DocumentCode :
3385073
Title :
Firewall Policy Advisor for anomaly discovery and rule editing
Author :
Al-Shaer, Ehab S. ; Hamed, Hazem H.
Author_Institution :
Sch. of Comput. Sci., DePaul Univ., Chicago, IL, USA
fYear :
2003
fDate :
24-28 March 2003
Firstpage :
17
Lastpage :
30
Abstract :
Firewalls are core elements in network security. However, managing firewall rules, especially for enterprize networks, has become complex and error-prone. Firewall filtering rules have to be carefully written and organized in order to correctly implement the security policy. In addition, inserting or modifying a filtering rule requires thorough analysis of the relationship between this rule and other rules in order to determine the proper order of this rule and commit the updates. In this paper, we present a set of techniques and algorithms that provide (1) automatic discovery of firewall policy anomalies to reveal rule conflicts and potential problems in legacy firewalls, and (2) anomaly-free policy editing for rule insertion, removal and modification. This is implemented in a user-friendly tool called "Firewall Policy Advisor". The Firewall Policy Advisor significantly simplifies the management of any generic firewall policy written as filtering rules, while minimizing network vulnerability due to firewall rule misconfiguration.
Keywords :
authorisation; business communication; computer network management; telecommunication security; user interfaces; Firewall Policy Advisor; anomaly discovery; anomaly-free policy editing; automatic discovery; enterprise networks; firewall filtering rules; firewall management; firewall rules; legacy firewalls; network security; rule conflicts; rule editing; rule insertion; rule modification; rule removal; security policy; user-friendly tool; Computer errors; Computer network management; Computer science; Computer security; Filtering algorithms; Information filtering; Information filters; Information security; Management information systems; Telecommunication traffic;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Integrated Network Management, 2003. IFIP/IEEE Eighth International Symposium on
Print_ISBN :
1-4020-7418-2
Type :
conf
DOI :
10.1109/INM.2003.1194157
Filename :
1194157
Link To Document :
بازگشت