Iman Kashefi, Maryam Kassiri, Ali Shahidinejad / International Journal of EngineeringResearch and Applications (IJERA) ISSN: 2248-9622 www.ijera.comVol. 3, Issue 2, March -April 2013, pp.585-591585 | P a g eA Survey on Security Issues in Firewalls: A New Approach forClassifying Firewall VulnerabilitiesIman Kashefi*, Maryam Kassiri**, Ali Shahidinejad****(Faculty of Computing (FC), Universiti Teknologi Malaysia (UTM), 81300 Johor Bahru, Malaysia,)**(Faculty of Computer Engineering, Robat Karim Branch, Islamic Azad University, Tehran, Iran,)***(Faculty of Computing (FC), Universiti Teknologi Malaysia (UTM), 81300 Johor Bahru, Malaysia,)ABSTRACTAlong with the increasing growth ofcomputer networks, security threats multipliesand accordingly improving and enhancing thenetwork security devices and methods become anecessity. Firewalls as the first line of defensehave irrefutable importance in securing anetwork; therefore improvement in thistechnology ensures higher level of security incomputer networks. Any improvement or novelideas are not achieved unless a deep analysis ofthe existing methods and current needs takesplace. In this paper the vulnerabilities offirewalls according to their natures and alsovarious types of firewalls are classified in orderto create a better perspective for future research.Also some of the current approaches to mitigatethese vulnerabilities are mentioned and firewallfingerprinting as a technique which makesattackers able to obtain more precise informationabout firewalls` vulnerabilities in order to exploitthem is presented.Keywords – Firewalls, Firewall Fingerprinting,Firewalls vulnerabilities, Network Attacks, NetworkSecurityI. INTRODUCTIONFirewall is one of the most powerfulsecurity guards that has been used widespread as aprimary part of every network . First it wasassumed to exist between two networks; however,with the growth in use of internet and small sizenetworks, it changed to one of the crucial aspect ofevery gateway to clog external intruder fromaccessing to LANs and any other private network.Since the firewalls are considered as the first andmain line of defense in monitoring the inbound andoutbound traffic in enterprise and backbonenetworks, the security and reliability issues aresignificantly important and should be carefully takeninto consideration.In spite of the fact that firewalls areconsidered as a useful defender in certain attacks, itcomes with security holes that can be bypassed insome cases. Regarding the nature of computer andnetwork devices, firewalls also have somelimitations that can be misused by attackers . Forexample a firewall can impede the intruders’ accessfrom outside the network, but it is not supposed toguard the network from an insider attack. On theother hand restraining inside attacks by accesscontrolling has negative influence on user efficiency.With respect to the crucial role of firewallsin network security, a systematic study on firewallsvulnerabilities is needed to further categorize thelimitations with the purpose of helping researchers togain a good perspective of problems in the first placeto find practical solution to enhance the robustness ofsecurity.This paper is divided into three sections; inthe first section firewall and its types are described,the aim of the second section is to categorize firewallvulnerabilities according to their nature and varioustypes and some of the current solutions to mitigatethe vulnerabilities are presented, and finally the lastsection briefly describes firewall fingerprintingwhich can be used by attackers to identify type andcharacteristics of a firewall to misuse itsvulnerabilities with the aim of launching a successfulattack.II. FIREWALL AND ITS TYPESFirewalls have significant role in securing anetwork. For the purpose of protecting a network,firewall is used as the first line defense in almostevery organization . Firewall is considered as oneof the efficient tools in providing top level ofsecurity in computer networks . A firewall is adevice or a system designed to block unpermittedaccess from inside or outside a private network. Thegreatest functionality of the firewall is filtering, inother words firewall has the responsibility ofdiverting the traffic with respect to pre-set policies,and by this means it can protect the system ornetwork from flooding types of attacks . As it ismentioned earlier, firewalls are used greatly forpreventing unpermitted internet user from gainingaccess to a private network which is connected tothe internet and this is achieved by filtering eachincoming or outgoing packet to assure that both thesource and destination of packets are trusted.Normally, firewalls configuration is in the way thatprotect network from unauthorized interactive loginfrom outside. In this way “hackers” are preventedfrom logging into systems in a private network.
