|
Title
|
|
|
|
Investigating the creation of an evolvable firewall rule base and guidance for network firewall architecture, using the normalized systems theory
| |
|
Author
|
|
|
|
| |
|
Abstract
|
|
|
|
| A firewall is an essential network security component. It protects network connected company resources from potential malicious traffic. The firewall rule base, the list of filters to be applied to network traffic, can quickly become complex up to the point where companies consider the rule base as unmanageable. The complexity leads to unforeseen and painful side effects when the firewall rule base is changed (add/remove filtering rules). Sufficient literature exists on the root cause of rule base evolvability issues. However, little research is available on how to properly construct a rule base such that the evolvability issues do not occur. Normalized Systems (NS) theory provides proven guidance on how to create evolvable modular systems. In this paper NS is used to study the combinatorics involved when creating a firewall rule base. Based on those combinatorics, an artifact (method) is proposed to create a firewall rule base, that has evolvability in its design. As a network rarely contains only one firewall, the impact of different filtering strategies and changes on multiple firewalls, is studied as well. |
| |
|
Language
|
|
|
|
English
| |
|
Source (journal)
|
|
|
|
International journal on advances in security
| |
|
Publication
|
|
|
|
2020
| |
|
Volume/pages
|
|
|
|
13
:1-2
(2020)
, p. 1-16
| |
|
Full text (publisher's version - intranet only)
|
|
|
|
| |
|