This paper describes some of the key efforts done by the research community to prevent attacks on network infrastructures, mainly by using Firewall and Intrusion Detection Systems. We also cover some of the protection models in Cloud Computing. This paper is the second phase of our previous paper about Network Protection Security Threats and Attacks.
The research community investigated the cyber attack prevention models heavily. Most of the work was focused on preventing such attacks by automating Firewall rules and also improving Access Control Lists on network infrastructure devices. Alshaer et al. identified all anomalies that could exist in a single- or multi-firewall environment. They also presented a set of algorithms to detect rule anomalies within a single firewall (intra-firewall anomalies), and between inter-connected firewalls (inter-firewall anomalies) in the network.
The authors also presented the Firewall Policy Advisor which provides a number of techniques for purifying and protecting the firewall policy from rule anomalies. The administrator may use the firewall policy advisor to manage firewall policies without prior analysis of filtering rules. In this paper, they formally defined a number of firewall policy anomalies in both centralized and distributed firewalls and they proved that these are the only conflicts that could exist in firewall policies. Then they presented a set of algorithms to detect rule anomalies within a single firewall (intra-firewall anomalies), and between inter-connected firewalls (inter-firewall anomalies) in the network.
Table of Contents
1) INTRODUCTION
2) PROTECTION MODELS
3) CONCLUSION
Research Objectives and Topics
This paper aims to provide a comprehensive overview of existing research efforts focused on enhancing network infrastructure security through the automation and optimization of firewalls, intrusion detection systems, and access control lists, while also examining protection models in the context of cloud computing.
- Automated firewall rule management and rule set optimization.
- Detection and resolution of policy anomalies in centralized and distributed firewall environments.
- Security challenges and protection models within cloud computing infrastructures.
- Integrity of network access control lists and conflict resolution in filter databases.
- Advancements in high-performance network routing and security configuration tools.
Excerpt from the Book
2) PROTECTION MODELS
The research community investigated the cyber attack prevention models heavily. Most of the work was focused on preventing such attacks by automating Firewall rules and also improving Access Control Lists on network infrastructure devices. Alshaer et al. [3] identified all anomalies that could exist in a single- or multi-firewall environment. They also presented a set of algorithms to detect rule anomalies within a single firewall (intra-firewall anomalies), and between inter-connected firewalls (inter-firewall anomalies) in the network. The authors also presented the Firewall Policy Advisor [22] which provides a number of techniques for purifying and protecting the firewall policy from rule anomalies. The administrator may use the firewall policy advisor to manage firewall policies without prior analysis of filtering rules. In this paper, they formally defined a number of firewall policy anomalies in both centralized and distributed firewalls and they proved that these are the only conflicts that could exist in firewall policies. Then they presented a set of algorithms to detect rule anomalies within a single firewall (intra firewall anomalies), and between inter-connected firewalls (inter-firewall anomalies) in the network.
Summary of Chapters
1) INTRODUCTION: This chapter outlines the paper's purpose in reviewing research efforts regarding network infrastructure protection, specifically focusing on firewall and intrusion detection systems alongside cloud computing security.
2) PROTECTION MODELS: This chapter details various research initiatives aimed at automating firewall rules, resolving policy anomalies, and optimizing access control lists for improved network security.
3) CONCLUSION: This chapter emphasizes the need for more reliable authentication and collaborative defense mechanisms to effectively address distributed threats like DDoS attacks.
Keywords
Network Security, Firewall, Intrusion Detection Systems, Cloud Computing, Access Control Lists, Policy Anomalies, Conflict Resolution, Cyber Attack Prevention, Network Infrastructure, Traffic Authentication, DDoS, Security Models, Rule Set Optimization.
Frequently Asked Questions
What is the primary focus of this paper?
The paper primarily surveys existing research and key efforts within the scientific community to prevent cyber attacks on network infrastructures, specifically through the use of firewall technologies and intrusion detection systems.
What are the main thematic areas covered?
The main themes include firewall policy management, the detection and resolution of rule anomalies, access control list optimization, and security models specific to cloud computing environments.
What is the main objective of this study?
The main objective is to consolidate findings from various researchers regarding security protection models, building upon the authors' previous work on network threats and attacks.
Which scientific methods are discussed?
The document discusses various algorithmic approaches, including policy anomaly detection algorithms, association rule mining for misconfiguration elimination, and geometric models for access control list minimization.
What topics are explored in the main body?
The main body reviews specific academic contributions related to firewall consistency, anomaly management frameworks like FAME, the TCAM Razor approach for rule compression, and various security models for cloud-based architectures.
How are the key terms for this research defined?
The research is characterized by terms such as firewall anomalies, policy optimization, intrusion detection, and network defense mechanisms, which form the core of the discussed literature.
What role do "resolve filters" play in conflict resolution?
According to the work cited, resolve filters are an architectural component used in algorithms to detect and resolve conflicts within a filter database, potentially eliminating security holes.
How does the paper address cloud computing security?
The paper examines security challenges in cloud environments, noting that while various models exist, there is a recurring need for more in-depth research on future security directions and technological implementation.
What is the significance of the "pushback mechanism" mentioned in the conclusion?
The pushback mechanism is highlighted as a potential solution for cooperative defense, where rate-limiting requests are sent to upstream routers to mitigate DDoS flooding attacks.
- Arbeit zitieren
- Santosh Malhotra (Autor:in), 2018, Survey on Network Protection Models, München, GRIN Verlag, https://www.grin.com/document/454913
