Automated Firewall Rule Set Generation Through Passive Traffic Inspection
Principal Investigator: Georg-Christian Pranschke, BSc
Supervisor: Barry Irwin, MSc (CISSP)
Title: Automated Firewall Rule Set Generation Through Passive Traffic Inspection
ACM Classification System: C.2.0. Security and Protection
The overall progress of the project was presented to fellow students and departmental staff on the 4th of November 2009.
Screencasts were used to demonstrate the functionality of scylla(rule generator) and charybdis(traffic analyser).
| charybdis 1 | charybdis performing basic analysis |
| scylla 1 | opening a charybdis db with scylla |
| scylla 2 | investigating flows with scylla creating custom flows / filtering through SQL interface scripting scylla and the visualisation script the tetrix easter egg detecting synscans |
| charybdis 2 | using the bpf interface to create cross sections investigating these with wireshark |
| scylla 3 | exporting to fwbuilder network object file format selectively enabling flows choosing target fw solution and compiling rule sets |
The development of the proof of concept system has been frozen in anticipation of the upcomming final presentation.
The system is fully functioning and can be downloaded below:
| Scylla-0.4.3 | the rule generator |
| Charybdis-0.5.7 | the traffic analyser |
A poster giving an overview of the system was created and presented in the department.
Th project was presented at the SATNAC conference 2009.
The revised literature review is now available for download.
The project was accepted as a full paper for the ISSA conference 2009.
The project proposal serves as a guideline for the remainder of the research and implementation process.
The project proposal was presented to the staff and fellow post graduate students of the Computer Science Department, on the 3rd of March 2009.
I acknowledge the financial and technical support of this project by Telkom SA, Comverse, Tellabs, Stortech, Mars Technologies, Amatole Telecommunication Services, Bright Ideas Project 39, THRIP and the NRF through the Telkom Centre of Excellence in the Department of Computer Science at Rhodes University.