MSc: Optimisation of distributed firewalls

M.Sc. Thesis: Optimisation of distributed firewalls.

My postgrad studies concluded with a thesis covering error detection and optimisation of firewall rulesets. This was largely based around human errors when writing rulesets.

As with my undergraduate I, now, do not feel I was quite ready for the level I was studying at however doing the masters degree was the best decision I ever made as it pushed me to a new level unfortunately because of that I can't help but feel I am capable of a better standard of work.

Final Report

Literature (via CiteUlike.org)

Abstract


The growth of the Internet has established the importance of computer security and firewalls specifically have become a standard device in all computer networks. Firewalls work by filtering network traffic not authorised by an organisation such as defined by the terms of service or security policy. Network management is a complex process requiring multiple devices to work in cooperation and devices often require different configurations. As with other network devices maintenance of firewall configurations is a challenging task. Often configurations have been written by multiple system administrators and large organisations may have hundreds of complex rules. Writing firewall rules is a task that requires up most care so as to avoid causing anomalies due to misplaced or simply incorrect rules. This project aims to develop a tool that is capable of taking one or multiple rule sets, resolve any anomalies and distribute the rules to the appropriate firewall device. In order to achieve this objective, the system will require knowledge of the network topology such as the IP address of firewalls and attached domains. Then the system will be able to compare firewall rules and rule location against the network topology and redistribute rules to the appropriate firewalls. This project will aim to take a rule set for the entire network and assign rules to appropriate filtering device.