Detecting firewall loopholes: human vs computer
Understanding firewall rules is time consuming, complicated and hard. The majority of people know how to turn their firewalls off, but do these people know exactly what it is they are doing or even why?
Probably not, nor could they be expected to.
Viral Maniar, APR.Intern and RMIT Masters student, spends his days deciphering the complexity of firewall rules. He undertook an internship at Biarri Networks — an innovative commercial mathematics company — to investigate new methods of visually representing firewalls.
Firewalls are built with a set of do or do not allow rules, usually concerning where a computer is connecting from and what it is trying to do. Two or three rules are easy to follow and understand, however sometimes a firewall might have to follow a thousand (sometimes even a million!) rules.
Finding patterns or irregularities becomes harder the more rules there are.
Visualisation tools help people to “see” the data. By clustering common connections and using colouring schemes in the visualisation, patterns that may be indicative of intrusions — such as the use of restricted communication protocols — can be clearly identified.
“Humans are much better at seeing some types of irregularities than computers,” Viral says. “Building a visualisation tool makes finding irregularities more interactive and aids in detecting security loopholes in some firewall rules.”
During his internship Viral developed a web application able to load different sets of firewall rules visually. Someone using this application is able to modify and filter how the rules appear (using colour schemes etc.) to discover if any loopholes or irregularities exist.
“Viral, Biarri and NBN Co used the tool to review a set of firewalls in use at NBN Co,” says Paul Kennedy, CEO Biarri Networks. “NBN Co are using the results to inform firewall management procedures.”
Viral has recently gained employment as a security analyst for a major consultancy and says having the internship experience under his belt made all the difference, “I learnt a lot about firewall security and firewall management and gained invaluable industry skills.”
Intern: Viral Maniar, RMIT University
Industry Partner: Paul Kennedy, CEO Biarri Networks
Academic Mentor: Assoc. Prof. Serdar Boztas, RMIT University