YENİ BİR AĞ GÜVENLİĞİ YAKLAŞIMI: DİNAMİK ZEKİ GÜVENLİK DUVARI MİMARİSİ
Yıl 2014,
, 0 - , 31.12.2014
O. Ayhan Erdem
,
Ramazan Kocaoğlu
Öz
Bu makalede, geleneksel güvenlik duvarı mimarilerinden tamamen farklı, yeni bir güvenlik duvarı mimarisi geliştirilmiştir. Geliştirilen mimari DIFA (Dynamic Intelligent Firewall Architect) olarak adlandırılmıştır. DIFA kendi kendisini yönetebilme temeline dayanan bir güvenlik duvarı mimarisidir. DIFA, üzerinden geçen trafiğin analizini yaparak ve yerel alan ağını tarayarak erişim kurallarını kendisi oluşturmaktadır. Koruduğu ağda yapısal bir değişiklik oluştuğunda bunu tespit ederek gerekli yapılandırmaları kendisi yapabilmektedir. Ağ yöneticisine sadece kontrol amaçlı ihtiyaç duymaktadır. DIFA’nın verimliliği gerçek ağ ortamları kullanılarak test edilmiştir. Elde edilen sonuçlar, DIFA’nın kural oluşturma işlemini başarılı bir şekilde yapabildiğini göstermiştir.
Kaynakça
- Davy, S., Jennings, B., Strassner, J., “The Policy continuum-Policy authoring and conflict analysis”, Computer Communications, Cilt 31, No 13, 2981-2995, 2008.
- Lee, S., Kim, H.S., “End-user perspectives of Internet connectivity problems”, Computer Networks, Cilt 56, No 6, 1710-1722, 2012.
- Alshammari, R., Zincir-Heywood, A.N., “Can encrypted traffic be identified without port numbers, IP addresses and payload inspection?”, Computer Networks, Cilt 55, No 6, 1326-1350, 2011.
- Botta, A., Dainotti, A., Pescape, A., “A tool for the generation of realistic network workload for emerging networking scenarios”, Computer Networks, Cilt 56, No 15, 3531-3547, 2012.
- Gouda, M.G., Liu, A.X., “Structured firewall design”, Computer Networks, Cilt 51, No 4, 1106-1120, 2007.
- Chao, C.S., Yang, S.J., “A novel three-tiered visualization approach for firewall rule validation”, Journal of Visual Languages and Computing, Cilt 22, No 6, 401-414, 2011.
- Liu, A.X., “Firewall policy verification and troubleshooting”, Computer Networks, Cilt 53, No 16, 2800-2809, 2009.
- Pozo, S., Ceballos, R., Gasca, R.M., “Model-Based Development of firewall rule sets: Diagnosing model inconsistencies”, Information and Software Technology, Cilt 51, No 5, 894-915, 2009.
- Pozo, S., Gasca, R.M., Reina-Quintero A.M, Varela-Vaca A.J, “CONFIDDENT: A model-driven consistent and non-redundant layer-3 firewall ACL design, development and maintenance framework”, The Journal of Systems and Software, Cilt 85, No 2, 425-457, 2012.
- Sreelaja, N.K., Pai, G.A.V., “Ant Colony Optimization based approach for efficient packet filtering in firewall”, Applied Soft Computing, Cilt 10, No 4, 1222-1236, 2010.
- Kim, S., Kim, S., Geuk, L., “Structure design and test of enterprise security management system with advanced internal security”, Future Generation Computer Systems, Cilt 25, No 3, 358-363, 2009.
- Abdulmohsin, I.M.A., “Techniques and algorithms for access control list optimization”, Computers and Electrical Engineering, Cilt 35, No 4, 556-566, 2009.
- Lee, S., Wong, T., Kim, H.S., “Improving manageability through reorganization of routing-policy configurations”, Computer Networks, Cilt 56, No 14, 3192-3205, 2012.
- Liao, Q., Blaich, A., VanBruggen, D., Striegel, A., “Managing networks through context: Graph visualization and exploration”, Computer Networks, Cilt 54, No 16, 2809-2824, 2010.
- Liao, H., Lin, C.R., Lin, Y., Tung, K., “Intrusion detection system: A comprehensive review”, Journal of Network and Computer Applications, Cilt 36, No 1, 16-24, 2013.
- Njogu, H.W., Jiawei, L., Kiere, J.N., Hanyurwimfura D., “A comprehensive vulnerability based alert management approach for large networks”, Future Generation Computer Systems, Cilt 29, No 1, 27-45, 2013.
- Zhang, S., Li, J., Chen, X., Fan, L., “Build network attack graph for alert causal correlation”, Computers&Security, Cilt 27, No 5-6, 188-196, 2008.
- Morin, B., Me, L., Debar, H., Ducasse, M., “A logic-based model to support alert correlation in intrusion detection”, Information Fusion, Cilt 10, No 4, 285-299, 2009.
- Li, J., Li, B., Wo, T., Hu, C., Huia, J., Lui, L., Lam, K.P., “CyberGuarder: A virtualization security assurance architecture for green cloud computing”, Future Generation Computer Systems, Cilt 28, No 2, 379-390, 2012.
- Modi, C., Patel, D., Borisaniya, B., Patel, H., Patel, A., Rajarajan, M., “A survey of intrusion detection techniques in Cloud”, Journal of Network and Computer Applications, Cilt 36, No 1, 42-57, 2013.
- Patel, A., Taghavi, M., Bakhtiyari, K., Junior, J.C., “An intrusion detection and prevention system in cloud computing: A systematic review”, Journal of Network and Computer Applications, Cilt 36, No 1, 25-41, 2013.
- Razzag, A., Hur, A., Shahbaz, S., Masood, M., Ahmad, H.F., “Critical Analysis on Web Application Firewall Solutions”, IEEE Eleventh International Symposium on Autonomous Decentralized Systems, Mexico City, Mexico, 1-6, 6-8 Mart 2013.