Abstract
Rubin and Greer stated that “The single most important factor of your firewall’s security is how you configure it.” [17]. However, firewall configuration is known to be difficult to get right. In particular domains, such as SCADA networks, while there are best practice standards that help, an overlooked component is the specification of firewall reporting policies. Our research tackles this question from first principles: we ask what are the uses of firewall reports, and we allow these to guide how reporting should be performed. We approach the problem by formalising the notion of scope and granularity of a report across several dimensions: time, network elements, policies, etc.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
At this point we classify existing activities and do not consider which of these cases is a sensible use of firewall resources.
- 2.
Although we view the two terms as close to synonymous in this context, resolution is overloaded with meaning and so we prefer the term granularity.
- 3.
Note that some types of events are already implicitly included in traffic or performance measurements, for instance, denied packet counts.
References
ANSI, ISA-62443-1-1. Security for industrial automation, control systems part 1–1: Terminology, concepts, and models (2007)
Byres, E., Karsch, J., Carter, J.: NISCC good practice guide on firewall deployment for SCADA and process control networks. National Infrastructure Security Co-ordination Centre (2005)
Check Point. NGX R65 CC Evaluated Configuration User Guide. Check Point, software technologies Ltd., USA (2008)
Cisco Systems. Cisco ASA 5500 Series Configuration Guide using the CLI. Cisco Systems Inc., 170 West Tasman Drive, San Jose, CA 95134–1706, USA (2010)
Cisco Systems. ASA 8.3 and later: Monitor and troubleshoot performance issues. White paper, Cisco Systems, March 2014
Cisco Systems. Cisco ASA 5585-X adaptive security appliance architecture. White paper, Cisco Systems, May 2014
De Champeaux, D., Lea, D., Faure, P.: Object-oriented System Development. Addison Wesley, Reading (1993)
Juniper Networks. Firewall Filter and Policer Configuration Guide. Juniper Networks Inc., 1194 North Mathilda Avenue, Sunnyvale, California 94089, USA (2011)
Kent, K., Souppaya, M.: Guide to computer security log management. NIST Spec. Publ. 800(92), 16–16 (2006)
Mayer, A., Wool, A., Ziskind, E.F.: A firewall analysis engine. In: IEEE Symposium on Security and Privacy, pp. 177–187 (2000)
NERC. Cyber security- Incident reporting and response planning. Critical Infrastructure Protection Standards, 008(3) (2009)
NERC. Cyber security- Systems security management. Critical Infrastructure Protection Standards, 007(3a) (2013)
Oetiker, T.: RRDtool. http://oss.oetiker.ch/rrdtool/
Purdy, G.N.: Linux Iptables Pocket Reference. O’Reilly Media Inc., USA (2004)
Ranathunga, D., Roughan, M., Kernick, P., Falkner, N., Nguyen, H.: Identifying the missing aspects of the ANSI/ISA best practices for security policy. In: Proceedings of CPSS, pp. 37–48. ACM (2015)
Ranathunga, D., Roughan, M., Kernick, P., Falkner, N., Tune, P.: ForestFirewalls: Getting firewall configuration right in critical networks. http://tinyurl.com/pzqtzkm
Rubin, A., Geer, D.: A survey of Web security. Computer 31(9), 34–41 (1998)
Scarfone, K., Hoffman, P.: Guidelines on firewalls and firewall policy. NIST Spec. Publ. 800(41), 1–48 (2009)
Scarfone, K., Mell, P.: Guide to Intrusion Detection and Prevention Systems (IDPS). NIST Spec. Publ. 800(94), 16–16 (2007)
Stouffer, K., Falco, J., Scarfone, K.: Guide to Industrial Control Systems (ICS) security. NIST Spec. Publ. 800(82), 16–16 (2008)
Wool, A.: Architecting the Lumeta firewall analyzer. In: USENIX Security Symposium, pp. 85–97 (2001)
Wool, A.: A quantitative study of firewall configuration errors. IEEE Comput. 37(6), 62–67 (2004)
Wool, A.: Trends in firewall configuration errors: Measuring the holes in Swiss cheese. IEEE Internet Comput. 14(4), 58–65 (2010)
Acknowledgements
This project was supported by the Australian Government through an Australian Postgraduate Award, Australian Research Council Linkage Grant LP100200493, and CQR Consulting.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Ranathunga, D., Roughan, M., Kernick, P., Falkner, N. (2016). Towards Standardising Firewall Reporting. In: Bécue, A., Cuppens-Boulahia, N., Cuppens, F., Katsikas, S., Lambrinoudakis, C. (eds) Security of Industrial Control Systems and Cyber Physical Systems. CyberICS WOS-CPS 2015 2015. Lecture Notes in Computer Science(), vol 9588. Springer, Cham. https://doi.org/10.1007/978-3-319-40385-4_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-40385-4_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-40384-7
Online ISBN: 978-3-319-40385-4
eBook Packages: Computer ScienceComputer Science (R0)