SlideShare una empresa de Scribd logo

Firewall Rule Review and Modelling

Descargar como PPTX, PDF
Marc Ruef
Marc Ruef

This talk is discussing the idea, approach and possibilities of firewall rule reviews. These identify incorrect and inefficient settings in current firewall settings.

Tecnología
1 de 28
Firewall Rule Modelling and Review Marc Ruef www.scip.ch SwiNOG 24 10. May 2012 Berne, Switzerland
Agenda | Firewall Rule Modelling and Review Intro Who? 1. Intro What? Modelling & Review Introduction 2 min Extract Who am I? 2 min Parse What is the Goal? 2 min Dissect 2. Firewall Rule Modelling and Review Review Additional Settings Extraction 4 min Routing Criticality Parsing 4 min Statistical Analysis Dissection 4 min Outro Review 10 min Summary Questions Additional Settings 10 min Routing Criticality 7 min Statistical Analysis 5 min 3. Outro Summary 2 min Questions 5 min SwiNOG 24 2/28
Introduction | Who am I? Intro Who? What? Name Marc Ruef Modelling & Review Job Co-Owner / CTO, scip AG, Zürich Extract Parse Private Website http://www.computec.ch Dissect Last Book „The Art of Penetration Testing“, Review Computer & Literatur Böblingen, Additional Settings Routing Criticality ISBN 3-936546-49-5 Statistical Analysis Outro Summary Questions Translation SwiNOG 24 3/28
Introduction | What is our Goal? Intro Who? What? ◦ A Firewall Rule Review shall determine Modelling & Review ◦ Insecure rules Extract ◦ Wrong rules Parse Dissect ◦ Inefficient rules Review ◦ Obsolete rules Additional Settings Routing Criticality ◦ I will show Statistical Analysis ◦ Approaches Outro ◦ Our methodology Summary Questions ◦ Possibilities SwiNOG 24 4/28
Introduction | Approach Intro Who? What? ◦ Extract firewall rules Modelling & Review ◦ Parse firewall rule sets Extract Parse ◦ Dissect Dissect ◦ Objects Review ◦ Services Additional Settings Routing Criticality ◦ Actions Statistical Analysis ◦ Relations Outro Summary ◦ Determine settings Questions ◦ Identify weaknesses SwiNOG 24 5/28
Introduction | Files vs. Screenshots Intro Who? What? ◦ We prefer exported files Modelling & Review ◦ Faster Extract ◦ More reliable Parse Dissect ◦ No GUI abstraction layer (better insight) Review ◦ Still, screenshots might support the analysis Additional Settings Routing Criticality ◦ Easier walkthrough («quickview») Statistical Analysis ◦ Visual enhancment of documentation Outro ◦ Verification of parsing (cross-check) Summary Questions ◦ Last hope (no export feature, quirky file format, ...) SwiNOG 24 6/28
Extraction | Get the Firewall Rulesets Intro Who? ◦ iptables What? ◦ Backup: /usr/sbin/iptables-save Modelling & Review ◦ Astaro Extract ◦ Export: /usr/local/bin/backup.plx Parse ◦ iptables: /usr/sbin/iptables-save Dissect ◦ Backup: Webadmin / Management / Backup/Restore Review ◦ Checkpoint Firewall-1 Additional Settings ◦ Copy: All files in %FWDIR%/conf/ (objects_5.C, rulebase.fws, *.W) Routing Criticality ◦ Export: cpdb2html/cpdb2web Statistical Analysis ◦ Cisco IOS/PIX/ASA Outro ◦ Backup: show mem, show conf Summary ◦ Citrix Netscaler Questions ◦ Backup: Copy file /nsconfig/ns.conf (via SCP) ◦ Juniper ◦ Backup: Admin / Update / Config / Copy&Paste ◦ Backup: request system configuration rescue save (via FTP) ◦ McAfee Web Gateway ◦ Backup: Configuration / File Management / Configuration Data / Download Configuration Backup ◦ ... SwiNOG 24 7/28
Parsing | Handle Ruleset Structure Intro Who? ◦ Apache Directives What? ◦ Apache Reverse Proxies Modelling & Review ◦ USP Secure Entry Server (Apache-based) Extract ◦ Arrays Parse ◦ Astaro (backup.plx) (alternative is with iptables) Dissect ◦ Checkpoint (files) (.C, .fws, .W) Review ◦ Fortigate Additional Settings ◦ Command-line Routing Criticality ◦ iptables Statistical Analysis ◦ Cisco IOS/PIX/ASA Outro ◦ Citrix Netscaler Summary ◦ INI Files Questions ◦ McAfee Web Gateway (base64 encapsulated in XML?!) ◦ SonicWALL (base64 encoded string) ◦ XML Files ◦ Airlock ◦ Clearswift MIMEsweeper ◦ Totemo TrustMail ◦ ... SwiNOG 24 8/28
Parsing | Access Firewall Rule Attributes (Cisco ASA Example) Intro Who? What? Modelling & Review Extract Parse Dissect Review Additional Settings Routing Criticality Statistical Analysis Outro Summary Questions
Parsing | Access Firewall Rule Attributes (Firewall-1 Example) Intro Who? What? Modelling & Review Extract Parse Dissect Review Additional Settings Routing Criticality Statistical Analysis Outro Summary Questions
Dissection | Access Rule Attributes Intro Who? What? ◦ A packet filter rule consists of at least: Modelling & Review ◦ Source Host/Net [10.0.0.0/8] Extract ◦ Source Port [>1023] Parse ◦ Destination Host/Net [192.168.0.10/32] Dissect ◦ Destination Port [80] Review Additional Settings ◦ Protocol [TCP] Routing Criticality ◦ Action [ALLOW] Statistical Analysis ◦ Additional rule attributes might be: Outro ◦ ID [42] Summary Questions ◦ Active [enabled] ◦ Timeframe [01/01/2012 – 12/31/2012] ◦ User [testuser2012] ◦ Logging [disabled] ◦ Priority (QoS) [bandwidth percent 30] ◦ ... SwiNOG 24 11/28
Dissection | Example Table Intro Who? Src Host Src Port Dst Host Dst Port Protocol Action What? Modelling & Review * >1023 192.168.0.10 80 (http) TCP ALLOW Extract /32 Parse 10.0.0.0/8 >1023 * 80 (http) TCP ALLOW Dissect Review ... Additional Settings Routing Criticality Statistical Analysis Outro Summary Questions SwiNOG 24 12/28
Review | Weaknesses Checklist (1/2) Intro Who? What? ◦ Allow Rules Modelling & Review ◦ ANY rules Extract ◦ Bi-directional rules Parse Dissect ◦ Broad definition of zones or port ranges Review ◦ Mash-up of objects Additional Settings Routing Criticality ◦ Blacklisted traffic (false-negatives) Statistical Analysis ◦ DROP-ALL rule missing Outro ◦ Insecure Rules Summary Questions ◦ Insecure service used (e.g. telnet, ftp, snmp) ◦ Overlapping objects ◦ Nested objects SwiNOG 24 13/28
Review | Weaknesses Checklist (2/2) Intro Who? What? ◦ Obsolete Rules Modelling & Review ◦ Inactive objects Extract ◦ Temporary rules Parse Dissect ◦ Test rules Review ◦ Obsolete rules Additional Settings Routing Criticality ◦ Documentation Missing Statistical Analysis ◦ No comment/description Outro ◦ Whitelisted traffic (reasoning missing) Summary Questions ◦ Logging not enabled ◦ Lockdown missing ◦ Lockdown rules missing ◦ Stealth rules missing ◦ DENY instead of DROP SwiNOG 24 14/28
Review | Example Report Table (Findings) Intro Who? Src Host Src Port Dst Host Dst Port Protocol Action What? Modelling & Review * >1023 192.168.0.10 80 TCP ALLOW Extract /32 Parse * * 192.168.0.10 23 TCP ALLOW Dissect [ANY Rule] /32 [Insecure] Review 10.0.0.0/8 >1023 * 80 TCP ALLOW Additional Settings 192.168.0.10 1024-50000 10.0.0.0/8 22,902,8443 TCP ALLOW Routing Criticality /24 [Inadequate] [Mash-Up] Statistical Analysis * * 192.168.0.10 3389 TCP ALLOW Outro [ANY Rule] [ANY Rule] /24 Summary 10.0.0.0/8 0 * 0,8 ICMP ALLOW Questions [ANY Rule] [Insecure] ... SwiNOG 24 15/28
Review | Example Report Table (Measures) Intro Who? Src Host Src Port Dst Host Dst Port Protocol Action What? Modelling & Review * >1023 192.168.0.10 80 TCP ALLOW Extract /32 Parse * * 192.168.0.10 23 TCP ALLOW Dissect → >1023 /32 → 22 Review 10.0.0.0/8 >1023 * 80 TCP ALLOW Additional Settings 192.168.0.10 1024-50000 10.0.0.0/8 22,902,8443 TCP ALLOW Routing Criticality /24 → >1023 → 22|902|... Statistical Analysis * * 192.168.0.10 3389 TCP ALLOW Outro → x.x.x.110 → >1023 /24 Summary 10.0.0.0/8 0 * 0,8 ICMP ALLOW Questions → 192.168. → «Risk 0.10/24 Accepted» ... SwiNOG 24 16/28
Review | Automated Analysis (Video) Intro Who? What? ◦ Go to Modelling & Review http://www.youtube.com/watch?v=P62Z4vqX5nA Extract Parse Dissect Review Additional Settings Routing Criticality Statistical Analysis Outro Summary Questions SwiNOG 24 17/28
Additional Settings | Global Settings Intro Who? What? ◦ Some FWs, especially proxies, introduce additional Modelling & Review (global) settings, which might affect the rules. Example Extract McAfee Web Gateway: Parse ◦ Antivirus Dissect ◦ Enabled [1=enabled] Review ◦ HeuristicWWScan [0=disabled] Additional Settings ◦ AutoUpdate [0=disabled] Routing Criticality ◦ Caching Statistical Analysis ◦ Enabled [1=enabled] Outro ◦ CacheSize [536870912] Summary ◦ MaxObjectSize [8192] Questions ◦ HTTP Proxy Settings ◦ Enabled [1=enabled] ◦ AddViaHeader [1=enabled] ◦ ClientIpHeader ['X-Forwarded-For'] ◦ ... SwiNOG 24 18/28
Additional Settings | Example Report Table Intro Who? ID Setting Value Recommend Risk What? Modelling & Review ... Extract Parse 1427 CheckFileSignatures 0 1 (=enabled) Medium Dissect 1428 ChecksumMismatchWeb 'Replace and 'Replace and Passed Review Quarantine' Quarantine' Additional Settings 1429 EmbdJavaAppletWeb 'Allow' 'Block' Medium Routing Criticality Statistical Analysis 1430 ExpiredContentWeb 'Block' 'Block' Passed Outro Summary 1431 JavaScriptWeb 'Allow' 'Block' Low Questions 1432 MacroWeb 'Replace document 'Block Document„ Passed and Quarantine' (strict approach) 1433 UnsignedEXEWeb 'Allow' 'Block' High ... SwiNOG 24 19/28
Routing Criticality | CVSSv2 Overview Intro Who? What? Modelling & Review Extract Parse Dissect Review Additional Settings Routing Criticality Statistical Analysis Outro Summary Questions
Routing Criticality | Weight Indexing (Example) Description Source Destination Port AV AC Au CI II AI Score External Web to Web Server Internet DMZ t80 N L N N C C 9.4 External Web for Internal Clients (in) LAN Internet t80 N M N C C C 9.3 External Web to Customer Site Internet DMZ t443 N L S C C C 9.0 Intro External Mail to Public Mail Server Internet DMZ t110 N M S C C Who? C 8.5 What? External Remote Access to Servers Internet DMZ t22 N M S C C C 8.5 Modelling & Review Extract Internal Access to DNS Servers LAN DMZ u53 L L N C C C 7.2 Parse Intranet Access for Internal Clients LAN DMZ t80 L L N P Dissect C C 6.8 Review External Web for Internal Clients (out) LAN Internet t80 L L S C C C 6.8 Additional Settings Routing Criticality Internal Remote Access to Servers LAN DMZ t3389 L M S P C P 5.5 Statistical Analysis Outro Internal ICMP Echo for Servers DMZ Internet i0,8 L M S P P C 5.5 Summary Questions
Statistical Analysis | Findings per Projects (Last 11 Projects) Intro Who? What? Modelling & Review Extract Parse Dissect Review Additional Settings Routing Criticality Statistical Analysis Outro Summary Questions
Statistical Analysis | Top Findings (Median Last 11 Projects) Intro Who? What? Modelling & Review Extract Parse Dissect Review Additional Settings Routing Criticality Statistical Analysis Outro Summary Questions
Statistical Analysis | Reasons for Risks Intro Who? What? ◦ There are several possible reasons, why FWs are Modelling & Review not configured in the most secure way: Extract ◦ Mistakes (wrong click, wrong copy&paste, …) Parse Dissect ◦ Forgotten/Laziness (“I will improve that later…”) Review ◦ Misinformation (vendor suggests ports 10000-50000) Additional Settings ◦ Misunderstanding (technical, conceptual) Routing Criticality Statistical Analysis ◦ Unknown features (hidden settings) Outro ◦ Technical failure (e.g. broken backup import) Summary Questions SwiNOG 24 24/28
Outro | Summary Intro Who? What? ◦ Firewall Rule Reviews help to determine weaknesses in Modelling & Review firewall rulesets. Extract ◦ The extraction, parsing and dissection of a ruleset allows Parse to do the analysis. Dissect Review ◦ Common weaknesses are broad definition of objects, Additional Settings overlapping rules and unsafe protocols. Routing Criticality Statistical Analysis Outro Summary Questions SwiNOG 24 25/28
Outro | Literature Intro Who? What? ◦ Firewall Rule Parsing am Beispiel von SonicWALL, Modelling & Review http://www.scip.ch/?labs.20110113 Extract ◦ Common Vulnerability Scoring System und seine Parse Dissect Probleme, http://www.scip.ch/?labs.20101209 Review Additional Settings Routing Criticality Statistical Analysis Outro Summary Questions These slides and additional details will be published at http://www.scip.ch/?labs SwiNOG 24 26/28
Outro | Questions Intro Who? What? Modelling & Review Extract Parse Dissect Review Additional Settings Routing Criticality Statistical Analysis Outro Summary Questions SwiNOG 24 27/28
Security is our Business! Intro Who? What? scip AG Modelling & Review Badenerstrasse 551 Extract CH-8048 Zürich Parse Dissect Review Tel +41 44 404 13 13 Additional Settings Fax +41 44 404 13 14 Routing Criticality Statistical Analysis Mail info@scip.ch Outro Web http://www.scip.ch Summary Twitter http://twitter.com/scipag Questions  Strategy | Consulting  Auditing | Testing  Forensics | Analysis SwiNOG 24 28/28

Recomendados

ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
STEG Company Introduction
STEG Company IntroductionSTEG Company Introduction
STEG Company Introduction에스티이지 (STEG)
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdfControlCase
 
ISO 27005:2022 Overview 221028.pdf
ISO 27005:2022 Overview 221028.pdfISO 27005:2022 Overview 221028.pdf
ISO 27005:2022 Overview 221028.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowPECB
 
Automating Incident Response and Forensics in AWS
Automating Incident Response and Forensics in AWSAutomating Incident Response and Forensics in AWS
Automating Incident Response and Forensics in AWSAmazon Web Services
 
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | EdurekaTop 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | EdurekaEdureka!
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My OrganisationVigilant Software
 

Recomendados

ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
STEG Company Introduction
STEG Company IntroductionSTEG Company Introduction
STEG Company Introduction에스티이지 (STEG)
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdfControlCase
 
ISO 27005:2022 Overview 221028.pdf
ISO 27005:2022 Overview 221028.pdfISO 27005:2022 Overview 221028.pdf
ISO 27005:2022 Overview 221028.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowPECB
 
Automating Incident Response and Forensics in AWS
Automating Incident Response and Forensics in AWSAutomating Incident Response and Forensics in AWS
Automating Incident Response and Forensics in AWSAmazon Web Services
 
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | EdurekaTop 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | EdurekaEdureka!
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My OrganisationVigilant Software
 
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowPECB
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewMichael Furman
 
Next Generation War: EDR vs RED TEAM
Next Generation War: EDR vs RED TEAMNext Generation War: EDR vs RED TEAM
Next Generation War: EDR vs RED TEAMBGA Cyber Security
 
Fortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxFortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxArianeSpano
 
Itil,cobit and ıso27001
Itil,cobit and ıso27001Itil,cobit and ıso27001
Itil,cobit and ıso27001Burcu Pelin TELLİ
 
ISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Snort
SnortSnort
SnortFadwa Gmiden
 
HashMapとは?
HashMapとは?HashMapとは?
HashMapとは?Trash Briefing ,Ltd
 
27001.pptx
27001.pptx27001.pptx
27001.pptxAvniJain836319
 
Database auditing essentials
Database auditing essentialsDatabase auditing essentials
Database auditing essentialsCraig Mullins
 
MindMap - Forensics Windows Registry Cheat Sheet
MindMap - Forensics Windows Registry Cheat SheetMindMap - Forensics Windows Registry Cheat Sheet
MindMap - Forensics Windows Registry Cheat SheetJuan F. Padilla
 
賣 K8s 的人不敢告訴你的事 (Secrets that K8s vendors won't tell you)
賣 K8s 的人不敢告訴你的事 (Secrets that K8s vendors won't tell you)賣 K8s 的人不敢告訴你的事 (Secrets that K8s vendors won't tell you)
賣 K8s 的人不敢告訴你的事 (Secrets that K8s vendors won't tell you)William Yeh
 
Web security uploadv1
Web security uploadv1Web security uploadv1
Web security uploadv1Setia Juli Irzal Ismail
 
Information Technology Control and Audit.pdf
Information Technology Control and Audit.pdfInformation Technology Control and Audit.pdf
Information Technology Control and Audit.pdfMaicolcastellanos2
 
Комплект документов по ISO 27001-2013
Комплект документов по ISO 27001-2013Комплект документов по ISO 27001-2013
Комплект документов по ISO 27001-2013Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkTuan Phan
 
Any Standard is Better Than None: GDPR and the ISO Standards
Any Standard is Better Than None: GDPR and the ISO StandardsAny Standard is Better Than None: GDPR and the ISO Standards
Any Standard is Better Than None: GDPR and the ISO StandardsPECB
 
Information Security It's All About Compliance
Information Security It's All About ComplianceInformation Security It's All About Compliance
Information Security It's All About ComplianceDinesh O Bareja
 
ISO Survey 2021: ISO 27001.pdf
ISO Survey 2021: ISO 27001.pdfISO Survey 2021: ISO 27001.pdf
ISO Survey 2021: ISO 27001.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Plano estratégico de segurança da informação
Plano estratégico de segurança da informação Plano estratégico de segurança da informação
Plano estratégico de segurança da informação Módulo Security Solutions
 
Detecting and Resolving Firewall Policy Anomalies
Detecting and Resolving Firewall Policy AnomaliesDetecting and Resolving Firewall Policy Anomalies
Detecting and Resolving Firewall Policy AnomaliesAli Habeeb
 
Firewall Analyzer 8.2 - Firewall Policy Optimization Reports
Firewall Analyzer 8.2 - Firewall Policy Optimization ReportsFirewall Analyzer 8.2 - Firewall Policy Optimization Reports
Firewall Analyzer 8.2 - Firewall Policy Optimization ReportsManageEngine Firewall Analyzer
 

Más contenido relacionado

La actualidad más candente

ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowPECB
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewMichael Furman
 
Next Generation War: EDR vs RED TEAM
Next Generation War: EDR vs RED TEAMNext Generation War: EDR vs RED TEAM
Next Generation War: EDR vs RED TEAMBGA Cyber Security
 
Fortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxFortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxArianeSpano
 
Database auditing essentials
Database auditing essentialsDatabase auditing essentials
Database auditing essentialsCraig Mullins
 
MindMap - Forensics Windows Registry Cheat Sheet
MindMap - Forensics Windows Registry Cheat SheetMindMap - Forensics Windows Registry Cheat Sheet
MindMap - Forensics Windows Registry Cheat SheetJuan F. Padilla
 
賣 K8s 的人不敢告訴你的事 (Secrets that K8s vendors won't tell you)
賣 K8s 的人不敢告訴你的事 (Secrets that K8s vendors won't tell you)賣 K8s 的人不敢告訴你的事 (Secrets that K8s vendors won't tell you)
賣 K8s 的人不敢告訴你的事 (Secrets that K8s vendors won't tell you)William Yeh
 
Information Technology Control and Audit.pdf
Information Technology Control and Audit.pdfInformation Technology Control and Audit.pdf
Information Technology Control and Audit.pdfMaicolcastellanos2
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkTuan Phan
 
Any Standard is Better Than None: GDPR and the ISO Standards
Any Standard is Better Than None: GDPR and the ISO StandardsAny Standard is Better Than None: GDPR and the ISO Standards
Any Standard is Better Than None: GDPR and the ISO StandardsPECB
 
Information Security It's All About Compliance
Information Security It's All About ComplianceInformation Security It's All About Compliance
Information Security It's All About ComplianceDinesh O Bareja
 
Plano estratégico de segurança da informação
Plano estratégico de segurança da informação Plano estratégico de segurança da informação
Plano estratégico de segurança da informação Módulo Security Solutions
 

La actualidad más candente (20)

ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's New
 
Next Generation War: EDR vs RED TEAM
Next Generation War: EDR vs RED TEAMNext Generation War: EDR vs RED TEAM
Next Generation War: EDR vs RED TEAM
 
Fortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxFortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptx
 
Itil,cobit and ıso27001
Itil,cobit and ıso27001Itil,cobit and ıso27001
Itil,cobit and ıso27001
 
ISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdf
 
Snort
SnortSnort
Snort
 
HashMapとは?
HashMapとは?HashMapとは?
HashMapとは?
 
27001.pptx
27001.pptx27001.pptx
27001.pptx
 
Database auditing essentials
Database auditing essentialsDatabase auditing essentials
Database auditing essentials
 
MindMap - Forensics Windows Registry Cheat Sheet
MindMap - Forensics Windows Registry Cheat SheetMindMap - Forensics Windows Registry Cheat Sheet
MindMap - Forensics Windows Registry Cheat Sheet
 
賣 K8s 的人不敢告訴你的事 (Secrets that K8s vendors won't tell you)
賣 K8s 的人不敢告訴你的事 (Secrets that K8s vendors won't tell you)賣 K8s 的人不敢告訴你的事 (Secrets that K8s vendors won't tell you)
賣 K8s 的人不敢告訴你的事 (Secrets that K8s vendors won't tell you)
 
Web security uploadv1
Web security uploadv1Web security uploadv1
Web security uploadv1
 
Information Technology Control and Audit.pdf
Information Technology Control and Audit.pdfInformation Technology Control and Audit.pdf
Information Technology Control and Audit.pdf
 
Комплект документов по ISO 27001-2013
Комплект документов по ISO 27001-2013Комплект документов по ISO 27001-2013
Комплект документов по ISO 27001-2013
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity Framework
 
Any Standard is Better Than None: GDPR and the ISO Standards
Any Standard is Better Than None: GDPR and the ISO StandardsAny Standard is Better Than None: GDPR and the ISO Standards
Any Standard is Better Than None: GDPR and the ISO Standards
 
Information Security It's All About Compliance
Information Security It's All About ComplianceInformation Security It's All About Compliance
Information Security It's All About Compliance
 
ISO Survey 2021: ISO 27001.pdf
ISO Survey 2021: ISO 27001.pdfISO Survey 2021: ISO 27001.pdf
ISO Survey 2021: ISO 27001.pdf
 
Plano estratégico de segurança da informação
Plano estratégico de segurança da informação Plano estratégico de segurança da informação
Plano estratégico de segurança da informação
 

Destacado

Detecting and Resolving Firewall Policy Anomalies
Detecting and Resolving Firewall Policy AnomaliesDetecting and Resolving Firewall Policy Anomalies
Detecting and Resolving Firewall Policy AnomaliesAli Habeeb
 
Firewall Analyzer 8.2 - Firewall Policy Optimization Reports
Firewall Analyzer 8.2 - Firewall Policy Optimization ReportsFirewall Analyzer 8.2 - Firewall Policy Optimization Reports
Firewall Analyzer 8.2 - Firewall Policy Optimization ReportsManageEngine Firewall Analyzer
 
表演藝術9900084
表演藝術9900084表演藝術9900084
表演藝術9900084郁芳 簡
 
Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)
Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)
Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)Jordi Cabot
 
5 Under-utilized PCI Requirements and how you can leverage them
5 Under-utilized PCI Requirements and how you can leverage them5 Under-utilized PCI Requirements and how you can leverage them
5 Under-utilized PCI Requirements and how you can leverage themPraveen Vackayil
 
Ch10 Firewall it-slideshares.blogspot.com
Ch10 Firewall it-slideshares.blogspot.comCh10 Firewall it-slideshares.blogspot.com
Ch10 Firewall it-slideshares.blogspot.comphanleson
 
Basic of ip subnet and addressing
Basic of ip subnet and addressingBasic of ip subnet and addressing
Basic of ip subnet and addressingrahul_cuet
 
Continuous Time Analog Systems
Continuous Time Analog SystemsContinuous Time Analog Systems
Continuous Time Analog SystemsAranya Sarkar
 
2014 nat test_admin_guidelines
2014 nat test_admin_guidelines2014 nat test_admin_guidelines
2014 nat test_admin_guidelinesFebby Kirstin
 
How to Audit Firewall, what are the standard Practices for Firewall Audit
How to Audit Firewall, what are the standard Practices for Firewall AuditHow to Audit Firewall, what are the standard Practices for Firewall Audit
How to Audit Firewall, what are the standard Practices for Firewall Auditkeyuradmin
 
Design of FIR Filters
Design of FIR FiltersDesign of FIR Filters
Design of FIR FiltersAranya Sarkar
 
Network address translation
Network address translationNetwork address translation
Network address translationVarsha Honde
 
Internet Access Via Cable Network
Internet Access Via Cable NetworkInternet Access Via Cable Network
Internet Access Via Cable NetworkSonal Patil
 
The optimization and implementation of iptables rules set
The optimization and implementation of iptables rules setThe optimization and implementation of iptables rules set
The optimization and implementation of iptables rules setPOOJA MEHTA
 

Destacado (20)

Detecting and Resolving Firewall Policy Anomalies
Detecting and Resolving Firewall Policy AnomaliesDetecting and Resolving Firewall Policy Anomalies
Detecting and Resolving Firewall Policy Anomalies
 
