Published on

IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. Iman Kashefi, Maryam Kassiri, Ali Shahidinejad / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 Vol. 3, Issue 2, March -April 2013, pp.585-591 A Survey on Security Issues in Firewalls: A New Approach for Classifying Firewall Vulnerabilities Iman Kashefi*, Maryam Kassiri**, Ali Shahidinejad*** *(Faculty of Computing (FC), Universiti Teknologi Malaysia (UTM), 81300 Johor Bahru, Malaysia,) **(Faculty of Computer Engineering, Robat Karim Branch, Islamic Azad University, Tehran, Iran,) ***(Faculty of Computing (FC), Universiti Teknologi Malaysia (UTM), 81300 Johor Bahru, Malaysia,)ABSTRACT Along with the increasing growth of from outside the network, but it is not supposed tocomputer networks, security threats multiplies guard the network from an insider attack. On theand accordingly improving and enhancing the other hand restraining inside attacks by accessnetwork security devices and methods become a controlling has negative influence on user efficiencynecessity. Firewalls as the first line of defense [3].have irrefutable importance in securing a With respect to the crucial role of firewallsnetwork; therefore improvement in this in network security, a systematic study on firewallstechnology ensures higher level of security in vulnerabilities is needed to further categorize thecomputer networks. Any improvement or novel limitations with the purpose of helping researchers toideas are not achieved unless a deep analysis of gain a good perspective of problems in the first placethe existing methods and current needs takes to find practical solution to enhance the robustness ofplace. In this paper the vulnerabilities of security.firewalls according to their natures and also This paper is divided into three sections; invarious types of firewalls are classified in order the first section firewall and its types are described,to create a better perspective for future research. the aim of the second section is to categorize firewallAlso some of the current approaches to mitigate vulnerabilities according to their nature and variousthese vulnerabilities are mentioned and firewall types and some of the current solutions to mitigatefingerprinting as a technique which makes the vulnerabilities are presented, and finally the lastattackers able to obtain more precise information section briefly describes firewall fingerprintingabout firewalls` vulnerabilities in order to exploit which can be used by attackers to identify type andthem is presented. characteristics of a firewall to misuse its vulnerabilities with the aim of launching a successfulKeywords – Firewalls, Firewall Fingerprinting, attack.Firewalls vulnerabilities, Network Attacks, NetworkSecurity II. FIREWALL AND ITS TYPES Firewalls have significant role in securing aI. INTRODUCTION network. For the purpose of protecting a network, Firewall is one of the most powerful firewall is used as the first line defense in almostsecurity guards that has been used widespread as a every organization [4]. Firewall is considered as oneprimary part of every network [1]. First it was of the efficient tools in providing top level ofassumed to exist between two networks; however, security in computer networks [5]. A firewall is awith the growth in use of internet and small size device or a system designed to block unpermittednetworks, it changed to one of the crucial aspect of access from inside or outside a private network. Theevery gateway to clog external intruder from greatest functionality of the firewall is filtering, inaccessing to LANs and any other private network. other words firewall has the responsibility ofSince the firewalls are considered as the first and diverting the traffic with respect to pre-set policies,main line of defense in monitoring the inbound and and by this means it can protect the system oroutbound traffic in enterprise and backbone network from flooding types of attacks [6]. As it isnetworks, the security and reliability issues are mentioned earlier, firewalls are used greatly forsignificantly important and should be carefully taken preventing unpermitted internet user from gaininginto consideration. access to a private network which is connected to In spite of the fact that firewalls are the internet and this is achieved by filtering eachconsidered as a useful defender in certain attacks, it incoming or outgoing packet to assure that both thecomes with security holes that can be bypassed in source and destination of packets are trusted.some cases. Regarding the nature of computer and Normally, firewalls configuration is in the way thatnetwork devices, firewalls also have some protect network from unauthorized interactive loginlimitations that can be misused by attackers [2]. For from outside. In this way “hackers” are preventedexample a firewall can impede the intruders’ access from logging into systems in a private network. 585 | P a g e
