Analysis of Firewall Policy Rules Using Traffic Mining Techniques
The firewall is usually the first line of defense in ensuring network security for an organization. However, the management of firewalls has proved to be complex, error-prone, and costly for many large-networks. Manually configured firewall rules can easily contain anomalies and mistakes. Even if the rules are anomaly-free, the presence of defects in the firewall implementation, or the firewall device, may prevent the organization from getting the desired effect. To evaluate the effectiveness of firewall policy and to validate that the firewall correctly implements the rules in the policy, a thorough analysis of network traffic data is required.