Firewall Analyzer 8.2 - Firewall Policy Optimization Reports
Firewall Analyzer 8.2 - Firewall Policy Optimization ReportsFirewall Analyzer 8.2 - Firewall Policy Optimization Reports
Firewall Analyzer 8.2 - Firewall Policy Optimization Reports
 
表演藝術9900084
表演藝術9900084表演藝術9900084
表演藝術9900084
 
Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)
Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)
Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)
 
5 Under-utilized PCI Requirements and how you can leverage them
5 Under-utilized PCI Requirements and how you can leverage them5 Under-utilized PCI Requirements and how you can leverage them
5 Under-utilized PCI Requirements and how you can leverage them
 
四人戰隊
四人戰隊四人戰隊
四人戰隊
 
Ch10 Firewall it-slideshares.blogspot.com
Ch10 Firewall it-slideshares.blogspot.comCh10 Firewall it-slideshares.blogspot.com
Ch10 Firewall it-slideshares.blogspot.com
 
Basic of ip subnet and addressing
Basic of ip subnet and addressingBasic of ip subnet and addressing
Basic of ip subnet and addressing
 
Continuous Time Analog Systems
Continuous Time Analog SystemsContinuous Time Analog Systems
Continuous Time Analog Systems
 
Web Crawling & Crawler
Web Crawling & CrawlerWeb Crawling & Crawler
Web Crawling & Crawler
 
2014 nat test_admin_guidelines
2014 nat test_admin_guidelines2014 nat test_admin_guidelines
2014 nat test_admin_guidelines
 
How to Audit Firewall, what are the standard Practices for Firewall Audit
How to Audit Firewall, what are the standard Practices for Firewall AuditHow to Audit Firewall, what are the standard Practices for Firewall Audit
How to Audit Firewall, what are the standard Practices for Firewall Audit
 
Design of FIR Filters
Design of FIR FiltersDesign of FIR Filters
Design of FIR Filters
 
Firewall girija ppt
Firewall girija pptFirewall girija ppt
Firewall girija ppt
 
Network security
Network security Network security
Network security
 
Firewall Essentials
Firewall EssentialsFirewall Essentials
Firewall Essentials
 
Network address translation
Network address translationNetwork address translation
Network address translation
 
Internet Access Via Cable Network
Internet Access Via Cable NetworkInternet Access Via Cable Network
Internet Access Via Cable Network
 
The optimization and implementation of iptables rules set
The optimization and implementation of iptables rules setThe optimization and implementation of iptables rules set
The optimization and implementation of iptables rules set
 
Firewall
Firewall Firewall
Firewall
 

Similar a Firewall Rule Review and Modelling

BABOK 2 Tasks & Techniques
BABOK 2 Tasks & TechniquesBABOK 2 Tasks & Techniques
BABOK 2 Tasks & TechniquesCBAP Master
 
Advanced Project Analysis and Project Benchmarking with Acumen Cloud™
Advanced Project Analysis and Project Benchmarking with Acumen Cloud™Advanced Project Analysis and Project Benchmarking with Acumen Cloud™
Advanced Project Analysis and Project Benchmarking with Acumen Cloud™Acumen
 
Baf -module_1_-_updated_q32010
Baf -module_1_-_updated_q32010Baf -module_1_-_updated_q32010
Baf -module_1_-_updated_q32010KinzaNSaeed
 
NG BB 02 Table of Contents
NG BB 02 Table of ContentsNG BB 02 Table of Contents
NG BB 02 Table of ContentsLeanleaders.org
 
Chapter 1 ASE Slides ppt
Chapter 1 ASE Slides pptChapter 1 ASE Slides ppt
Chapter 1 ASE Slides pptMr SMAK
 
Calgary Breakfast Seminar: Predict and Influence Project Success
Calgary Breakfast Seminar: Predict and Influence Project SuccessCalgary Breakfast Seminar: Predict and Influence Project Success
Calgary Breakfast Seminar: Predict and Influence Project SuccessAcumen
 
Substructrual surrogates for learning decomposable classification problems: i...
Substructrual surrogates for learning decomposable classification problems: i...Substructrual surrogates for learning decomposable classification problems: i...
Substructrual surrogates for learning decomposable classification problems: i...kknsastry
 
My Presentation
My PresentationMy Presentation
My Presentationjunowedd
 
A platform for the decision support studio
A platform for the decision support studioA platform for the decision support studio
A platform for the decision support studiojhjsmits
 
02 spc訓練教材
02 spc訓練教材02 spc訓練教材
02 spc訓練教材營松 林
 
NG BB 45 Quick Change Over
NG BB 45 Quick Change OverNG BB 45 Quick Change Over
NG BB 45 Quick Change OverLeanleaders.org
 
NG BB 45 Quick Change Over
NG BB 45 Quick Change OverNG BB 45 Quick Change Over
NG BB 45 Quick Change OverLeanleaders.org
 
Catalyst college-presentation
Catalyst college-presentationCatalyst college-presentation
Catalyst college-presentationVinodh Kombissan
 
Research design for Evaluation of Strongly Sustainability Business Model Onto...
Research design for Evaluation of Strongly Sustainability Business Model Onto...Research design for Evaluation of Strongly Sustainability Business Model Onto...
Research design for Evaluation of Strongly Sustainability Business Model Onto...Antony Upward
 
NG BB 39 IMPROVE Roadmap
NG BB 39 IMPROVE RoadmapNG BB 39 IMPROVE Roadmap
NG BB 39 IMPROVE RoadmapLeanleaders.org
 
NG BB 39 IMPROVE Roadmap
NG BB 39 IMPROVE RoadmapNG BB 39 IMPROVE Roadmap
NG BB 39 IMPROVE RoadmapLeanleaders.org
 

Similar a Firewall Rule Review and Modelling (20)

BABOK 2 Tasks & Techniques
BABOK 2 Tasks & TechniquesBABOK 2 Tasks & Techniques
BABOK 2 Tasks & Techniques
 
Advanced Project Analysis and Project Benchmarking with Acumen Cloud™
Advanced Project Analysis and Project Benchmarking with Acumen Cloud™Advanced Project Analysis and Project Benchmarking with Acumen Cloud™
Advanced Project Analysis and Project Benchmarking with Acumen Cloud™
 
Baf -module_1_-_updated_q32010
Baf -module_1_-_updated_q32010Baf -module_1_-_updated_q32010
Baf -module_1_-_updated_q32010
 
NG BB 02 Table of Contents
NG BB 02 Table of ContentsNG BB 02 Table of Contents
NG BB 02 Table of Contents
 
KW001
KW001KW001
KW001
 
Chapter 1 ASE Slides ppt
Chapter 1 ASE Slides pptChapter 1 ASE Slides ppt
Chapter 1 ASE Slides ppt
 