  2. 2. Iman Kashefi, Maryam Kassiri, Ali Shahidinejad / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 Vol. 3, Issue 2, March -April 2013, pp.585-591Firewalls are vital, regarding to the fact that they recourses such as memory with higher capacity arehave ability to provide a block point where security at risk. By constantly monitoring the traffic, • Stateful Inspection firewalls: These kinds offirewalls can provide a safe auditing and logging, in firewalls are the more advanced form of the statefulmost cases, they provide logs to the administrator packet filtering firewalls. Stateful packet filteringabout the type and volume of the network traffic. firewalls are generally used for application thatThis block point does its job as an armed guard demand multiple ports, such as FTP applications.does. All incoming and outgoing data should pass They check the payload and optionally open andthrough the firewall which control each single close ports on the fly as per the protocol. This can bepacket and obstruct those that are against the achieved through rules configuration and gainsecurity criteria and pre-set rules. Firewalls rules are information concerning the fourth layer to thea set of predefined rules that each rule have an seventh layer of the protocol stack.action and a related condition. The action is either • Proxy firewalls: These firewalls isolate privatedeny or accept, while the related condition network within internet. They evaluate the protocoldetermines some information of the packets like the syntax by breaking apart the connection betweensource and destination IP address, port number, client and server. These kinds of firewalls offer aprotocol, and so forth. To maintain a decision higher level of security among the other types ofregarding an individual packet, the rules are checked firewalls, but it is at the cost of functionality andin turn till the first rule that its condition is met by speed, since they have the ability to limit thethe fields of the packet found. Generally the rule set applications which your network can support. Inis fully in detailed. When a firewall receives a contrary to stateful firewall that gives access orpacket, it checks out its protocol, the source and inhibits incoming or outgoing network packets in adestination address and ports. Then the firewall protected network, traffic does not deluge through acompares the rules against the details of the packet proxy. Alternately, computers constitute auntil it finds a match. Different firewalls connection to the proxy that servers are intermediarydeployment applies various sequences of rules. devices, and commence a new network connectionGenerally there are two matching strategies [7], on the side of the request. In this way straightsingle trigger and multi-trigger. Single trigger connections between systems on the both sides of theprocessing works in the way that as soon as it firewall are prevented, therefore it is not so easy formatches a rule, the action of it will be performed, an intruder to explore where the network is, justwhile multi-trigger processing works in opposite because they can never receive packets straightlyway. In other words it performs the action of the last from the target system. The main disadvantage ofmatching rule. this firewall is the need for huge network resources. There are different ways to categorize typesof firewall according to their architecture, III. FIREWALL VULNERABLITIES AND THEfunctionality and their usage. Normally, from the MITIGATION THECHNIQUESuser point of view firewalls can be divided into two In this part the most important firewallstypes; hardware and software, but according to their limitations and vulnerabilities are classified andarchitecture and functionality, a range from packet existing proposed solution for mitigating them willlevel to proxy firewalls can be defined, some of them be presented. “A firewall vulnerability is an error,are mentioned below [8]: weakness, or an invalid assumption made during • Static Packet filtering firewalls: These kinds of firewall design, implementation, or configuration,firewalls sequence the packets concerning to that can be exploited to attack the trusted networkallow/deny rules. It is done by the means of fields the firewall is supposed to protect” [9]. According toinformation on the header such as; host/ destination this definition all the firewalls vulnerabilities can beaddress or port numbers etc. this analysis is not in classified in two main categories: (1) Vulnerabilitiesdepths, i.e., malicious code detection is not due to firewalls inherent limitations and designperformed and each packet is examined as a single defects, (2) Vulnerabilities due to misconfigurationentity. The primary weakness of these firewalls is the or weaknesses in implementation.inability to sustain against fragment and spoofingattacks. 3.1 Vulnerabilities due to firewalls inherent • Stateful packet filtering firewalls: These limitationsfirewalls keep states of performance. Normally, in a Firewalls present an unreal illustration ofclient/server environment, client initiates a security regarding to the fact that their inherentconversation with server and waits for server defects are constantly imposed to the hackers. Theseresponse. Accordingly responses are permitted to failings are caused by improper designs of thebypass the firewalls rules. In this way a better firewalls. Notwithstanding their helpfulness inoptimization in screening process is achieved that providing security, they have some basicleads to empower the overall performance of imperfections which hackers use to break intofirewall. In order to keep state tables, additional 586 | P a g e
