Skip to main content
SpringerLink
Log in
Book cover

International Workshop on the Security of Industrial Control Systems and Cyber-Physical Systems

Workshop on the Security of Cyber Physical Systems

CyberICS 2015, WOS-CPS 2015: Security of Industrial Control Systems and Cyber Physical Systems pp 127–143Cite as

Towards Standardising Firewall Reporting

  • Conference paper
  • First Online:

  • 1234 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9588))

Abstract

Rubin and Greer stated that “The single most important factor of your firewall’s security is how you configure it.” [17]. However, firewall configuration is known to be difficult to get right. In particular domains, such as SCADA networks, while there are best practice standards that help, an overlooked component is the specification of firewall reporting policies. Our research tackles this question from first principles: we ask what are the uses of firewall reports, and we allow these to guide how reporting should be performed. We approach the problem by formalising the notion of scope and granularity of a report across several dimensions: time, network elements, policies, etc.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    At this point we classify existing activities and do not consider which of these cases is a sensible use of firewall resources.

  2. 2.

    Although we view the two terms as close to synonymous in this context, resolution is overloaded with meaning and so we prefer the term granularity.

  3. 3.

    Note that some types of events are already implicitly included in traffic or performance measurements, for instance, denied packet counts.

References

  1. ANSI, ISA-62443-1-1. Security for industrial automation, control systems part 1–1: Terminology, concepts, and models (2007)

    Google Scholar 

  2. Byres, E., Karsch, J., Carter, J.: NISCC good practice guide on firewall deployment for SCADA and process control networks. National Infrastructure Security Co-ordination Centre (2005)

    Google Scholar 

  3. Check Point. NGX R65 CC Evaluated Configuration User Guide. Check Point, software technologies Ltd., USA (2008)

    Google Scholar 

  4. Cisco Systems. Cisco ASA 5500 Series Configuration Guide using the CLI. Cisco Systems Inc., 170 West Tasman Drive, San Jose, CA 95134–1706, USA (2010)

    Google Scholar 

  5. Cisco Systems. ASA 8.3 and later: Monitor and troubleshoot performance issues. White paper, Cisco Systems, March 2014

    Google Scholar 

  6. Cisco Systems. Cisco ASA 5585-X adaptive security appliance architecture. White paper, Cisco Systems, May 2014

    Google Scholar 

  7. De Champeaux, D., Lea, D., Faure, P.: Object-oriented System Development. Addison Wesley, Reading (1993)

    Google Scholar 

  8. Juniper Networks. Firewall Filter and Policer Configuration Guide. Juniper Networks Inc., 1194 North Mathilda Avenue, Sunnyvale, California 94089, USA (2011)

    Google Scholar 

  9. Kent, K., Souppaya, M.: Guide to computer security log management. NIST Spec. Publ. 800(92), 16–16 (2006)

    Google Scholar 

  10. Mayer, A., Wool, A., Ziskind, E.F.: A firewall analysis engine. In: IEEE Symposium on Security and Privacy, pp. 177–187 (2000)

    Google Scholar 

  11. NERC. Cyber security- Incident reporting and response planning. Critical Infrastructure Protection Standards, 008(3) (2009)

    Google Scholar 

  12. NERC. Cyber security- Systems security management. Critical Infrastructure Protection Standards, 007(3a) (2013)

    Google Scholar 

  13. Oetiker, T.: RRDtool. http://oss.oetiker.ch/rrdtool/

  14. Purdy, G.N.: Linux Iptables Pocket Reference. O’Reilly Media Inc., USA (2004)

    Google Scholar 

  15. Ranathunga, D., Roughan, M., Kernick, P., Falkner, N., Nguyen, H.: Identifying the missing aspects of the ANSI/ISA best practices for security policy. In: Proceedings of CPSS, pp. 37–48. ACM (2015)

    Google Scholar 

  16. Ranathunga, D., Roughan, M., Kernick, P., Falkner, N., Tune, P.: ForestFirewalls: Getting firewall configuration right in critical networks. http://tinyurl.com/pzqtzkm

  17. Rubin, A., Geer, D.: A survey of Web security. Computer 31(9), 34–41 (1998)

    Article  Google Scholar 

  18. Scarfone, K., Hoffman, P.: Guidelines on firewalls and firewall policy. NIST Spec. Publ. 800(41), 1–48 (2009)

    Google Scholar 

  19. Scarfone, K., Mell, P.: Guide to Intrusion Detection and Prevention Systems (IDPS). NIST Spec. Publ. 800(94), 16–16 (2007)

    Google Scholar 

  20. Stouffer, K., Falco, J., Scarfone, K.: Guide to Industrial Control Systems (ICS) security. NIST Spec. Publ. 800(82), 16–16 (2008)

    Google Scholar 

  21. Wool, A.: Architecting the Lumeta firewall analyzer. In: USENIX Security Symposium, pp. 85–97 (2001)

    Google Scholar 

  22. Wool, A.: A quantitative study of firewall configuration errors. IEEE Comput. 37(6), 62–67 (2004)

    Article  Google Scholar 

  23. Wool, A.: Trends in firewall configuration errors: Measuring the holes in Swiss cheese. IEEE Internet Comput. 14(4), 58–65 (2010)

    Article  Google Scholar 

Download references

Acknowledgements

This project was supported by the Australian Government through an Australian Postgraduate Award, Australian Research Council Linkage Grant LP100200493, and CQR Consulting.

Author information

Authors and Affiliations

  1. ARC Centre of Excellence for Mathematical and Statistical Frontiers, University of Adelaide, Adelaide, Australia

    Dinesha Ranathunga & Matthew Roughan

  2. School of Computer Science, University of Adelaide, Adelaide, Australia

    Nick Falkner

  3. CQR Consulting, Unley, Australia

    Phil Kernick

Authors
  1. Dinesha Ranathunga
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Matthew Roughan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Phil Kernick
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Nick Falkner
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dinesha Ranathunga .

Editor information

Editors and Affiliations

  1. Airbus Defence & Space Cybersecurity, Elancourt, France

    Adrien Bécue

  2. Télécom Bretagne, Cesson-Sévigné, France

    Nora Cuppens-Boulahia

  3. Télécom Bretagne, Cesson Sévigné, France

    Frédéric Cuppens

  4. Center for Cyber & Information Security, Norwegian Univ. of Science & Technology, Gjøvik, Norway

    Sokratis Katsikas

  5. Department of Digital Systems, University of Piraeus, Piraeus, Greece

    Costas Lambrinoudakis

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Ranathunga, D., Roughan, M., Kernick, P., Falkner, N. (2016). Towards Standardising Firewall Reporting. In: Bécue, A., Cuppens-Boulahia, N., Cuppens, F., Katsikas, S., Lambrinoudakis, C. (eds) Security of Industrial Control Systems and Cyber Physical Systems. CyberICS WOS-CPS 2015 2015. Lecture Notes in Computer Science(), vol 9588. Springer, Cham. https://doi.org/10.1007/978-3-319-40385-4_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-40385-4_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-40384-7

  • Online ISBN: 978-3-319-40385-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation