Construction Of Secure Internal Networks With Communication Classifying System

Recent sophistication of cyber attacks makes us difficult to protect our networks completely. Because dedicated malwares that targeted cyber attacks use may slip through traditional countermeasures like firewalls or intrusion detection systems. Separated network (e.g., separating network into several segments and controlling access among sub-networks.) is one of effective countermeasure against targeted attacks. In order to support constructing separated networks, we have proposed automated ACL generation system previously. However, the system may overly permit communication because it focuses on business continuity. In this paper, we propose a Communication Classifying System for constructing secure internal networks. When a communication occurs in a section previous system permitted, the proposed system analyzes it. The system evaluates consistency of communication by comparing communication and reason that previous system permitted such communication. If a communication which lacks consistency is detected, the system additionally analyzes it. In this additional analysis, the system checks states of destination terminals. If a destination terminal is listening port for protocol of occurred communication, the system judges such communication is proper. By using the result classification, we can prohibit the communication section that previous system overly permitted.