F/Wvis: Hierarchical Visual Approach for Effective Optimization of Firewall Policy

As an essential system for protecting internal networks and valuable information, the firewall monitors and controls network traffic in terms of access control, authentication, logging, and auditing. In particular, it carries out both allowing and blocking communications between internal and external networks based on proper Access Control List (ACL). However, a complex ACL along with huge network environments lead to exposing vulnerabilities and communication problems, because of anomalies among policies. Even though various techniques and applications combined with visualization approaches have been proposed, there is still a lack of usability caused by not only the limitation of the text-based interface but also the complexity of practical use. In order to solve these problems, this work proposes a 3D-based hierarchical visualization method, namely F/Wvis, for intuitive ACL management and analysis. The F/Wvis, particularly, supports ACL management for a large-scale network as well as analysis of detail anomalies on policies by providing a drill-down user interface through the hierarchical visualization approach. Further, the implemented system is evaluated against popular tools by network security experts to identify the usability and effectiveness in real-world situations (a demonstration video is available at: https://bit.ly/34ooEDc).

Automated summary

Firewalls are crucial for protecting internal networks and valuable information by monitoring and controlling network traffic through access control, authentication, logging, and auditing. Despite various proposed techniques and applications, there remains a lack of usability due to limitations in the text-based interface and the complexity of practical use.