Iman Kashefi, Maryam Kassiri, Ali Shahidinejad / International Journal of EngineeringResearch and Applications (IJERA) ISSN: 2248-9622 www.ijera.comVol. 3, Issue 2, March -April 2013, pp.585-591586 | P a g eFirewalls are vital, regarding to the fact that theyhave ability to provide a block point where securityis at risk. By constantly monitoring the traffic,firewalls can provide a safe auditing and logging, inmost cases, they provide logs to the administratorabout the type and volume of the network traffic.This block point does its job as an armed guarddoes. All incoming and outgoing data should passthrough the firewall which control each singlepacket and obstruct those that are against thesecurity criteria and pre-set rules. Firewalls rules area set of predefined rules that each rule have anaction and a related condition. The action is eitherdeny or accept, while the related conditiondetermines some information of the packets like thesource and destination IP address, port number,protocol, and so forth. To maintain a decisionregarding an individual packet, the rules are checkedin turn till the first rule that its condition is met bythe fields of the packet found. Generally the rule setis fully in detailed. When a firewall receives apacket, it checks out its protocol, the source anddestination address and ports. Then the firewallcompares the rules against the details of the packetuntil it finds a match. Different firewallsdeployment applies various sequences of rules.Generally there are two matching strategies ,single trigger and multi-trigger. Single triggerprocessing works in the way that as soon as itmatches a rule, the action of it will be performed,while multi-trigger processing works in oppositeway. In other words it performs the action of the lastmatching rule.There are different ways to categorize typesof firewall according to their architecture,functionality and their usage. Normally, from theuser point of view firewalls can be divided into twotypes; hardware and software, but according to theirarchitecture and functionality, a range from packetlevel to proxy firewalls can be defined, some of themare mentioned below :• Static Packet filtering firewalls: These kinds offirewalls sequence the packets concerning toallow/deny rules. It is done by the means of fieldsinformation on the header such as; host/ destinationaddress or port numbers etc. this analysis is not indepths, i.e., malicious code detection is notperformed and each packet is examined as a singleentity. The primary weakness of these firewalls is theinability to sustain against fragment and spoofingattacks.• Stateful packet filtering firewalls: Thesefirewalls keep states of performance. Normally, in aclient/server environment, client initiates aconversation with server and waits for serverresponse. Accordingly responses are permitted tobypass the firewalls rules. In this way a betteroptimization in screening process is achieved thatleads to empower the overall performance offirewall. In order to keep state tables, additionalrecourses such as memory with higher capacity arerequired.• Stateful Inspection firewalls: These kinds offirewalls are the more advanced form of the statefulpacket filtering firewalls. Stateful packet filteringfirewalls are generally used for application thatdemand multiple ports, such as FTP applications.They check the payload and optionally open andclose ports on the fly as per the protocol. This can beachieved through rules configuration and gaininformation concerning the fourth layer to theseventh layer of the protocol stack.• Proxy firewalls: These firewalls isolate privatenetwork within internet. They evaluate the protocolsyntax by breaking apart the connection betweenclient and server. These kinds of firewalls offer ahigher level of security among the other types offirewalls, but it is at the cost of functionality andspeed, since they have the ability to limit theapplications which your network can support. Incontrary to stateful firewall that gives access orinhibits incoming or outgoing network packets in aprotected network, traffic does not deluge through aproxy. Alternately, computers constitute aconnection to the proxy that servers are intermediarydevices, and commence a new network connectionon the side of the request. In this way straightconnections between systems on the both sides of thefirewall are prevented, therefore it is not so easy foran intruder to explore where the network is, justbecause they can never receive packets straightlyfrom the target system. The main disadvantage ofthis firewall is the