  3. 3. Iman Kashefi, Maryam Kassiri, Ali Shahidinejad / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 Vol. 3, Issue 2, March -April 2013, pp.585-591network. This problem causes inefficiency in constantly observing and patching the software inguarding network. the DMZ and intranet. This firewall model conquers Some of these limitations are common in both a problem in traditional firewalls concerning VPNsoftware and hardware firewalls while some are traffic. Portable users require access to organizationonly found in software firewalls: data when they are out of office. Therefore they apply VPNs with the purpose of gaining access in a3.1.1 Common limitations in software and secure way. VPNs are not capable of guardinghardware firewalls user’s laptop or personal computer and theseThe most common vulnerabilities in software and computers change into the potential places to threathardware firewalls are mentioned below: the organization security because they are inherently • Insider attacks: firewalls do not provide two hosted to the organization’s intranet andprotection from insider threats i.e. Insider Attacks. It internet. They provide a security hole for anis acknowledged that insiders impose risks to attacker. Traditional firewalls cannot do much to thesecurity when they have limitless access to traffic which is end-to-end encrypted [11]. Theinformation, knowledge and valuable assets of their model is designed in the way that put the security inorganization. They are granted access legitimately the focal point and the security is not overlooked forand this can easily jeopardize the security of the performance reasons. The firewall model is basedorganization [10]. Firewalls sniff the packets in the on three concepts. First, most of the attacks have theboundaries of the networks and do nothing for the inside source. Limiting the attacking abilities ofdomestic traffic flow. Therefore, it is not practical individual host, leads to a secure internal network.for the intrusions which come from inside the In this way overall security is enhanced as disarmednetwork [8]. internal host is not assumed as a threat to the rest of • Traffic that doesn’t go through firewall: There the internet. Second, attacks are implemented in theare ways to route the illegitimate traffic through way that harms the network from the knownunpermitted path that does not pass through the vulnerabilities. These vulnerabilities are usuallyfirewall. found in certain software’s versions. In any types of • Tunneling; Tunneling is one of the common attack, first the intruder tries to obtain the software’smethods applied to bypass the firewall; one can version to plan the attack in a way that imposes theenvelop message for a protocol inside some other published vulnerability. The information achievedmessage format [8]. by fingerprinting or social engineering is crucial for • Internet threats like virus attack or password the success of an attack. Disguising the identity ofcracking: Firewalls do not carry out deep the OS or server software will inhibit attackers toexploration to detect malicious codes in the packets; commence attacks. Third, security administratorin this way they are likely to ignore some threats of may elude to install software patches due to variousthis kind. reasons such as unreliability, inaccuracy, Below are some of the recommended solution irrevocability, and lack of enough knowledge. Forand novel firewall models to alleviate above this reason an automatic mechanism should be invulnerabilities: place to install necessary updates as soon as they appear. By this means attacker have less chance toMultipurpose firewalls: Intrusion detection intrude to the network. And this is only practicalsystems have been used in order to audit whole with the emergence of networks that conveyactivities inside a network but not as a specific software patches [12].mechanism against insider attacks. Disarmingfirewall proposed by Zubair A. Shaikh and Furqan Distributed firewalls: Another approach toAhmed[11] is a multipurpose firewall which offers alleviate the above mentioned vulnerabilities issome defense mechanism against insiders. This applying distributed firewalls.firewall is a combination of various components; Distributed firewalls have been designed with theeach of them presents distinct purpose. It bounds the purpose of providing higher level protection thanattacking capabilities of all internal resources, in this traditional firewalls such as gateway and host-basedway it can protect network against harmful insiders. firewalls. Distributed firewalls have been developedOwing to the fact that gaining information from an in response to the need of securing network fromend system is the first step for an attack, the firewall insider attacks and of course cover the weakness ofmasks the identity of OS and server software which either gateway or host-based firewalls. According tois positioned in DMZ from either internal or Ioannidis et al. [13], “a distributed firewall is aexternal users. The disarming firewall model takes mechanism that enforces a centralized securityadvantage of the strengths of different methods to policy but the latter is applied at the edges”.maintain the security. The significant strengths of Distributed firewalls are designed in the way thatthis firewall are bounding the intrusion abilities of regulates software applications which are resided ininternal source, masking the identity of OS and host that have the responsibility of protecting aserver software in DMZ to obstruct attacks, and network against unauthorized access. The notional 587 | P a g e
