Discovery of policy anomalies in distributed firewalls
作者: E.S. Al-Shaer , H.H. Hamed
DOI: 10.1109/INFCOM.2004.1354680
关键词:
摘要: Firewalls are core elements in network security. However, managing firewall rules, particularly multi-firewall enterprise networks, has become a complex and error-prone task. Firewall filtering rules have to be written, ordered distributed carefully order avoid policy anomalies that might cause vulnerability. Therefore, inserting or modifying any requires thorough intra- inter-firewall analysis determine the proper rule placement ordering firewalls. We identify all could exist single- environment. also present set of techniques algorithms automatically discover centralized legacy These implemented software tool called "Firewall Policy Advisor" simplifies management maintains security next-generation
ieee-infocom.org参考文章(23)
Ehab S. Al-Shaer, Hazem H. Hamed, Design and Implementation of Firewall Policy Advisor Tools ,(2004)
Pasi Eronen, Jukka Zitting, An expert system for analyzing firewall rules ,(2001)
Zhi Fu, S. Felix Wu, He Huang, Kung Loh, Fengmin Gong, Ilia Baldine, Chong Xu, IPSec/VPN Security Policy: Correctness, Conflict Detection, and Resolution policies for distributed systems and networks. pp. 39- 56 ,(2001) , 10.1007/3-540-44569-2_3
Elizabeth D. Zwicky, D. Brent Chapman, Deborah Russell, Building Internet Firewalls ,(1995)
John P. Wack, Guidelines on Firewalls and Firewall Policy National Institute of Standards and Technology. ,(2002) , 10.6028/NIST.SP.800-41
E. Lupu, M. Sloman, Conflict analysis for management policies integrated network management. pp. 430- 443 ,(1997) , 10.1007/978-0-387-35180-3_32
Raymond Panko, Corporate Computer and Network Security ,(2003)
Y. Bartal, A. Mayer, K. Nissim, A. Wool, Firmato: a novel firewall management toolkit ieee symposium on security and privacy. pp. 17- 31 ,(1999) , 10.1109/SECPRI.1999.766714
Avishai Wool, Architecting the Lumeta firewall analyzer usenix security symposium. pp. 7- 7 ,(2001)
R.N. Smith, S. Bhattacharya, A protocol and simulation for distributed communicating firewalls computer software and applications conference. pp. 74- 79 ,(1999) , 10.1109/CMPSAC.1999.812679