# ForestFirewalls: Getting Firewall Configuration Right in Critical   Networks (Technical Report)

**Authors:** Dinesha Ranathunga, Matthew Roughan, Paul Tune, Phil Kernick, Nick, Falkner

arXiv: 1902.05689 · 2019-02-18

## TL;DR

ForestFirewalls introduces an automated, high-level approach to configuring SCADA firewalls, reducing errors and enhancing security through abstraction, simplification, and validation in critical industrial networks.

## Contribution

It presents a novel automation framework for SCADA firewall configuration that abstracts implementation details and ensures accuracy through automated validation.

## Key findings

- Effective on a real SCADA network
- Reduces manual configuration errors
- Improves security policy compliance

## Abstract

Firewall configuration is critical, yet often conducted manually with inevitable errors, leaving networks vulnerable to cyber attack [40]. The impact of misconfigured firewalls can be catastrophic in Supervisory Control and Data Acquisition (SCADA) networks. These networks control the distributed assets of industrial systems such as power generation and water distribution systems. Automation can make designing firewall configurations less tedious and their deployment more reliable. In this paper, we propose ForestFirewalls, a high-level approach to configuring SCADA firewalls. Our goals are three-fold. We aim to: first, decouple implementation details from security policy design by abstracting the former; second, simplify policy design; and third, provide automated checks, pre and post-deployment, to guarantee configuration accuracy. We achieve these goals by automating the implementation of a policy to a network and by auto-validating each stage of the configuration process. We test our approach on a real SCADA network to demonstrate its effectiveness.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1902.05689/full.md

## Figures

20 figures with captions in the complete paper: https://tomesphere.com/paper/1902.05689/full.md

## References

42 references — full list in the complete paper: https://tomesphere.com/paper/1902.05689/full.md

---
Source: https://tomesphere.com/paper/1902.05689