A framework for understanding vulnerabilities in firewalls using a dataflow model of firewall internals

Vulnerabilities in vendor as well as freeware implementations of firewalls continue to emerge at a rapid pace. Each vulnerability superficially appear s to be the result of something such as a coding flaw in one case, or a con figuration weakness in another. Given the large number of firewall vulnerab ilities that have surfaced in recent years, it is important to develop a co mprehensive framework for understanding both what firewalls actually do whe n they receive incoming traffic and what can go wrong when they process thi s traffic. An intuitive starting point is to create a firewall dataflow mod el composed of discrete processing stages that reflect the processing chara cteristics of a given firewall. These stages do not necessarily all occur i n all firewalls, nor do they always conform to the sequential order indicat ed in this paper. This paper also provides a more complete view of what hap pens inside a firewall, other than handling the filtering and possibly othe r rules that the administrator may have established. Complex interactions t hat influence the security that a firewall delivers frequently occur. Firew all administrators too often blindly believe that filtering rules solely de cide the fate of any given packet. Distinguishing between the surface funct ionality (i.e., functionality related to packet filtering) and the deeper, dataflow-related functionality of firewalls provides a framework for unders tanding vulnerabilities that have surfaced in firewalls.