Due to the increasing threat of attacks and malicious activities, the use of firewall technology is an important milestone toward making networks of any complexity and size secure. Unfortunately, the inherent difficulties in designing and managing firewall policies within the modern highly distributed, dynamic and heterogeneous environments might greatly limit the effectiveness of firewall security. It is therefore desirable to automate as much as possible the firewall configuration process. Accordingly, this work presents a new more active and scalable firewalling architecture based on dynamic and adaptive policy management facilities, thus enabling the automatic generation of new rules and policies, to ensure a timely response in detecting unusual traffic activity and identify unknown potential attacks (0day). The proposed scheme, structured in a multi-stage modular fashion, can be easily applied in a distributed security environment, and does not depend on specific security solutions or hardware/software packages. © 2010 IEEE.
An enhanced firewall scheme for dynamic and adaptive containment of emerging security threats
Castiglione, Aniello;Fiore, Ugo;
2010-01-01
Abstract
Due to the increasing threat of attacks and malicious activities, the use of firewall technology is an important milestone toward making networks of any complexity and size secure. Unfortunately, the inherent difficulties in designing and managing firewall policies within the modern highly distributed, dynamic and heterogeneous environments might greatly limit the effectiveness of firewall security. It is therefore desirable to automate as much as possible the firewall configuration process. Accordingly, this work presents a new more active and scalable firewalling architecture based on dynamic and adaptive policy management facilities, thus enabling the automatic generation of new rules and policies, to ensure a timely response in detecting unusual traffic activity and identify unknown potential attacks (0day). The proposed scheme, structured in a multi-stage modular fashion, can be easily applied in a distributed security environment, and does not depend on specific security solutions or hardware/software packages. © 2010 IEEE.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.