need for huge network resources.III. FIREWALL VULNERABLITIES AND THEMITIGATION THECHNIQUESIn this part the most important firewallslimitations and vulnerabilities are classified andexisting proposed solution for mitigating them willbe presented. “A firewall vulnerability is an error,weakness, or an invalid assumption made duringfirewall design, implementation, or configuration,that can be exploited to attack the trusted networkthe firewall is supposed to protect” . According tothis definition all the firewalls vulnerabilities can beclassified in two main categories: (1) Vulnerabilitiesdue to firewalls inherent limitations and designdefects, (2) Vulnerabilities due to misconfigurationor weaknesses in implementation.3.1 Vulnerabilities due to firewalls inherentlimitationsFirewalls present an unreal illustration ofsecurity regarding to the fact that their inherentdefects are constantly imposed to the hackers. Thesefailings are caused by improper designs of thefirewalls. Notwithstanding their helpfulness inproviding security, they have some basicimperfections which hackers use to break into
Iman Kashefi, Maryam Kassiri, Ali Shahidinejad / International Journal of EngineeringResearch and Applications (IJERA) ISSN: 2248-9622 www.ijera.comVol. 3, Issue 2, March -April 2013, pp.585-591587 | P a g enetwork. This problem causes inefficiency inguarding network.Some of these limitations are common in bothsoftware and hardware firewalls while some areonly found in software firewalls:3.1.1 Common limitations in software andhardware firewallsThe most common vulnerabilities in software andhardware firewalls are mentioned below:• Insider attacks: firewalls do not provideprotection from insider threats i.e. Insider Attacks. Itis acknowledged that insiders impose risks tosecurity when they have limitless access toinformation, knowledge and valuable assets of theirorganization. They are granted access legitimatelyand this can easily jeopardize the security of theorganization . Firewalls sniff the packets in theboundaries of the networks and do nothing for thedomestic traffic flow. Therefore, it is not practicalfor the intrusions which come from inside thenetwork .• Traffic that doesn’t go through firewall: Thereare ways to route the illegitimate traffic throughunpermitted path that does not pass through thefirewall.• Tunneling; Tunneling is one of the commonmethods applied to bypass the firewall; one canenvelop message for a protocol inside some othermessage format .• Internet threats like virus attack or passwordcracking: Firewalls do not carry out deepexploration to detect malicious codes in the packets;in this way they are likely to ignore some threats ofthis kind.Below are some of the recommended solutionand novel firewall models to alleviate abovevulnerabilities:Multipurpose firewalls: Intrusion detectionsystems have been used in order to audit wholeactivities inside a network but not as a specificmechanism against insider attacks. Disarmingfirewall proposed by Zubair A. Shaikh and FurqanAhmed is a multipurpose firewall which offerssome defense mechanism against insiders. Thisfirewall is a combination of various components;each of them presents distinct purpose. It bounds theattacking capabilities of all internal resources, in thisway it can protect network against harmful insiders.Owing to the fact that gaining information from anend system is the first step for an attack, the firewallmasks the identity of OS and server software whichis positioned in DMZ from either internal orexternal users. The disarming firewall model takesadvantage of the strengths of different methods tomaintain the security. The significant strengths ofthis firewall are bounding the intrusion abilities ofinternal source, masking the identity of OS andserver software in DMZ to obstruct attacks, andconstantly observing and patching the software inthe DMZ and intranet. This firewall model conquersa problem in traditional firewalls concerning VPNtraffic. Portable users require access to organizationdata when they are out of office. Therefore theyapply VPNs with the purpose of gaining access in asecure way. VPNs are not capable of guardinguser’s laptop or personal computer and thesecomputers change into the potential places to threatthe organization security because they are inherentlytwo hosted to the organization’s intranet andinternet. They provide a security hole for anattacker. Traditional firewalls cannot do much to thetraffic which is end-to-end encrypted . Themodel is designed in the way that put the security inthe focal point and the security