Developing Multidimensional Firewall Configuration Visualizations

Firewall configuration files are created and edited as text files, despite significant size, complexity, and the possibility of interaction between entries. We embedded interactive visualizations in a simple firewall ruleset editor. To make rulesets visualizable, we calculate the set of packets accepted by the firewall as a restricted case of constructive solid geometry. We show a lossless visual representation using parallel coordinates in five dimensions to display the convex solid decomposition of the set of acceptable packets. We added a visualization of the penteracts as complex polyhedra in a Cartesian threedimensional display using interactive rotation and scaling. We evaluate these approaches by applying them to compact constructed rulesets containing all interactions between rules. The polyhedral approach produces visual artifacts for more than half of the rule interactions. This first attempt shows promise, but highlights the extension needed to the calculation procedure before complete coverage could be claimed. KeywordsFirewall visualization, network security, firewalls, filtering routers, security configuration.