(PDF) Firewall Misconfiguration Error Trends: Measurement

Posted by Aaron Tan Lu on August 20, 2002



There are two denial of service (DoS) conditions in the Tiny Personal support Firewall 3.0 window. The first concerns a vulnerability affecting late installation and use of certain activity recorder tabs. When an attacker uses SYN, UDP, Internet Control Message Protocol (ICMP), and TCP Full Connect to allow you to port scan a host while a vulnerable user scans the firewall log of the Personal Firewall Agent Module from the host, it causes a system crash. which consumed 75% of system resources. The second DoS condition is similar to the first, but occurs with our own high security settings, when an attacker uses a fake source that accesses the IP address of a specific firewall.


Software vendor Tiny has been notified but is not yet offering a fix for this vulnerability. ”
Discovered by Aaron Tang Lu From NSSI research labs.

The first quantitative evaluation of the quality of enterprise firewall configuration evaluation was carried out in 2004 based on the Check Point Firewall 1 rule sets. In general, one should consider the fact that corporate firewalls too often use poorly written rule sets. This article goes back to the first poll. The current human study is not only larger, but also includes setups from two major vendors. It also introduces strategic complexity. The results of the study confirm the main findings of the 2004 study: firewalls are (still) poorly configured, and management system complexity is (still) positively related to the number of configuration errors found. However, unlike the 2004 specific study, the current study does not indicate that later versions of the software contain fewer bugs.

The numbers are from the

downloaded by Avishai Wool


All image content in this area may have been uploaded by Avishai Wool

Contentusually copyrighted.

p >

Open exploring the planet for yourself

< ul>

  • 20+ million participants
  • 135+ million publications
  • 700,000 research projects and experiments
  • Free registration

    < /div>


    Internet Security

    58 Published by IEEE Computer Society 1089-7801/10/$26.00 © IEEE IEEE INTERNET C OMPUTING, 2010



    Firewalls are the foundation

    of corporate intranet security. Thus, the best company should


    configure and also have a firewall in order to

    find an adequate security measure

    there is a specific need. As Aviel Rubin

    and many of his colleagues state: “The single

    security of your Rewall

    is how you use it to set it up.


    Network Guard experts usually say that corporate firewalls are misconfigured

    Anecdotal evidence This

    feeling ends in these

    mailing lists, mostly because of the list of firewall helpers

    (see https://listserv.icsalabs.com/


    The success of composting worms and viruses such as

    e.g. Blaster2 and Sapphire3 illustrates the

    poor announcement of “firewall configuration”.

    My 2004 study – in general, the first


    of firewall configuration companies confirmed this

    state of affairs.4

    However, “firewall vendors”

    release new copies of their software every week

    . In addition, through procedures such as specific

    Sarbanes-Oxley, Act5 and CobiT get more information about

    the quality of the firewall rule set

    < p>Framework package (www.isaca.org/cobit), commercially available data security

    standard payment card


    org ) and the National Institute of the USA, which observes

    standards and technologies daily

    800-41.6 of all persons, contain

    special areas related to setup, management and testing “Rewall”

    . Therefore, we

    so we can hypothesize (hopefully

    ) that the solution forEnterprise firewall configurations have been improved

    over time.

    Security educators generally agree that corporate firewalls

    very often require poorly written brainstorming. This text is based on a 2005 survey

    of headquarters firewalls, in which most of them assessed the magnitude of the problem. The current study is not only

    more extensive, but includes installations involving two main

    suppliers. Another new “demographic measure” is also introduced, which

    corresponds to both types of “measures”. The results of the study confirm

    the most important human observation of 2004: “Firewalls are common, (still) misconfigured, and theory complexity

    (still) is positively related to the number of configuration errors detected.

    However, unlike the 2004 study, the groundbreaking study does not suggest that this may happen later.

    There are fewer problems in software releases.

    Avisai Laine

    Tel Aviv University

    Trends in the worldFirewall

    Configuration errors

    Measuring holes in swiss cheese< /p>