is not overlooked forperformance reasons. The firewall model is basedon three concepts. First, most of the attacks have theinside source. Limiting the attacking abilities ofindividual host, leads to a secure internal network.In this way overall security is enhanced as disarmedinternal host is not assumed as a threat to the rest ofthe internet. Second, attacks are implemented in theway that harms the network from the knownvulnerabilities. These vulnerabilities are usuallyfound in certain software’s versions. In any types ofattack, first the intruder tries to obtain the software’sversion to plan the attack in a way that imposes thepublished vulnerability. The information achievedby fingerprinting or social engineering is crucial forthe success of an attack. Disguising the identity ofthe OS or server software will inhibit attackers tocommence attacks. Third, security administratormay elude to install software patches due to variousreasons such as unreliability, inaccuracy,irrevocability, and lack of enough knowledge. Forthis reason an automatic mechanism should be inplace to install necessary updates as soon as theyappear. By this means attacker have less chance tointrude to the network. And this is only practicalwith the emergence of networks that conveysoftware patches .Distributed firewalls: Another approach toalleviate the above mentioned vulnerabilities isapplying distributed firewalls.Distributed firewalls have been designed with thepurpose of providing higher level protection thantraditional firewalls such as gateway and host-basedfirewalls. Distributed firewalls have been developedin response to the need of securing network frominsider attacks and of course cover the weakness ofeither gateway or host-based firewalls. According toIoannidis et al. , “a distributed firewall is amechanism that enforces a centralized securitypolicy but the latter is applied at the edges”.Distributed firewalls are designed in the way thatregulates software applications which are resided inhost that have the responsibility of protecting anetwork against unauthorized access. The notional
Iman Kashefi, Maryam Kassiri, Ali Shahidinejad / International Journal of EngineeringResearch and Applications (IJERA) ISSN: 2248-9622 www.ijera.comVol. 3, Issue 2, March -April 2013, pp.585-591588 | P a g edesign of distributed firewalls are based on threeelements : First, A common place policylanguage which is employed for determiningsecurity policies which are distributed to the firewallendpoints to configure distributed firewalls. Second,Network-wide mechanisms for the distribution andapplication of the security policy files to thedistributed firewall endpoints. Third, IPsec: securityprotocol that maintain network-level encryption forthe secure transmission of the security policy.Distributed firewalls have following strengths:•Centralized management: Security policies areplanned centrally and then publish to the variousendpoints for execution. Adherence of securitypolicies through the network and managing thedeployment is improved.•Defense in depth: when distributed firewall isused with the gateways firewall, the security layersare notably increased which makes it more difficultfor an intruder to break into the network. Because itsaves the time for other kind of defense mechanismsto counteract the hazard dramatically andaccordingly delay and prevent the distribution ofthreat in the network.Distributed firewalls also have their ownlimitations like decrease in network performanceand increase in host load. Therefore in order tomitigate these disadvantages several architecturesand models have been introduced and still should beimproved.Combining firewall and IDS: There are twoapproaches to combine firewalls and IDS: integratedapproach and linkage approach. In first approachboth IDS and firewall are placed in one systemwhile in second approach they are in two separatesubsystems .• Integrated Approach: The integrated approachbenefits from the advantages of the revelation abilityof the detection system along with the blockingcapability of the firewall. In this approach the hostIDS and host firewall are placed in the same system.Since the IDS is constantly monitoring the network,it provides the access control strategy source to thehost firewall. In this way malicious requests aredetected before the attack occurs . In thisapproach traditional access control is combined withintrusion detection technology to supply essentialinformation to enable the firewall to block attacks.