1. Technical Field
The present invention relates generally to a firewall policy inspection apparatus and method and, more particularly, to a firewall policy inspection apparatus and method, which detect an anomaly rule in relationships between intrusion prevention rules and display the anomaly rule on a screen.
2. Description of the Related Art
Just as a firewall functions to block a fire so that the fire does not spread to a surrounding area when a fire breaks out in a building, so a firewall in a computer network is installed in the first stage of the network and functions to prevent security faults and threats on the Internet from spreading to surrounding networks or personal computers. It is able to perform this function because, when rules for controlling packets are set in a firewall policy and operated, the firewall is based on the principle of a packet filtering function that allows only permitted packets to flow into the corresponding network in conformity with the set policy.
However, as the number of rules for a firewall policy set by a manger increases, an anomaly rule may occur between the rules. The manual detection of an anomaly rule by the manager not only may require a lot of effort and much time, but also may result in errors, even in management. This may lead to a deterioration of performance of the firewall and the occurrence of vulnerabilities in security, thus causing problems in the network.
Korean Patent Application Publication No. 2009-0065423 presents technology for detecting an anomaly rule related to new intrusion prevention rules in a firewall policy. Further, Korean Patent Application Publication No. 2006-0058179 presents technology for providing information about the generation of new intrusion prevention rules in a firewall policy.
However, the conventional technologies neither disclose in detail a configuration for detecting an anomaly rule as any one of a shadowing anomaly, a redundancy anomaly, a correlation anomaly, and a generalization anomaly in relationships between intrusion prevention rules, nor introduce technology for indicating the anomaly rule in the colors of figures preset depending on the level of risk to more easily inspect intrusion prevention rules in a firewall policy.
Therefore, new firewall policy inspection technology is urgently required which can detect an anomaly rule in relationships between intrusion prevention rules and display the detected anomaly rule on a screen, and can detect the anomaly rule as one of a shadowing anomaly, a redundancy anomaly, a correlation anomaly, and a generalization anomaly in the relationships between the intrusion prevention rules, and which can indicate the anomaly rule in the colors of figures preset depending on the level of risk, and can display intrusion prevention rules other than the anomaly rule on the screen and allow the intrusion prevention rules in a firewall policy to be more easily inspected.