FirewallNetwork-techreport

FirewallNetwork-techreport - 1 A Firewall Network System...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: 1 A Firewall Network System for Worm Defense in Enterprise Networks Cliff C. Zou, Don Towsley, Weibo Gong { czou,gong } @ecs.umass.edu, towsley@cs.umass.edu Univ. Massachusetts, Amherst Technical Report: TR-04-CSE-01 Abstract From a security point of view, the Internet is too open. The central idea of a traditional firewall is to constrain service requests from the Internet to a local network. As an enterprise network becomes larger and more flexible, an Internet worm can easily find a way to enter it. Based on the defense-in-depth principle, we present a Firewall Network System for worm defense in an enterprise network that uses internal firewalls to divide the network into many isolated subnetworks. Computers in an enterprise network are classified as either clients or servers: all service requests sent to internal IP addresses of an enterprise network will be blocked by internal firewalls if they target non-server computers or servers that do not provide the corresponding service. In this way, the Firewall Network System removes most worm infection paths in an enterprise network, making worm detection much easier. All internal firewalls are designed to have the same set of firewall rules, which means the Firewall Network System is scalable and easily managed. In addition, we propose a five-level feedback worm defense strategy and present models of several worm defenses based on either active patching or quarantine. I. INTRODUCTION Computer worms are programs that self-propagate across a network exploiting security or policy flaws in widely-used services [3]. From a security point of view, the Internet is too open: without the presence of security devices such as firewalls, any computer in the Internet can directly contact any other computer so long as the target computer has a global routable IP address. Because of this openness, computer worms have become one of the major threats to the Internet. Since 2001, several widely-spread worms, Code Red [8], Nimda [6], SQL Slammer [4], and Blaster [7], have repeatedly spread across the Internet and caused substantial damage. Computer worms can spread throughout the Internet within hours, even minutes. For example, the SQL Slammer infected 90% of all vulnerable computers in the Internet within 10 minutes [4]. Such fast spreading worms motivate the need for an automatic worm defense system. However, building such a system in the global Internet is tremendously difficult due to the complexity of the Internet, the security and privacy issues in data sharing, and the cooperation required among all Internet communities. Hence, before we can build up such a global Internet worm defense system, there is a great need by organizations, especially enterprises, to first build up a worm defense system for their computer networks. In the following, we refer to the computer network of an organization as an enterprise network....
View Full Document

This note was uploaded on 08/25/2011 for the course EEL 5937 taught by Professor Staff during the Spring '08 term at University of Central Florida.

Page1 / 14

FirewallNetwork-techreport - 1 A Firewall Network System...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online