• In this method, the host firewall is located in aone system while the host intrusion detection systemis running on a separate system. The hosts interactin a meaningful manner to share the information toenhance the security level to maximum possibledegree. This method differentiates from integratedmethod in the location of the IDS and the firewall.This approach has dual implementations. In the firstdeployment the host firewall is directly linked tohost IDS, while in the second deployment, a transferdevice is employed to link the two hosts indirectly. In both deployments unified communicationinterface is needed. It is proved that linkage methodtakes advantage of independency, high reliability,and less response time in contrary to the integratedapproach.3.1.2 Vulnerabilities in software firewallsNowadays software firewalls are the mostpopular choice for installing on personal computers.They use internet access control mechanism toprovide higher level of security for internet users.These kinds of firewalls have vulnerabilities that canbe bypassed in various ways at different layers ofnetworks. This is essentially due to the fact thatthese kinds of firewalls are software. They are notdesigned based on a proper architecture; thereforethey allow some traffic and application to passthrough them. Below are some of the theoreticalbypassing ways .• NIC Adapter Driver: An easiest way to bypassany kind of software firewall is to plan the programin the way that runs in a lower level. Regarding tothe fact that the commercial personal firewallexecute at NDIS level while NDIS is locatedbetween NIC and protocol driver, therefore if theprogram runs at NIC level, it can bypass thefirewall. However, it is not practical since theTrojan code which is programmed for a specificNIC will not be able to run on the others.• Prevent Loading: Since these firewallsoccasionally store data in the registry, if the registryis manipulated, it may be feasible to obstruct somefirewalls from running after restarting the system.• Uninstall: Another way to bypass a personalfirewall is by simply uninstalling theme. There aremany hacking codes which are particularly designedto uninstall famous firewalls.• Application Masquerade: Generally thefirewalls do not obstruct all the traffic. Someapplications are permitted for getting access to theinternet. Sometimes hackers program a maliciouscode in the way that it seems like a trusted program,so it can simply bypass the firewall.• Application Control: Sometimes a programemploys a trusted application to send and getunauthorized messages to outside, should theprogram be able to manage the way the programsuses to perform its actions.• Network-monitoring programs: Approximatelynetwork-monitoring programs are overlooked bypersonal firewall. It is obvious that if a maliciousprogram can work like one of the networkmonitoring software, it will be able to bypasspersonal firewall.It can be concluded from the above thatpersonal firewalls are defenseless to manyintrusions. To improve the level of protection ofpersonal firewall to a higher degree, it isrecommended to use it along with constantly up-to-
Iman Kashefi, Maryam Kassiri, Ali Shahidinejad / International Journal of EngineeringResearch and Applications (IJERA) ISSN: 2248-9622 www.ijera.comVol. 3, Issue 2, March -April 2013, pp.585-591589 | P a g edate antivirus software. Concurrently, it can be apotential field for research to fortify the protectionlevel of personal firewalls from hardwareperspective.3.2 Vulnerabilities due to misconfigurationWhile the part of vulnerabilities whichcome from misconfigurations are the result ofweakness and complexity of firewalls design anduser interfaces, there are notable reasons whichconcerning user faults and their incapability ofimplementing and managing different aspects offirewalls. Carelessness and misuse can be thebiggest threat to any security system anywhere .It is worth mentioning that improper use ofsecurity system can be more detrimental thanrelinquish the use of them. The false illustration ofsecurity that inspired by a misconfigured firewallmakes users behave like they are fully secured,while they are treated with the same risks. Personalfirewall are imposed more to misconfiguration,since the knowledge for implementing firewall inthe safe manner may go beyond the capability ofcommon users.The following are the common vulnerabilitiesassociated with misconfigurations of the firewalls:• ICMP allowed, e.g., the firewall can be pinged;• Denial rather than drop the traffic to portswhich are blocked by the firewall. This provides theattacker with additional information, or improvesthe