Handling Stateful Firewall Anomalies
作者: Frédéric Cuppens , Nora Cuppens-Boulahia , Joaquin Garcia-Alfaro , Tarik Moataz , Xavier Rimasson
DOI: 10.1007/978-3-642-30436-1_15
关键词: Computer science 、 Computer network 、 Boolean function 、 Tuple space 、 Stateful firewall 、 Stateless protocol 、 Network Access Control 、 Information system 、 Set (abstract data type) 、 Security policy
摘要: A security policy consists of a set rules designed to protect an information system. To ensure this protection, the must be deployed on components in consistent and non-redundant manner. Unfortunately, empirical approach is often adopted by network administrators, detriment theoretical validation. While literature analysis configurations first generation (stateless) firewalls now rich, not case for second third firewalls, also known as stateful firewalls. In paper, we address limitation, provide solutions analyze handle firewall anomalies misconfiguration.
springer.com
uab.es
archives-ouvertes.fr 
sci-hub.st 参考文章(36)
Juan M. Estévez-Tapiador, Concepts and Attitudes for Internet Security (A review of Firewalls and Internet Security: Repelling the Wily Hacker, Second Edition by William R. Cheswick, Steven M. Bellovin, and Aviel D. Rubin). IEEE Distributed Systems Online. ,vol. 4, ,(2003)
Joaquin Garcia, Fabien Autrel, Joan Borrell, Sergio Castillo, Frederic Cuppens, Guillermo Navarro, Decentralized Publish-Subscribe System to Prevent Coordinated Attacks via Alert Correlation international conference on information and communication security. pp. 223- 235 ,(2004) , 10.1007/978-3-540-30191-2_18
Joaquin Garcia-Alfaro, Guillermo Navarro-Arribas, A Survey on Detection Techniques to Prevent Cross-Site Scripting Attacks on Current Web Applications Critical Information Infrastructures Security. pp. 287- 298 ,(2008) , 10.1007/978-3-540-89173-4_24
Joaquin Garcia-Alfaro, Frédéric Cuppens, Nora Cuppens-Boulahia, Stere Preda, MIRAGE: a management tool for the analysis and deployment of network security policies DPM'10/SETOP'10 Proceedings of the 5th international Workshop on data privacy management, and 3rd international conference on Autonomous spontaneous security. ,vol. 6514, pp. 203- 215 ,(2010) , 10.1007/978-3-642-19348-4_15
Stere Preda, Nora Cuppens-Boulahia, Frédéric Cuppens, Joaquin Garcia-Alfaro, Laurent Toutain, Model-Driven Security Policy Deployment: Property Oriented Approach Lecture Notes in Computer Science. pp. 123- 139 ,(2010) , 10.1007/978-3-642-11747-3_10
J. G. Alfaro, F. Cuppens, N. Cuppens-Boulahia, Management of Exceptions on Access Control Policies information security conference. pp. 97- 108 ,(2007) , 10.1007/978-0-387-72367-9_9
Ehab S. Al-Shaer, Hazem H. Hamed, Firewall Policy Advisor for anomaly discovery and rule editing integrated network management. pp. 17- 30 ,(2003) , 10.1007/978-0-387-35674-7_2
J. G. Alfaro, N. Boulahia-Cuppens, F. Cuppens, Complete analysis of configuration rules to guarantee reliable network security policies International Journal of Information Security. ,vol. 7, pp. 103- 122 ,(2008) , 10.1007/S10207-007-0045-7
Yair Bartal, Alain Mayer, Kobbi Nissim, Avishai Wool, Firmato: A novel firewall management toolkit ACM Transactions on Computer Systems. ,vol. 22, pp. 381- 420 ,(2004) , 10.1145/1035582.1035583
David Eppstein, S. Muthukrishnan, Internet packet filter management and rectangle geometry symposium on discrete algorithms. pp. 827- 835 ,(2001) , 10.5555/365411.365791