Question

Assignment4: Firewall Allow/Block Conflicts

Using the information presented in chapter 7, the provided handout (Firewall Limitations), and the lessons learned from Lab4 to answer the following questions:

• Discuss types of conflicts that may arise between firewall port ranges and individual port allow/block settings?

• What are the different types of conflict that you identified from this discussion?

Answer 1

Explanation:

Firewall:

In the computing world, a firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted network and an untrusted network, such as the Internet.

There are different types of firewall which function in different ways – packet-filtering firewalls, application/proxy firewalls, and network address translation. Packet-filtering firewalls operate at the network layer, not allowing packets to pass through the firewall unless they match the established policy rule set. Routers can provide a very common form of packet-filtering firewall.

A network administrator configures the firewall based on the policy, for example blocking and allowing packets based on what protocol they match and which IP address they have as their destination.

In the light of the above discussions, the questions on conflicts arising in firewall are discussed as follows:

Q 1. Discuss types of conflicts that may arise between firewall port ranges and individual port allow/block settings?

Modeling of firewall rule relations is necessary for analyzing the firewall policy and designing management techniques such as anomaly discovery and policy editing.

Although deployment of firewall technology is an important step toward securing our networks, the complexity of managing firewall policies might limit the effectiveness of firewall security. In a single firewall environment, the local firewall policy may include intra-firewall anomalies, where the same packet may match more than one filtering rule.

Therefore, the effectiveness of firewall security is dependent on providing policy management techniques and tools that network administrators can use to analyze, purify and verify the correctness of written firewall filtering rules.

An intra-firewall policy anomaly is defined as the existence of two or more filtering rules that may match the same packet or the existence of a rule that can never match any packet on the network paths that cross the firewall. The types of conflicts in such firewall policy are as follows:

1) Shadowing anomaly:

A rule is shadowed when a previous rule matches all the packets that match this rule, such that the shadowed rule will never be activated.

2) Correlation anomaly:

Two rules are correlated if they have different filtering actions, and the first rule matches some packets that match the second rule and the second rule matches some packets that match the first rule.

3) Generalization anomaly:

A rule is a generalization of a preceding rule if they have different actions, and if the second rule can match all the packets that match the first rule.

4) Redundancy anomaly:

A redundant rule performs the same action on the same packets as another rule such that if the redundant rule is removed, the security policy will not be affected.

5) Irrelevance anomaly:

A filtering rule in a firewall is irrelevant if this rule cannot match any traffic that might flow through this firewall. This exists when both the source address and the destination address fields of the rule do not match any domain reachable through this firewall. In other words, the path between the source and destination addresses of this rule does not pass through the firewall.

Q2. What are the different types of conflict that you identified from this discussion?

As identified in the previous discussion, the different types of conflict are as follows:

1.Shadowing conflict:

Rule a is said to shadow rule b if a has higher-priority than b, a and b specify different actions, and every packet that satisfies b also satisfies a. In shadowing, the two rules are in conflict on every packet that the rules apply to.

2. Correlation conflict:

Rule a and b are correlated if a and b specify different actions and some packets that satisfy a also satisfy b and vice versa. In correlation, the rules conflict on some packets that the rules apply to.

3. Redundancy conflict:

Redundancy occurs in two cases. In the first case, redundancy occurs if two rules a and b are such that all packets that satisfy a satisfy b, a and b specify the same action, and b is higher priority than a. In the second case, redundancy occurs if all packets that satisfy a also satisfy b, a and b specify the same action, a is higher priority than b, and a is not involved in any correlation anomalies. In both cases of redundancy, the lower priority rule will never be applied.

4. Generalization conflict:

Rule a is said to generalize rule b if b has higher priority than a, a and b specify different actions, and every packet that satisfies b also satisfies a. In generalization there is shadowing but the conflict is resolved by the priority.

This concludes the answer to all parts of the question along with the necessary explanations. Please like the answer if it serves your purpose. Thank you.