Method and apparatus for automatic risk assessment of a firewall configuration

Generally, a method and apparatus are disclosed for Automatic Risk Assessment of a Firewall Configuration. The disclosed invention facilitates the automatic generation of a risk assessment of a given firewall configuration. The prior work of [Mayer et al; 2000, Mayer et al; 2005] and [Wool; 2001] teaches how to analyze Firewall Configurations and produce HTML-based Firewall Analyzer Reports. However, the said Reports produced by the methods of [Mayer et al; 2000, Mayer et al; 2005] are voluminous, and do not identify or rate the risks present within the Firewall Configuration. In the current state of the art, a Firewall administrator or auditor needs to navigate through the Firewall Analyzer Report, and use his or her expertise to identify any Configuration mistakes or badly written rules. The current invention automates this manual process. The method is to let a software module, (the “ADVISOR” module) go over the report, before the human user does, and flag the Configuration errors. Each found mis-configuration is called a risk item. According to a further aspect of the present invention, the ADVISOR module utilizes a Knowledge Base of known risk items. The method may be reduced to practice in the form of a software program that can be executed on a standard personal computer with a standard operating system. A preferred embodiment is an Intel x86—based PC running the RedHat Linux operating system.