Abstract:
The risk and severity of cyber attacks have increased over the last few years. With the continuous advancements and innovation in Information Technology (IT), new vendors and products are constantly emerging to provide security solutions. Meanwhile, the multi-vendor environment together with the huge diversity of siloed devices requires new approaches for tackling the complexity and heterogeneity in the management of security configuration. Network security plays a critical role in protecting the Confidentiality, Integrity, and Availability (CIA) of organizations’ network and data. However, the move to a network configuration standard is long overdue. The traditional way of managing individual vendor Command-Line Interface (CLI) cannot easily be programmed and thus requires domain expertise and experience with the target system. In this thesis, we aim to eliminate tedious, costly, and prone to error manual tasks by automating the process of network security configuration management. To address the organizational security requirements while removing the dependence on device specific configuration scripts, we propose the architecture of the Automated Security Configuration Management Tool (ASCMT). ASCMT allows IT administrators to express security requirements in a vendor-independent policy language minimizing the required expert-level security knowledge or consideration of the underlying device specific code. One of the major novelties of ASCMT is the introduction of a Configuration Agent that controls other tool components to produce configuration solutions like a human operator. By using ontology mapping, our tool can translate high-level security policies into low-level configurations, regardless of device function and matching semantics. The resulting configuration baseline will be automatically implemented and enforced in the system. In addition, controlling configuration changes and monitoring are conducted to ensure the configuration baseline can fulfil new security requirements in a dynamic network environment. Due to the limited time frame, it is impossible to implement the framework fully. Instead, we present an implementation of automated firewall configuration management with the focus on packet filtering configuration as a proof of concept. It can be concluded that automation can reduce the dependency of network devices on human intervention and therefore cut costs and complexity. In the future, we will provide a full implementation of ASCMT and extend it to other security domains. We will also apply Artificial Intelligence (AI) and Machine Learning (ML) technologies to improve its responsiveness and effectiveness.