360 Analytics

360-FAAR Enhanced Functionality and SuperFAAR Commercial Releases

360-FAAR's 'Enhanced' policy analysis capabilities and SuperFAAR's datastorage capabilities take the extra steps required during policy processing to ensure complicated enterprise policies are handled securely and efficiently with maximum fidelity and are stored in robust and highly available datastorage.

All future development of 360-FAAR will be within the Commercially Licensed branch of the tool. This is unfortunate but necessary, as the number of donations received cannot support the further development required for the next stage of the project.



SuperFAAR

SuperFAAR v1.0.0 offers enhanced algorithm capabilities and a MongoDB back end, with an improved cmd line text interface.

SuperFAAR can be run standalone or with the support of a MongoDB database and includes optimizations in almost every part of its code.

Database connectivity is provided via MongoDB using the modules listed on the home page. If requested SuperFAAR can be run in batch mode which efficiently clears its local memory after each config is loaded to the database and exits after all configs are processed and inserted.

Client mode facilitates multiple SuperFAAR clients connecting to a single MongoDB, into which hundreds of configurations and log files can be loaded and made available to all clients for processing.

All SuperFAAR modes efficiently manage memory usage while connected to the MongoDB and only load required configurations and each log file as it is being used. As a result many very large logs and configs can be processed in each of the modes.

Read the 360-SuperFAAR Release Notes Here



Enhanced Functionality Rationalise Rules Mode

The Enhanced Rationalise Rules mode splits firewall policies into sections each time a change in rule action occurs. For example: if a rulebase is structured into sections, each section with drop rules at the top followed by accept rules, each contiguous set of rules (with similar actions) are split into separate polices that retain their order within the larger full policy structure:

* The drop rules will be processed separately to the accept rules, all drop and reject rules are always retained.
* Accept rules are filtered against log entries.
* Rules with similar actions are groped together and these sections are processed in the exact same way the whole policy is processed in the open source version.

360-FAAR Enhanced and SuperFAAR join these policy sections together to form the new rulebase that is output in the chosen firewalls command language type. Two new rule processing options enable the new functionality, each of which has default option sets for quick and easy use.

To use these new Enhanced modes no more configuration questions need to be answered than for any of the other filter modes. The new options introduce 'cplx' and 'cplxn' modes into the filter section questions as answer options. These options are very simple to use but increase the fidelity of the rulebases produced by an order of magnitude. The complex modes can use any of the existing rule building routines within the policy sections except for the build original rules method, for obvious reasons.



Enhanced Rule Building Algorithms

The 360-FAAR Enhanced and SuperFAAR Rule Building Algorithms (ds, sr, hc, cl) are capable of condensing even simple rulebases into much fewer rules than the open source algorithms. Conversely, the enhanced algorithms can build much more granular policies if required. This is achieved by controlling how groups are used during the rule build stages of 'rr' mode processing.

The Enhanced algorithms can use the largest groups possible, smallest groups possible or function as the open source algorithm currently does and assign matched groups based on a hash algorithm. All existing functionality remains intact from the open source version.

The Enhanced algorithms are also capable of writing Drop and Reject rules as well as defining rules that can be added to Encryption Security Associations (no IKE or ESP profiles are defined, the rules are simply marked in their rule action sections)



Enhanced Service Print Output

The 360-FAAR Enhanced Service Print Modes output all information relating to a services usage profile from the firewall policy and logs.



Enhanced Filter Sections

The 360-FAAR Enhanced and SuperFAAR Filter Sections include the existing CIDR and text filters, as well as the ability to filter for service name, protocols, ports and ranges of ports. These filters are used in both the print modes and rr modes.

All existing functionality remains intact from the open source version. These new options also have the side effect of improving performance when analysing large policies because the number of cross references is exponentially reduced.



SuperFAAR Data Storage

360-FAAR Enhanced and SuperFAAR store the processed firewall configurations and log files in a NoSQL DB for efficient long term storage. The stored configs and logs can be used by many 360-FAAR Enhanced and SuperFAAR clients at once. Many processed binary log files can be held at once, each of which are used sequentially to process firewall policies so as to reduce memory usage.

All existing functionality remains intact from the open source version. The Build Configbundle subs hand off to the DB and the various modes recall the processed policies required for each opperation.



SuperFAAR Enhanced Memory Usage

360-SuperFAAR only retrives the processed firewall configuration and log file information as its required, hugely improving memory usage efficiency. When started in 'Client mode' SuperFAAR reads its configs from the database, and once a config has been processed and entered into the DB it is imediately available to all clients permitted to access the database..

All existing functionality remains intact from the open source version. The Build Configbundle subs hand off to the DB and the various modes recall the processed policies required for each opperation.



Future Development Plans for the 360-FAAR Project Include:

* Integrate four further firewall manufactures “input and output” stages into 360-FAAR.
* Extend the 'print' mode analysis capabilities to include dropped packet analysis (coming soon).
* Extend 360-FAAR “sideways” so as to implement handling of “attack” specifications and translation between manufacturers.
* Implement IPv6 processing and optimizations necessary to ensure this remains faast.
* Implement Web and Application GUI.
* Reduce memory usage by a factor of eight.
* Integrate Snort IDS log output.



See the Sales Pricing page for further info about purchasing the Commercially Licensed version of 360-FAAR

See the 360-FAAR Feature Comparison Doc for further information about 360-FAAR Enhanced feature sets.



360-FAAR Enhanced - A Data Driven Repair Tool for Enterprise Firewalls

Read the 360-FAAR User Guide here