Distributed firewalls and IDS interoperability checking based on a formal approach
This addresses configuration issues for network administrators in distributed multi-component architectures, but it is incremental as it builds on existing formal methods for security analysis.
The paper tackled the problem of ensuring interoperability between distributed security components like firewalls and IDS to avoid misconfigurations that degrade network security, by proposing a formal approach to check for anomalies between filtering and alerting rules.
To supervise and guarantee a network security, the administrator uses different security components, such as firewalls, IDS and IPS. For a perfect interoperability between these components, they must be configured properly to avoid misconfiguration between them. Nevertheless, the existence of a set of anomalies between filtering rules and alerting rules, particularly in distributed multi-component architectures is very likely to degrade the network security. The main objective of this paper is to check if a set of security components are interoperable. A case study using a firewall and an IDS as examples will illustrate the usefulness of our approach.