  4. 4. Iman Kashefi, Maryam Kassiri, Ali Shahidinejad / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 Vol. 3, Issue 2, March -April 2013, pp.585-591design of distributed firewalls are based on three [17]. In both deployments unified communicationelements [14]: First, A common place policy interface is needed. It is proved that linkage methodlanguage which is employed for determining takes advantage of independency, high reliability,security policies which are distributed to the firewall and less response time in contrary to the integratedendpoints to configure distributed firewalls. Second, approach.Network-wide mechanisms for the distribution andapplication of the security policy files to the 3.1.2 Vulnerabilities in software firewallsdistributed firewall endpoints. Third, IPsec: security Nowadays software firewalls are the mostprotocol that maintain network-level encryption for popular choice for installing on personal computers.the secure transmission of the security policy. They use internet access control mechanism toDistributed firewalls have following strengths: provide higher level of security for internet users. • Centralized management: Security policies are These kinds of firewalls have vulnerabilities that canplanned centrally and then publish to the various be bypassed in various ways at different layers ofendpoints for execution. Adherence of security networks. This is essentially due to the fact thatpolicies through the network and managing the these kinds of firewalls are software. They are notdeployment is improved. designed based on a proper architecture; therefore • Defense in depth: when distributed firewall is they allow some traffic and application to passused with the gateways firewall, the security layers through them. Below are some of the theoreticalare notably increased which makes it more difficult bypassing ways [18].for an intruder to break into the network. Because it • NIC Adapter Driver: An easiest way to bypasssaves the time for other kind of defense mechanisms any kind of software firewall is to plan the programto counteract the hazard dramatically and in the way that runs in a lower level. Regarding toaccordingly delay and prevent the distribution of the fact that the commercial personal firewallthreat in the network. execute at NDIS level while NDIS is located Distributed firewalls also have their own between NIC and protocol driver, therefore if thelimitations like decrease in network performance program runs at NIC level, it can bypass theand increase in host load. Therefore in order to firewall. However, it is not practical since themitigate these disadvantages several architectures Trojan code which is programmed for a specificand models have been introduced and still should be NIC will not be able to run on the others.improved. • Prevent Loading: Since these firewalls occasionally store data in the registry, if the registryCombining firewall and IDS: There are two is manipulated, it may be feasible to obstruct someapproaches to combine firewalls and IDS: integrated firewalls from running after restarting the system.approach and linkage approach. In first approach • Uninstall: Another way to bypass a personalboth IDS and firewall are placed in one system firewall is by simply uninstalling theme. There arewhile in second approach they are in two separate many hacking codes which are particularly designedsubsystems [15]. to uninstall famous firewalls. • Integrated Approach: The integrated approach • Application Masquerade: Generally thebenefits from the advantages of the revelation ability firewalls do not obstruct all the traffic. Someof the detection system along with the blocking applications are permitted for getting access to thecapability of the firewall. In this approach the host internet. Sometimes hackers program a maliciousIDS and host firewall are placed in the same system. code in the way that it seems like a trusted program,Since the IDS is constantly monitoring the network, so it can simply bypass the provides the access control strategy source to the • Application Control: Sometimes a programhost firewall. In this way malicious requests are employs a trusted application to send and getdetected before the attack occurs [16]. In this unauthorized messages to outside, should theapproach traditional access control is combined with program be able to manage the way the programsintrusion detection technology to supply essential uses to perform its actions.information to enable the firewall to block attacks. • Network-monitoring programs: Approximately • In this method, the host firewall is located in a network-monitoring programs are overlooked byone system while the host intrusion detection system personal firewall. It is obvious that if a maliciousis running on a separate system. The hosts interact program can work like one of the networkin a meaningful manner to share the information to monitoring software, it will be able to bypassenhance the security level to maximum possible personal This method differentiates from integratedmethod in the location of the IDS and the firewall. It can be concluded from the above thatThis approach has dual implementations. In the first personal firewalls are defenseless to manydeployment the host firewall is directly linked to intrusions. To improve the level of protection ofhost IDS, while in the second deployment, a transfer personal firewall to a higher degree, it isdevice is employed to link the two hosts indirectly recommended to use it along with constantly up-to- 588 | P a g e
  5. 5. Iman Kashefi, Maryam Kassiri, Ali Shahidinejad / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 Vol. 3, Issue 2, March -April 2013, pp.585-591date antivirus software. Concurrently, it can be a worth pointing out that the primary concerns ofpotential field for research to fortify the protection firewall designers are security robustness rather thanlevel of personal firewalls from hardware great usability. Nevertheless more the usabilityperspective. improved, the better results achieved. There is fine balance between usability and security that it only realized by comprehensive design which includes3.2 Vulnerabilities due to misconfiguration usability in development phases. There are many While the part of vulnerabilities which usability best practices for security design which cancome from misconfigurations are the result of be taken into account. It is possible to classify theweakness and complexity of firewalls design and usability issues in two main classes. First there isuser interfaces, there are notable reasons which ambiguity in information or sometimes lack ofconcerning user faults and their incapability of knowledge when the users should make decision onimplementing and managing different aspects of security issues. Second, poor user interfaces whichfirewalls. Carelessness and misuse can be the result in security alerts ignorance. As a solution tobiggest threat to any security system anywhere [19]. this problem, firewall designer can fortify the It is worth mentioning that improper use of quality of information through the results fromsecurity system can be more detrimental than usability testing with end users. Moreover, it can berelinquish the use of them. The false illustration of a good practice to involve usability experts in designsecurity that inspired by a misconfigured firewall process.makes users behave like they are fully secured,while they are treated with the same risks. Personal IV. FIREWALL FINGERPRINTINGfirewall are imposed more to misconfiguration, Vulnerabilities mentioned in the previoussince the knowledge for implementing firewall in section both in hardware and software firewallsthe safe manner may go beyond the capability of along with other vulnerabilities caused by flaws andcommon users. shortcomings that may exist in some specific models The following are the common vulnerabilities of different firewall brands are more probable to beassociated with misconfigurations of the firewalls exploited by attackers if they can acquire enough[9]: information about the employed firewall in a • ICMP allowed, e.g., the firewall can be pinged; computer network. • Denial rather than drop the traffic to portswhich are blocked by the firewall. This provides the Regarding to the fact that firewalls areattacker with additional information, or improves usually positioned in a network so that they arethe speed of the attacker’s port scan; invisible to the users, the identification of them to • Misconfiguration that allows a TCP pings of explode their vulnerabilities to do a successfulinternal hosts with Internet-routable IP addresses attack is dramatically complicated. To launch a(e.g., in-bound TCP 80 is not restricted to the web successful attack, the first step that the attackerserver) should take is fingerprinting, i.e., finding the • Trust of certain IP addresses firewall implementation, encompassing the brand • Availability of extra/unnecessary services on name, software/firmware version, etc. Providingthe firewall that we figure out all possible ways that attackers • Unnecessarily open TCP and UDP ports employ to fingerprint a firewall, we will be able to design required countermeasures accordingly. As mentioned before a part ofmisconfigurations are related to some other A recent research conducted by Amir R.important issues such as configuring inattentively. Khakpour et al. presents a set of techniques thatFor instance when the program needs to be acquire some basic information about firewallsconfigured, occasionally it may happen that the using the processing time of each inquiry packet andusers are tired of responding to many questions and can be employed to find firewall implementation.perfunctorily switch off the security warnings. By precisely measuring packet processing time, it isThese kinds of problems take place because of poor possible to fingerprint firewalls to figure out theusability in personal firewalls. Poor usability of a type of packet classification algorithms, sensitivitysecurity system can have severe aftereffects as are of firewall performance to traffic load, and othermentioned in several articles. According to Bander characteristics. They proposed some ways toAlfayyadh et al. [19], usability of personal firewalls identify the firewall characteristics that areis especially important and interesting to study announced by firewall implementations. Evenbecause most of the personal firewall users have though the firewall is designed like a black box,little information about security issues. They have attackers can misuse vulnerabilities of these kinds ofshown that the main problems arose in personal firewalls from their characteristics that are preciselycomputer are due to the poor usability that identified to launch effective attacks. Theyaccordingly result in security vulnerabilities. It is presented two methods for deducting firewall 589 | P a g e