Calgary Breakfast Seminar: Predict and Influence Project Success
Calgary Breakfast Seminar: Predict and Influence Project SuccessCalgary Breakfast Seminar: Predict and Influence Project Success
Calgary Breakfast Seminar: Predict and Influence Project Success
 
Substructrual surrogates for learning decomposable classification problems: i...
Substructrual surrogates for learning decomposable classification problems: i...Substructrual surrogates for learning decomposable classification problems: i...
Substructrual surrogates for learning decomposable classification problems: i...
 
usability testingplanning
usability testingplanningusability testingplanning
usability testingplanning
 
My Presentation
My PresentationMy Presentation
My Presentation
 
A platform for the decision support studio
A platform for the decision support studioA platform for the decision support studio
A platform for the decision support studio
 
02 spc訓練教材
02 spc訓練教材02 spc訓練教材
02 spc訓練教材
 
NG BB 45 Quick Change Over
NG BB 45 Quick Change OverNG BB 45 Quick Change Over
NG BB 45 Quick Change Over
 
NG BB 45 Quick Change Over
NG BB 45 Quick Change OverNG BB 45 Quick Change Over
NG BB 45 Quick Change Over
 
Zander eng scd_final
Zander eng scd_finalZander eng scd_final
Zander eng scd_final
 
Catalyst college-presentation
Catalyst college-presentationCatalyst college-presentation
Catalyst college-presentation
 
Research design for Evaluation of Strongly Sustainability Business Model Onto...
Research design for Evaluation of Strongly Sustainability Business Model Onto...Research design for Evaluation of Strongly Sustainability Business Model Onto...
Research design for Evaluation of Strongly Sustainability Business Model Onto...
 
0471269832
04712698320471269832
0471269832
 
NG BB 39 IMPROVE Roadmap
NG BB 39 IMPROVE RoadmapNG BB 39 IMPROVE Roadmap
NG BB 39 IMPROVE Roadmap
 
NG BB 39 IMPROVE Roadmap
NG BB 39 IMPROVE RoadmapNG BB 39 IMPROVE Roadmap
NG BB 39 IMPROVE Roadmap
 

Más de Marc Ruef

Source Code Analyse - Ein praktikabler Ansatz
Source Code Analyse - Ein praktikabler AnsatzSource Code Analyse - Ein praktikabler Ansatz
Source Code Analyse - Ein praktikabler AnsatzMarc Ruef
 
Adventures in a Decade of Tracking and Consolidating Security Vulnerabilities
Adventures in a Decade of Tracking and Consolidating Security VulnerabilitiesAdventures in a Decade of Tracking and Consolidating Security Vulnerabilities
Adventures in a Decade of Tracking and Consolidating Security VulnerabilitiesMarc Ruef
 
Cloud Computing - Risiken und Massnahmen
Cloud Computing - Risiken und MassnahmenCloud Computing - Risiken und Massnahmen
Cloud Computing - Risiken und MassnahmenMarc Ruef
 
Code Plagiarism - Technical Detection and Legal Prosecution
Code Plagiarism - Technical Detection and Legal ProsecutionCode Plagiarism - Technical Detection and Legal Prosecution
Code Plagiarism - Technical Detection and Legal ProsecutionMarc Ruef
 
Einführung POLYCOM
Einführung POLYCOMEinführung POLYCOM
Einführung POLYCOMMarc Ruef
 
Lehrgang Computersicherheit
Lehrgang ComputersicherheitLehrgang Computersicherheit
Lehrgang ComputersicherheitMarc Ruef
 
Security Scanner Design am Beispiel von httprecon
Security Scanner Design am Beispiel von httpreconSecurity Scanner Design am Beispiel von httprecon
Security Scanner Design am Beispiel von httpreconMarc Ruef
 

Más de Marc Ruef (7)

Source Code Analyse - Ein praktikabler Ansatz
Source Code Analyse - Ein praktikabler AnsatzSource Code Analyse - Ein praktikabler Ansatz
Source Code Analyse - Ein praktikabler Ansatz
 
Adventures in a Decade of Tracking and Consolidating Security Vulnerabilities
Adventures in a Decade of Tracking and Consolidating Security VulnerabilitiesAdventures in a Decade of Tracking and Consolidating Security Vulnerabilities
Adventures in a Decade of Tracking and Consolidating Security Vulnerabilities
 
Cloud Computing - Risiken und Massnahmen
Cloud Computing - Risiken und MassnahmenCloud Computing - Risiken und Massnahmen
Cloud Computing - Risiken und Massnahmen
 
Code Plagiarism - Technical Detection and Legal Prosecution
Code Plagiarism - Technical Detection and Legal ProsecutionCode Plagiarism - Technical Detection and Legal Prosecution
Code Plagiarism - Technical Detection and Legal Prosecution
 
Einführung POLYCOM
Einführung POLYCOMEinführung POLYCOM
Einführung POLYCOM
 
Lehrgang Computersicherheit
Lehrgang ComputersicherheitLehrgang Computersicherheit
Lehrgang Computersicherheit
 
Security Scanner Design am Beispiel von httprecon
Security Scanner Design am Beispiel von httpreconSecurity Scanner Design am Beispiel von httprecon
Security Scanner Design am Beispiel von httprecon
 

Último

DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 

Último (20)

DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 

Firewall Rule Review and Modelling

  • 1. Firewall Rule Modelling and Review Marc Ruef www.scip.ch SwiNOG 24 10. May 2012 Berne, Switzerland
  • 2. Agenda | Firewall Rule Modelling and Review Intro Who? 1. Intro What? Modelling & Review Introduction 2 min Extract Who am I? 2 min Parse What is the Goal? 2 min Dissect 2. Firewall Rule Modelling and Review Review Additional Settings Extraction 4 min Routing Criticality Parsing 4 min Statistical Analysis Dissection 4 min Outro Review 10 min Summary Questions Additional Settings 10 min Routing Criticality 7 min Statistical Analysis 5 min 3. Outro Summary 2 min Questions 5 min SwiNOG 24 2/28
  • 3. Introduction | Who am I? Intro Who? What? Name Marc Ruef Modelling & Review Job Co-Owner / CTO, scip AG, Zürich Extract Parse Private Website http://www.computec.ch Dissect Last Book „The Art of Penetration Testing“, Review Computer & Literatur Böblingen, Additional Settings Routing Criticality ISBN 3-936546-49-5 Statistical Analysis Outro Summary Questions Translation SwiNOG 24 3/28
  • 4. Introduction | What is our Goal? Intro Who? What? ◦ A Firewall Rule Review shall determine Modelling & Review ◦ Insecure rules Extract ◦ Wrong rules Parse Dissect ◦ Inefficient rules Review ◦ Obsolete rules Additional Settings Routing Criticality ◦ I will show Statistical Analysis ◦ Approaches Outro ◦ Our methodology Summary Questions ◦ Possibilities SwiNOG 24 4/28
  • 5. Introduction | Approach Intro Who? What? ◦ Extract firewall rules Modelling & Review ◦ Parse firewall rule sets Extract Parse ◦ Dissect Dissect ◦ Objects Review ◦ Services Additional Settings Routing Criticality ◦ Actions Statistical Analysis ◦ Relations Outro Summary ◦ Determine settings Questions ◦ Identify weaknesses SwiNOG 24 5/28
  • 6. Introduction | Files vs. Screenshots Intro Who? What? ◦ We prefer exported files Modelling & Review ◦ Faster Extract ◦ More reliable Parse Dissect ◦ No GUI abstraction layer (better insight) Review ◦ Still, screenshots might support the analysis Additional Settings Routing Criticality ◦ Easier walkthrough («quickview») Statistical Analysis ◦ Visual enhancment of documentation Outro ◦ Verification of parsing (cross-check) Summary Questions ◦ Last hope (no export feature, quirky file format, ...) SwiNOG 24 6/28
  • 7. Extraction | Get the Firewall Rulesets Intro Who? ◦ iptables What? ◦ Backup: /usr/sbin/iptables-save Modelling & Review ◦ Astaro Extract ◦ Export: /usr/local/bin/backup.plx Parse ◦ iptables: /usr/sbin/iptables-save Dissect ◦ Backup: Webadmin / Management / Backup/Restore Review ◦ Checkpoint Firewall-1 Additional Settings ◦ Copy: All files in %FWDIR%/conf/ (objects_5.C, rulebase.fws, *.W) Routing Criticality ◦ Export: cpdb2html/cpdb2web Statistical Analysis ◦ Cisco IOS/PIX/ASA Outro ◦ Backup: show mem, show conf Summary ◦ Citrix Netscaler Questions ◦ Backup: Copy file /nsconfig/ns.conf (via SCP) ◦ Juniper ◦ Backup: Admin / Update / Config / Copy&Paste ◦ Backup: request system configuration rescue save (via FTP) ◦ McAfee Web Gateway ◦ Backup: Configuration / File Management / Configuration Data / Download Configuration Backup ◦ ... SwiNOG 24 7/28
  • 8. Parsing | Handle Ruleset Structure Intro Who? ◦ Apache Directives What? ◦ Apache Reverse Proxies Modelling & Review ◦ USP Secure Entry Server (Apache-based) Extract ◦ Arrays Parse ◦ Astaro (backup.plx) (alternative is with iptables) Dissect ◦ Checkpoint (files) (.C, .fws, .W) Review ◦ Fortigate Additional Settings ◦ Command-line Routing Criticality ◦ iptables Statistical Analysis ◦ Cisco IOS/PIX/ASA Outro ◦ Citrix Netscaler Summary ◦ INI Files Questions ◦ McAfee Web Gateway (base64 encapsulated in XML?!) ◦ SonicWALL (base64 encoded string) ◦ XML Files ◦ Airlock ◦ Clearswift MIMEsweeper ◦ Totemo TrustMail ◦ ... SwiNOG 24 8/28
  • 9. Parsing | Access Firewall Rule Attributes (Cisco ASA Example) Intro Who? What? Modelling & Review Extract Parse Dissect Review Additional Settings Routing Criticality Statistical Analysis Outro Summary Questions
  • 10. Parsing | Access Firewall Rule Attributes (Firewall-1 Example) Intro Who? What? Modelling & Review Extract Parse Dissect Review Additional Settings Routing Criticality Statistical Analysis Outro Summary Questions
  • 11. Dissection | Access Rule Attributes Intro Who? What? ◦ A packet filter rule consists of at least: Modelling & Review ◦ Source Host/Net [10.0.0.0/8] Extract ◦ Source Port [>1023] Parse ◦ Destination Host/Net [192.168.0.10/32] Dissect ◦ Destination Port [80] Review Additional Settings ◦ Protocol [TCP] Routing Criticality ◦ Action [ALLOW] Statistical Analysis ◦ Additional rule attributes might be: Outro ◦ ID [42] Summary Questions ◦ Active [enabled] ◦ Timeframe [01/01/2012 – 12/31/2012] ◦ User [testuser2012] ◦ Logging [disabled] ◦ Priority (QoS) [bandwidth percent 30] ◦ ... SwiNOG 24 11/28
  • 12. Dissection | Example Table Intro Who? Src Host Src Port Dst Host Dst Port Protocol Action What? Modelling & Review * >1023 192.168.0.10 80 (http) TCP ALLOW Extract /32 Parse 10.0.0.0/8 >1023 * 80 (http) TCP ALLOW Dissect Review ... Additional Settings Routing Criticality Statistical Analysis Outro Summary Questions SwiNOG 24 12/28
  • 13. Review | Weaknesses Checklist (1/2) Intro Who? What? ◦ Allow Rules Modelling & Review ◦ ANY rules Extract ◦ Bi-directional rules Parse Dissect ◦ Broad definition of zones or port ranges Review ◦ Mash-up of objects Additional Settings Routing Criticality ◦ Blacklisted traffic (false-negatives) Statistical Analysis ◦ DROP-ALL rule missing Outro ◦ Insecure Rules Summary Questions ◦ Insecure service used (e.g. telnet, ftp, snmp) ◦ Overlapping objects ◦ Nested objects SwiNOG 24 13/28
  • 14. Review | Weaknesses Checklist (2/2) Intro Who? What? ◦ Obsolete Rules Modelling & Review ◦ Inactive objects Extract ◦ Temporary rules Parse Dissect ◦ Test rules Review ◦ Obsolete rules Additional Settings Routing Criticality ◦ Documentation Missing Statistical Analysis ◦ No comment/description Outro ◦ Whitelisted traffic (reasoning missing) Summary Questions ◦ Logging not enabled ◦ Lockdown missing ◦ Lockdown rules missing ◦ Stealth rules missing ◦ DENY instead of DROP SwiNOG 24 14/28