speed of the attacker’s port scan;• Misconfiguration that allows a TCP pings ofinternal hosts with Internet-routable IP addresses(e.g., in-bound TCP 80 is not restricted to the webserver)• Trust of certain IP addresses• Availability of extra/unnecessary services onthe firewall• Unnecessarily open TCP and UDP portsAs mentioned before a part ofmisconfigurations are related to some otherimportant issues such as configuring inattentively.For instance when the program needs to beconfigured, occasionally it may happen that theusers are tired of responding to many questions andperfunctorily switch off the security warnings.These kinds of problems take place because of poorusability in personal firewalls. Poor usability of asecurity system can have severe aftereffects as arementioned in several articles. According to BanderAlfayyadh et al. , usability of personal firewallsis especially important and interesting to studybecause most of the personal firewall users havelittle information about security issues. They haveshown that the main problems arose in personalcomputer are due to the poor usability thataccordingly result in security vulnerabilities. It isworth pointing out that the primary concerns offirewall designers are security robustness rather thangreat usability. Nevertheless more the usabilityimproved, the better results achieved. There is finebalance between usability and security that it onlyrealized by comprehensive design which includesusability in development phases. There are manyusability best practices for security design which canbe taken into account. It is possible to classify theusability issues in two main classes. First there isambiguity in information or sometimes lack ofknowledge when the users should make decision onsecurity issues. Second, poor user interfaces whichresult in security alerts ignorance. As a solution tothis problem, firewall designer can fortify thequality of information through the results fromusability testing with end users. Moreover, it can bea good practice to involve usability experts in designprocess.IV. FIREWALL FINGERPRINTINGVulnerabilities mentioned in the previoussection both in hardware and software firewallsalong with other vulnerabilities caused by flaws andshortcomings that may exist in some specific modelsof different firewall brands are more probable to beexploited by attackers if they can acquire enoughinformation about the employed firewall in acomputer network.Regarding to the fact that firewalls areusually positioned in a network so that they areinvisible to the users, the identification of them toexplode their vulnerabilities to do a successfulattack is dramatically complicated. To launch asuccessful attack, the first step that the attackershould take is fingerprinting, i.e., finding thefirewall implementation, encompassing the brandname, software/firmware version, etc. Providingthat we figure out all possible ways that attackersemploy to fingerprint a firewall, we will be able todesign required countermeasures accordingly.A recent research conducted by Amir R.Khakpour et al. presents a set of techniques thatacquire some basic information about firewallsusing the processing time of each inquiry packet andcan be employed to find firewall implementation.By precisely measuring packet processing time, it ispossible to fingerprint firewalls to figure out thetype of packet classification algorithms, sensitivityof firewall performance to traffic load, and othercharacteristics. They proposed some ways toidentify the firewall characteristics that areannounced by firewall implementations. Eventhough the firewall is designed like a black box,attackers can misuse vulnerabilities of these kinds offirewalls from their characteristics that are preciselyidentified to launch effective attacks. Theypresented two methods for deducting firewall
Iman Kashefi, Maryam Kassiri, Ali Shahidinejad / International Journal of EngineeringResearch and Applications (IJERA) ISSN: 2248-9622 www.ijera.comVol. 