Campus network topology discovery and distributed firewall policy generation

Abstract

The change in technology of network components has enabled more complex and dynamic computer networks to occur. At present, most network components can easily be attached to or removed from computer networks. This situation causes the static prevention techniques to be inadequate. In static prevention, any situation which is different than expected ones occurs, the default rule is taken granted for it. Detecting unpredictable situations and finding out solutions for them takes time. There are some network systems, which control network parameters dynamically, such as intrusion detection systems integrated firewalls. However, even if these systems control traffic parameters, they can only alert when the parameter values are not in the given range. They may not be successful to determine well-designed attacks or even if the system determines the attack, it takes time to interfere. Instead of static approaches, a dynamic network security system, which is compatible with dynamic network topology and can update the security issues according to changes in network, is needed. To achieve this dynamic nature, the network must be monitored. Then controlling and managing new components could be easier and more secure. New security rules must be created for the newly attached network components or security rules must be removed for removed network components. In this thesis, an approach to monitor a campus area network and dynamically update firewall rules according to monitoring results is proposed. The implemented approach is validated through a case study.