A QuantitativeStudy of FirewallConfiguration ErrorsAvishai Wool, Tel Aviv UnivPresented bySaurabh JainIntroduction The protection thatfirewalls provide is onlyas good as the policythey are configured toimplement. Corporate firewalls areoften enforcing rule setsthat violate wellestablished securityguidelines.Methodology Data collection – 37 Check point FireWall-1Rule sets. (out of hundreds of thousands) Could be biased towards badly configured.Rule-set Complexity RC = Rules + Objects + Interfaces(Interfaces – 1)/2 Rules:- No of rules implementing thepolicy. (contains sources, destinations,service objects) Can have more than one interfaces in onenetwork.Configuration Errors No stealth rule – From anywhere to thefirewall, with any service, DROP.Checkpoint implicit rules – DNS-TCP,DNS-UDP, TCMP-any to any.Insecure firewall management. Accessto the firewall over insecure,unencrypted, and poorly authenticatedprotocols—such as telnet, ftp, orx11—counted as errorConfiguration Errors..Too many management machines -Allowing management sessions frommore than five machines was countedas a configuration error.External management machines. Anerror was counted if machines outsidethe network’s perimeter could managethe firewall. Allowing any NetBIOS service to crossthe firewall in any direction counted asan error.Configuration Errors.. RPCs include theNetwork File Systemprotocol, whichpotentially exposesall the organization’sfile system.Zone-spanningobjects“Any” service oninbound rules.“Any” destination onoutbound rules.Results and AnalysisResults and AnalysisTake Away:- Small is beautifulTHANK
View Full Document