3, Issue 2, March -April 2013, pp.585-591590 | P a g eimplementation using these characteristics. The firstmethod is concerned with firewall decision whilereceiving a sequence of TCP packets that carryunusual flags; the second method is based onmachine learning techniques . By using thesemethods they could acquire relatively accurate dataabout the firewalls and could successfullyfingerprint the three different types of firewalls,both software and hardware, which they had usedfor this project.The results of their work show that firewallfingerprinting can become a serious issue thatcauses exposure of firewall vulnerabilities andshould be taken into consideration simultaneouslyalong with making effort to mitigate firewallsvulnerabilities.V. CONCLUSIONThe classification of firewall vulnerabilitieswhich is presented in this paper along with thementioned existing solutions can be a helpfulguideline for researchers who aim to enhance thesecurity of firewalls and also can give them a clearand precise perspective of existing problems in thisfield.Integrating the capabilities of firewalls andIDS and also fortifying the protection level ofpersonal firewalls from hardware perspective stillcan be potential fields for future researches.Regarding this study on existing types ofvulnerabilities and also defense models in firewalls,a unified model which takes benefit from thestrength points of different solutions andaccordingly mitigate the vulnerabilities of themodels to maximize the robustness of security andprotection capability of network may be a goodsolution. Although integrating various models in asystem may cause some conflicts and have inverseeffects, still there would be a potential area forfurther research to propose an integrated model thatbrings more security. Moreover, not only practicalsolutions to improve the security in firewallsthrough mitigating their vulnerabilities should becarefully followed, but also in the meanwhile,conducting a research for finding countermeasuresto prevent firewalls from being fingerprinted byattackers should be taken into consideration, sincefirewall fingerprinting increases the probability ofexposure of vulnerabilities to the security attacks.REFERENCES R. Bace, An Introduction to IntrusionDetection and Assessment for Systemand network security Management,ICSA, Inchttp://www.icsalabs.com/icsa/docs/html/communities/ids/whitepaper/Intrusion1.pdf. Cisco Firewall Services Module DoSvulnerability,http://www.netsecurity.org/secworld.php?id=10673, 2011. J. Craig Lowery , Computer SystemSecurity: A Primer, March 2002,http://www.craiglowery.com/pres/Computer%20System%20Security-%20A%20Primer.pdf W. Geng, S. Flinn, and J. DcDeourek,Usable firewallconfiguration, Proc. 3rdAnnual Conferenceon Privacy, Security and Trust, Instituteof information technology, nationalresearch council Canada, 2005. Ghiran, A.M., Silaghi, G.C., and Tomai N.,Ontologybased tools for automating integrationand validation of firewall rules, Proc. of12thinternational conference on BusinessInformation Systems, Poland, 2009, 37-48. V.M. Boncheva, A Short Survey ofIntrusion Detection Systems, Problems ofEngineering Cybernetics and Robotics, 58,2007. V. Zaliva, Firewall Policy Modeling,Analysis and Simulation: a Survey ,2010. S. Beg, U. Naru, M. Ashraf, and S.Mohsin, Feasibility of Intrusion DetectionSystem with High PerformanceComputing: A Survey, IJACS, December2010 . S. Kamara, S. Fahmy, E. Schultz, F.Kerschbaum, and M. Frantzen, Analysis ofVulnerabilities in Internet Firewalls,CERIAS. C. Colwill, Human factors in informationsecurity: The insider threat - Who can youtrust these days?, Information SecurityTechnical Report. 2010, 14(4), 186-196. Z. A. Shaikh and F. Ahmed, DisarmingFirewall, Proc. International Conferenceon Information and EmergingTechnologies, ICIET, 2010. J. Li, P. L. Reiher, and G. J. Popek.Resilient Self-Organizing OverlayNetworks for Security Update Delivery.IEEE Journal on Selected Areas inCommunications (JSAC), January 2004 S. loannidis, A. D. Keromytis, S. M.Bellovin, and 1. M. Smith, Implementing adistributed firewall, Proc. 7th ACM Conj.Computer and communications security,Athens, 2000. V. Ramsurrun and K. M. S. Soyjaudah, AStateful CSG-based Distributed FirewallArchitecture for Robust DistributedSecurity, UoM.
Iman Kashefi, Maryam Kassiri, Ali Shahidinejad / International Journal of EngineeringResearch and Applications (IJERA) ISSN: 2248-9622 www.ijera.comVol. 3, Issue 2, March -April 2013, pp.585-591591 | P a g e Zh. Lili and C. Tian-jie. IntrusionDetection Based on Intelligence andCollaboration Technology Computer,2008, 24 (2): 66-68. Zh. Tao-gai and L. Ke, A New Design ofLinkage Based on IDS, Henan Institute ofEngineering (Natural Science), Vol • 21,No • 3 Sep. 2009. Zh. Zhong-hui and C. Jia-qing, IntrusionPrevention System Based on LinkageMechanism Computer age, 2006, (7) :28-29 R. Chiong and S. Dhakal, On the Insecurityof Personal Firewall , IEEE, 2008. B. Alfayyadh, A. Jøsang, M. Alzomai andJ. Ponting, Vulnerabilities in PersonalFirewalls Caused by Poor SecurityUsability , IEEE, 2010 A. R. Khakpour et al. , “FirewallFingerprinting”, 2012 Proceeding IEEEINFOCAM, 2012