  • 15. Review | Example Report Table (Findings) Intro Who? Src Host Src Port Dst Host Dst Port Protocol Action What? Modelling & Review * >1023 192.168.0.10 80 TCP ALLOW Extract /32 Parse * * 192.168.0.10 23 TCP ALLOW Dissect [ANY Rule] /32 [Insecure] Review 10.0.0.0/8 >1023 * 80 TCP ALLOW Additional Settings 192.168.0.10 1024-50000 10.0.0.0/8 22,902,8443 TCP ALLOW Routing Criticality /24 [Inadequate] [Mash-Up] Statistical Analysis * * 192.168.0.10 3389 TCP ALLOW Outro [ANY Rule] [ANY Rule] /24 Summary 10.0.0.0/8 0 * 0,8 ICMP ALLOW Questions [ANY Rule] [Insecure] ... SwiNOG 24 15/28
  • 16. Review | Example Report Table (Measures) Intro Who? Src Host Src Port Dst Host Dst Port Protocol Action What? Modelling & Review * >1023 192.168.0.10 80 TCP ALLOW Extract /32 Parse * * 192.168.0.10 23 TCP ALLOW Dissect → >1023 /32 → 22 Review 10.0.0.0/8 >1023 * 80 TCP ALLOW Additional Settings 192.168.0.10 1024-50000 10.0.0.0/8 22,902,8443 TCP ALLOW Routing Criticality /24 → >1023 → 22|902|... Statistical Analysis * * 192.168.0.10 3389 TCP ALLOW Outro → x.x.x.110 → >1023 /24 Summary 10.0.0.0/8 0 * 0,8 ICMP ALLOW Questions → 192.168. → «Risk 0.10/24 Accepted» ... SwiNOG 24 16/28
  • 17. Review | Automated Analysis (Video) Intro Who? What? ◦ Go to Modelling & Review http://www.youtube.com/watch?v=P62Z4vqX5nA Extract Parse Dissect Review Additional Settings Routing Criticality Statistical Analysis Outro Summary Questions SwiNOG 24 17/28
  • 18. Additional Settings | Global Settings Intro Who? What? ◦ Some FWs, especially proxies, introduce additional Modelling & Review (global) settings, which might affect the rules. Example Extract McAfee Web Gateway: Parse ◦ Antivirus Dissect ◦ Enabled [1=enabled] Review ◦ HeuristicWWScan [0=disabled] Additional Settings ◦ AutoUpdate [0=disabled] Routing Criticality ◦ Caching Statistical Analysis ◦ Enabled [1=enabled] Outro ◦ CacheSize [536870912] Summary ◦ MaxObjectSize [8192] Questions ◦ HTTP Proxy Settings ◦ Enabled [1=enabled] ◦ AddViaHeader [1=enabled] ◦ ClientIpHeader ['X-Forwarded-For'] ◦ ... SwiNOG 24 18/28
  • 19. Additional Settings | Example Report Table Intro Who? ID Setting Value Recommend Risk What? Modelling & Review ... Extract Parse 1427 CheckFileSignatures 0 1 (=enabled) Medium Dissect 1428 ChecksumMismatchWeb 'Replace and 'Replace and Passed Review Quarantine' Quarantine' Additional Settings 1429 EmbdJavaAppletWeb 'Allow' 'Block' Medium Routing Criticality Statistical Analysis 1430 ExpiredContentWeb 'Block' 'Block' Passed Outro Summary 1431 JavaScriptWeb 'Allow' 'Block' Low Questions 1432 MacroWeb 'Replace document 'Block Document„ Passed and Quarantine' (strict approach) 1433 UnsignedEXEWeb 'Allow' 'Block' High ... SwiNOG 24 19/28
  • 20. Routing Criticality | CVSSv2 Overview Intro Who? What? Modelling & Review Extract Parse Dissect Review Additional Settings Routing Criticality Statistical Analysis Outro Summary Questions
  • 21. Routing Criticality | Weight Indexing (Example) Description Source Destination Port AV AC Au CI II AI Score External Web to Web Server Internet DMZ t80 N L N N C C 9.4 External Web for Internal Clients (in) LAN Internet t80 N M N C C C 9.3 External Web to Customer Site Internet DMZ t443 N L S C C C 9.0 Intro External Mail to Public Mail Server Internet DMZ t110 N M S C C Who? C 8.5 What? External Remote Access to Servers Internet DMZ t22 N M S C C C 8.5 Modelling & Review Extract Internal Access to DNS Servers LAN DMZ u53 L L N C C C 7.2 Parse Intranet Access for Internal Clients LAN DMZ t80 L L N P Dissect C C 6.8 Review External Web for Internal Clients (out) LAN Internet t80 L L S C C C 6.8 Additional Settings Routing Criticality Internal Remote Access to Servers LAN DMZ t3389 L M S P C P 5.5 Statistical Analysis Outro Internal ICMP Echo for Servers DMZ Internet i0,8 L M S P P C 5.5 Summary Questions
  • 22. Statistical Analysis | Findings per Projects (Last 11 Projects) Intro Who? What? Modelling & Review Extract Parse Dissect Review Additional Settings Routing Criticality Statistical Analysis Outro Summary Questions
  • 23. Statistical Analysis | Top Findings (Median Last 11 Projects) Intro Who? What? Modelling & Review Extract Parse Dissect Review Additional Settings Routing Criticality Statistical Analysis Outro Summary Questions
  • 24. Statistical Analysis | Reasons for Risks Intro Who? What? ◦ There are several possible reasons, why FWs are Modelling & Review not configured in the most secure way: Extract ◦ Mistakes (wrong click, wrong copy&paste, …) Parse Dissect ◦ Forgotten/Laziness (“I will improve that later…”) Review ◦ Misinformation (vendor suggests ports 10000-50000) Additional Settings ◦ Misunderstanding (technical, conceptual) Routing Criticality Statistical Analysis ◦ Unknown features (hidden settings) Outro ◦ Technical failure (e.g. broken backup import) Summary Questions SwiNOG 24 24/28
  • 25. Outro | Summary Intro Who? What? ◦ Firewall Rule Reviews help to determine weaknesses in Modelling & Review firewall rulesets. Extract ◦ The extraction, parsing and dissection of a ruleset allows Parse to do the analysis. Dissect Review ◦ Common weaknesses are broad definition of objects, Additional Settings overlapping rules and unsafe protocols. Routing Criticality Statistical Analysis Outro Summary Questions SwiNOG 24 25/28
  • 26. Outro | Literature Intro Who? What? ◦ Firewall Rule Parsing am Beispiel von SonicWALL, Modelling & Review http://www.scip.ch/?labs.20110113 Extract ◦ Common Vulnerability Scoring System und seine Parse Dissect Probleme, http://www.scip.ch/?labs.20101209 Review Additional Settings Routing Criticality Statistical Analysis Outro Summary Questions These slides and additional details will be published at http://www.scip.ch/?labs SwiNOG 24 26/28
  • 27. Outro | Questions Intro Who? What? Modelling & Review Extract Parse Dissect Review Additional Settings Routing Criticality Statistical Analysis Outro Summary Questions SwiNOG 24 27/28
  • 28. Security is our Business! Intro Who? What? scip AG Modelling & Review Badenerstrasse 551 Extract CH-8048 Zürich Parse Dissect Review Tel +41 44 404 13 13 Additional Settings Fax +41 44 404 13 14 Routing Criticality Statistical Analysis Mail info@scip.ch Outro Web http://www.scip.ch Summary Twitter http://twitter.com/scipag Questions  Strategy | Consulting  Auditing | Testing  Forensics | Analysis SwiNOG 24 28/28