FARE: FDD-based firewall anomalies resolution tool

Problems arising from firewall misconfigurations are common and have dramatic consequences for networks operations. Therefore, the discovery and removal of these misconfigurations is a serious and complex problem to solve. In this paper, we address this problem using a data structure (FDD: firewall decision diagram). We propose a new approach to rule-set optimization and clean-up, by removing superfluous rules from a simple firewall and a totally automatic method to detect and fix misconfigurations. We present also a new classification of anomalies in multi-firewall environment bringing out real configurations errors. We proved the correctness and completeness of our method and demonstrated its scalability and applicability on configurations provided by the Tunisian Ministry of Finance Computer Centre (CIMF), and found promising results.