Firewalls are core elements in network security. However, managing firewall rules, particularly, in multifirewall enterprise networks, has become a complex and error-prone task. Firewall filtering rules have to be written, ordered, and carefully in order to avoid firewall policy anomalies that might cause network vulnerability. Therefore, inserting or modifying filtering rules in any firewall requires thorough intrafirewall and interfirewall analysis to determine the proper rule placement and ordering in the firewalls. In this paper, I identify all anomalies that could exist in a single- or multifirewall environment. We also present a set of algorithms to discover policy anomalies in centralized and distributed firewalls. These algorithms make it simplify to manage the filtering rules and maintain the security of next-generation Firewalls. |