036.fdocuments.us/reader036/viewer/2022062422/56813e00550346895da7db7b/html5/thumbnails/6.jpg)
![Page 7: AUTOMATED FIREWALL RULE SET GENERATION THROUGH PASSIVE TRAFFIC INSPECTION](https://reader036.fdocuments.us/reader036/viewer/2022062422/56813e00550346895da7db7b/html5/thumbnails/7.jpg)
Charybdis screencast
Scylla screencast
![Page 8: AUTOMATED FIREWALL RULE SET GENERATION THROUGH PASSIVE TRAFFIC INSPECTION](https://reader036.fdocuments.us/reader036/viewer/2022062422/56813e00550346895da7db7b/html5/thumbnails/8.jpg)
AU
TO
MA
TED
FIREW
ALL R
ULE
SET
GEN
ER
ATIO
NResults / Critical Evaluation
• Misconfigured firewall provides only the illusion of network security
• Imperfect information -> no proof of correctness
• “Dancing bears”
• HTTP universal firewall traversal protocol -> SQLi
![Page 9: AUTOMATED FIREWALL RULE SET GENERATION THROUGH PASSIVE TRAFFIC INSPECTION](https://reader036.fdocuments.us/reader036/viewer/2022062422/56813e00550346895da7db7b/html5/thumbnails/9.jpg)
![Page 10: AUTOMATED FIREWALL RULE SET GENERATION THROUGH PASSIVE TRAFFIC INSPECTION](https://reader036.fdocuments.us/reader036/viewer/2022062422/56813e00550346895da7db7b/html5/thumbnails/10.jpg)
AU
TO
MA
TED
FIREW
ALL R
ULE
SET
GEN
ER
ATIO
NQuestions ?