HSViz-II: Octet Layered Hierarchy Simplified Visualizations for Distributed Firewall Policy Analysis

Enterprises typically install firewalls at communication points to their internal networks with the primary objective of protecting their core assets from external cyber attackers. This ensures unauthorized access is controlled and prevented. However, overly permissive policies and services with vulnerabilities can be exploited by attackers, providing them with pathways into internal systems. Therefore, firewall policies must be meticulously applied and managed. Given the significant ramifications of firewall policies, they must be continuously managed with high importance. As the number of policies increases and the amount of information to be processed grows, the process becomes complex, and there are limitations to managing policies from a human cognitive perspective. An increase in unmanaged misuse policies can inadvertently introduce security risks through unintended allowance policies. In the case of large-scale network networks operating multiple firewalls, a different form of misuse policy check and management is required compared to managing a single firewall policy. The proposed tool, HSViz-II, not only visualizes misuse of a single firewall policy but also visualizes four misuse cases in a distributed firewall environment, providing a detailed breakdown based on Octets. It displays the distribution of anomalous policies by dividing the Source IP into Octet Layers. For the four anomalous policy cases, it offers five views based on dividing the Source IP into Octet Layers and three overall views for upstream firewall, downstream firewall, and both, totaling 60 views. The processing speed for each function was measured using four sets of actual upstream and downstream firewall policies, comprising eight different firewall policies in total. Firewall operators can use this tool to grasp the distribution status of misuse policies in single and multiple firewalls and check the status of misuse policies by Octet. By offering a method for firewall operators to accurately find meaningful information, this paper proposes a firewall misuse policy visualization system in a distributed firewall environment to help reduce the risk of asset exposure to cyber threats for enterprises. HSViz-II tool can be found on the web site: <uri>https://youtu.be/jvR8ZY2uapQ</uri>