Active firewall mechanism as a comprehensive approach towards minimizing internet threats

Abstract

Network firewalls have been receiving a lot of critics from the Internet community since many security incidents originated from the Internet could successfully bypass firewall protection. This condition is caused by the incapability of firewalls to cope with the rapid growth of the Internet technology, especially for dealing with active content. The static behaviour of the firewall becomes the root of this problem. Motivated by this condition, this study aims to improve the security of network firewalls by activating its mechanism. Here, active firewall is defined as a firewall aware of the conditions of its surrounding network and capable to identify and to develop the security requirements for guarding the protected network. To implement the active firewall, a security strategy to combat the Internet threats is defined by developing an Internet access model that consists of the models of intranet users and external parties. Three security strategies were formulated, i.e. minimizing unprotected internal users, minimizing untrusted external parties, and minimizing the interaction between unprotected internal users and untrusted external parties. Hence, the implementations of active firewall that consist of initialisation and runtime processes follow these strategies. In the initialisation process, three methods were developed namely close-condition, open-condition and lattice-based. In the runtime process, three methods were also developed, namely fuzzy-based, agent-based, and zero-based configuration. The combinations between each initialisation and each runtime process produced five active firewall systems, namely OF, LF, OA, LA, and CZ. Evaluations on each active firewall system were based on RFC 2979, a standard behaviour of and requirements for Internet firewalls. Two stages of evaluations were conducted, namely security analysis and comparative study. The results of the evaluations showed that active firewall was capable to combat Internet threats. And it was also proven that LA delivers the best security and usability compared to other proposed active firewall methods.