  6. 6. Iman Kashefi, Maryam Kassiri, Ali Shahidinejad / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 Vol. 3, Issue 2, March -April 2013, pp.585-591implementation using these characteristics. The first [2] Cisco Firewall Services Module DoSmethod is concerned with firewall decision while vulnerability,receiving a sequence of TCP packets that carry flags; the second method is based on d=10673, 2011.machine learning techniques [20]. By using these [3] J. Craig Lowery , Computer Systemmethods they could acquire relatively accurate data Security: A Primer, March 2002,about the firewalls and could successfully the three different types of firewalls, r%20System%20Security-both software and hardware, which they had used %20A%20Primer.pdffor this project. [4] W. Geng, S. Flinn, and J. DcDeourek, Usable firewall The results of their work show that firewall configuration, Proc. 3rd Annual Conferencefingerprinting can become a serious issue that on Privacy, Security and Trust, Institutecauses exposure of firewall vulnerabilities and of information technology, nationalshould be taken into consideration simultaneously research council Canada, 2005.along with making effort to mitigate firewalls [5] Ghiran, A.M., Silaghi, G.C., and Tomai N.,vulnerabilities. Ontology based tools for automating integrationV. CONCLUSION and validation of firewall rules, Proc. of The classification of firewall vulnerabilities 12th international conference on Businesswhich is presented in this paper along with the Information Systems, Poland, 2009, 37-48.mentioned existing solutions can be a helpful [6] V.M. Boncheva, A Short Survey ofguideline for researchers who aim to enhance the Intrusion Detection Systems, Problems ofsecurity of firewalls and also can give them a clear Engineering Cybernetics and Robotics, 58,and precise perspective of existing problems in this 2007.field. [7] V. Zaliva, Firewall Policy Modeling, Analysis and Simulation: a Survey , Integrating the capabilities of firewalls and 2010.IDS and also fortifying the protection level of [8] S. Beg, U. Naru, M. Ashraf, and S.personal firewalls from hardware perspective still Mohsin, Feasibility of Intrusion Detectioncan be potential fields for future researches. System with High PerformanceRegarding this study on existing types of Computing: A Survey, IJACS, Decembervulnerabilities and also defense models in firewalls, 2010 .a unified model which takes benefit from the [9] S. Kamara, S. Fahmy, E. Schultz, F.strength points of different solutions and Kerschbaum, and M. Frantzen, Analysis ofaccordingly mitigate the vulnerabilities of the Vulnerabilities in Internet Firewalls,models to maximize the robustness of security and capability of network may be a good [10] C. Colwill, Human factors in informationsolution. Although integrating various models in a security: The insider threat - Who can yousystem may cause some conflicts and have inverse trust these days?, Information Securityeffects, still there would be a potential area for Technical Report. 2010, 14(4), 186-196.further research to propose an integrated model that [11] Z. A. Shaikh and F. Ahmed, Disarmingbrings more security. Moreover, not only practical Firewall, Proc. International Conferencesolutions to improve the security in firewalls on Information and Emergingthrough mitigating their vulnerabilities should be Technologies, ICIET, 2010.carefully followed, but also in the meanwhile, [12] J. Li, P. L. Reiher, and G. J. Popek.conducting a research for finding countermeasures Resilient Self-Organizing Overlayto prevent firewalls from being fingerprinted by Networks for Security Update Delivery.attackers should be taken into consideration, since IEEE Journal on Selected Areas infirewall fingerprinting increases the probability of Communications (JSAC), January 2004exposure of vulnerabilities to the security attacks. [13] S. loannidis, A. D. Keromytis, S. M. Bellovin, and 1. M. Smith, Implementing aREFERENCES distributed firewall, Proc. 7th ACM Conj. [1] R. Bace, An Introduction to Intrusion Computer and communications security, Detection and Assessment for System Athens, 2000. and network security Management, [14] V. Ramsurrun and K. M. S. Soyjaudah, A ICSA, Inc Stateful CSG-based Distributed Firewall Architecture for Robust Distributed mmunities/ids/whitepaper/Intrusion1.pdf. Security, UoM. 590 | P a g e
  7. 7. Iman Kashefi, Maryam Kassiri, Ali Shahidinejad / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 Vol. 3, Issue 2, March -April 2013, pp.585-591[15] Zh. Lili and C. Tian-jie. Intrusion Detection Based on Intelligence and Collaboration Technology Computer, 2008, 24 (2): 66-68.[16] Zh. Tao-gai and L. Ke, A New Design of Linkage Based on IDS, Henan Institute of Engineering (Natural Science), Vol • 21, No • 3 Sep. 2009.[17] Zh. Zhong-hui and C. Jia-qing, Intrusion Prevention System Based on Linkage Mechanism Computer age, 2006, (7) :28- 29[18] R. Chiong and S. Dhakal, On the Insecurity of Personal Firewall , IEEE, 2008.[19] B. Alfayyadh, A. Jøsang, M. Alzomai and J. Ponting, Vulnerabilities in Personal Firewalls Caused by Poor Security Usability , IEEE, 2010[20] A. R. Khakpour et al. , “Firewall Fingerprinting”, 2012 Proceeding IEEE INFOCAM, 2012 591 | P a g e