HSViz-II: Octet Layered Hierarchy Simplified Visualizations for Distributed Firewall Policy Analysis

Hyunjung Lee; Suryeon Lee; Kyounggon Kim; Huy Kang Kim

doi:10.1109/ACCESS.2023.3346922

IEEE Access (Jan 2024)

HSViz-II: Octet Layered Hierarchy Simplified Visualizations for Distributed Firewall Policy Analysis

Hyunjung Lee,
Suryeon Lee,
Kyounggon Kim,
Huy Kang Kim

Affiliations

Hyunjung Lee: ORCiD; Korea Securities Computer Corporation (KOSCOM), Seoul, South Korea
Suryeon Lee: Department of CyberSecurity, Seoul Women’s University, Nowon, South Korea
Kyounggon Kim: Center of Excellence in Cybercrime and Digital Forensics (CoECDF), Naif Arab University for Security Sciences, Riyadh, Saudi Arabia
Huy Kang Kim: ORCiD; School of Cybersecurity, Korea University, Seongbuk, South Korea

DOI: https://doi.org/10.1109/ACCESS.2023.3346922
Journal volume & issue: Vol. 12
pp. 936 – 948

Abstract

Read online

Enterprises typically install firewalls at communication points to their internal networks with the primary objective of protecting their core assets from external cyber attackers. This ensures unauthorized access is controlled and prevented. However, overly permissive policies and services with vulnerabilities can be exploited by attackers, providing them with pathways into internal systems. Therefore, firewall policies must be meticulously applied and managed. Given the significant ramifications of firewall policies, they must be continuously managed with high importance. As the number of policies increases and the amount of information to be processed grows, the process becomes complex, and there are limitations to managing policies from a human cognitive perspective. An increase in unmanaged misuse policies can inadvertently introduce security risks through unintended allowance policies. In the case of large-scale network networks operating multiple firewalls, a different form of misuse policy check and management is required compared to managing a single firewall policy. The proposed tool, HSViz-II, not only visualizes misuse of a single firewall policy but also visualizes four misuse cases in a distributed firewall environment, providing a detailed breakdown based on Octets. It displays the distribution of anomalous policies by dividing the Source IP into Octet Layers. For the four anomalous policy cases, it offers five views based on dividing the Source IP into Octet Layers and three overall views for upstream firewall, downstream firewall, and both, totaling 60 views. The processing speed for each function was measured using four sets of actual upstream and downstream firewall policies, comprising eight different firewall policies in total. Firewall operators can use this tool to grasp the distribution status of misuse policies in single and multiple firewalls and check the status of misuse policies by Octet. By offering a method for firewall operators to accurately find meaningful information, this paper proposes a firewall misuse policy visualization system in a distributed firewall environment to help reduce the risk of asset exposure to cyber threats for enterprises. HSViz-II tool can be found on the web site: https://youtu.be/jvR8ZY2uapQ

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords