FWunify: A Tool to Simplify Multiple Firewall Configuration
Abstract
Setting up multiple firewalls is a challenging process. Existing solutions are specialized and require prior mastery or learning a variety of syntaxes and configuration methods to correctly implement the desired security policies. To reduce the learning curve and mitigate operational errors, we propose the FWunify tool - a solution for integrated and automatic firewall configuration. Through an architecture composed of multiple layers and loosely coupled modules, FWunify allows new firewall solutions to be incorporated into the tool with minimal impact on adjacent layers. A working prototype of FWunify was implemented and used to demonstrate the technical feasibility and applicability of the proposal.
Keywords:
security policies, firewall management, hybrid networks, software architecture
References
Bodei, C., Degano, P., Focardi, R., Galletta, L., and Tempesta, M. (2018). Transcompiling rewalls. In POST, pages 303–324.
Botta, D., Werlinger, R., Gagné, A., Beznosov, K., Iverson, L., Fels, S., and Fisher, B. (2007). Towards understanding it security professionals and their tools. In USENIX SOUPS, page 100–111. ACM.
Fiorenza, M., Kreutz, D., Mansilha, R., Macedo, D., Feitosa, E., and Immich, R. (2021). Representação e aplicação de políticas de segurança em rewall de redes híbridas. In XXXIX SBRC. SBC.
Fiorenza, M. M., Kreutz, D., and Mansilha, R. (2020). Gerenciamento de rewalls em redes híbridas. In XX Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais (SBSeg). SBC.
Gartner (2019). Technology Insight for Network Security Policy Management. https://www.gartner.com/en/documents/3902564.
Hu, H., Han, W., Kyung, S., Wang, J., Ahn, G.-J., Zhao, Z., and Li, H. (2019). Towards a reliable rewall for software-dened networks. Computers & Security, 87:101597.
Morzhov, S., Alekseev, I., and Nikitinskiy, M. (2016). Firewall application for Floodlight SDN controller. In International Siberian Conference on Control and Communications, pages 1–5. IEEE.
Sun, Q., LIU, W. S., and Xie, K. (2019). An Intent-driven Management Framework. Internet-draft, Internet Engineering Task Force. Work in Progress.
Voronkov, A., Iwaya, L. H., Martucci, L. A., and Lindskog, S. (2017). Systematic literature review on usability of rewall conguration. ACM Comput. Surv., 50(6).
Voronkov, A., Martucci, L. A., and Lindskog, S. (2019). System administrators prefer command line interfaces, don’t they? an exploratory study of rewall interfaces. In USENIX SOUPS. USENIX Association.
Botta, D., Werlinger, R., Gagné, A., Beznosov, K., Iverson, L., Fels, S., and Fisher, B. (2007). Towards understanding it security professionals and their tools. In USENIX SOUPS, page 100–111. ACM.
Fiorenza, M., Kreutz, D., Mansilha, R., Macedo, D., Feitosa, E., and Immich, R. (2021). Representação e aplicação de políticas de segurança em rewall de redes híbridas. In XXXIX SBRC. SBC.
Fiorenza, M. M., Kreutz, D., and Mansilha, R. (2020). Gerenciamento de rewalls em redes híbridas. In XX Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais (SBSeg). SBC.
Gartner (2019). Technology Insight for Network Security Policy Management. https://www.gartner.com/en/documents/3902564.
Hu, H., Han, W., Kyung, S., Wang, J., Ahn, G.-J., Zhao, Z., and Li, H. (2019). Towards a reliable rewall for software-dened networks. Computers & Security, 87:101597.
Morzhov, S., Alekseev, I., and Nikitinskiy, M. (2016). Firewall application for Floodlight SDN controller. In International Siberian Conference on Control and Communications, pages 1–5. IEEE.
Sun, Q., LIU, W. S., and Xie, K. (2019). An Intent-driven Management Framework. Internet-draft, Internet Engineering Task Force. Work in Progress.
Voronkov, A., Iwaya, L. H., Martucci, L. A., and Lindskog, S. (2017). Systematic literature review on usability of rewall conguration. ACM Comput. Surv., 50(6).
Voronkov, A., Martucci, L. A., and Lindskog, S. (2019). System administrators prefer command line interfaces, don’t they? an exploratory study of rewall interfaces. In USENIX SOUPS. USENIX Association.
Published
2021-10-04
How to Cite
FIORENZA, Maurício; KREUTZ, Diego; MANSILHA, Rodrigo B..
FWunify: A Tool to Simplify Multiple Firewall Configuration. In: TOOLS - BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 21. , 2021, Evento Online.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2021
.
p. 34-41.
DOI: https://doi.org/10.5753/sbseg_estendido.2021.17337.
