β Scribed by Seny Kamara; Sonia Fahmy; Eugene Schultz; Florian Kerschbaum; Michael Frantzen
No coin nor oath required. For personal study only.
Firewalls protect a trusted network from an untrusted network by filtering traffic according to a specified security policy. A diverse set of firewalls is being used today. As it is infeasible to examine and test each firewall for all possible potential problems, a taxonomy is needed to understand firewall vulnerabilities in the context of firewall operations. This paper describes a novel methodology for analyzing vulnerabilities in Internet firewalls. A firewall vulnerability is defined as an error made during firewall design, implementation, or configuration, that can be exploited to attack the trusted network that the firewall is supposed to protect. We examine firewall internals, and cross-reference each firewall operation with causes and effects of weaknesses in that operation, analyzing twenty reported problems with available firewalls. The result of our analysis is a set of matrices that illustrate the distribution of firewall vulnerability causes and effects over firewall operations. These matrices are useful in avoiding and detecting unforeseen problems during both firewall implementation and firewall testing. Two case studies of Firewall-1 and Raptor illustrate our methodology.
π SIMILAR VOLUMES
## If you wish to order reprints for this or any other articles in the International Journal of Network Management, please see the Special Reprint instructions inside the front cover.
The Bell Labs Security Framework provides a comprehensive matrix that can be used to evaluate the security of an application (service), host, protocol, or communication link. The methodology has been used to assess the security of information technology (IT) and telecommunications services, as well