Name
Abstract | ||
|---|---|---|
Packet filtering in firewall either accepts or denies network packets based upon a set of pre-defined filters called firewall policy. Firewall policy is designed under the instruction of security policy. A network security policy is a generic document that outlines the needs for computer network access permissions. And it determines how firewall filters are designed. If inconsistencies, such as redundant filters, insufficient filters or contradict filters, exist between security policy and firewall policy, firewall policy could not filter packets exactly, and the network protected by the firewall will be affected. To resolve this problem, we propose an inconsistency detection system to detect the inconsistencies between the security policy and firewall policy. When the administrator could not get host IP addresses, port number and other specific values, according to the network configurations, our proposed system could transform the network security policy and firewall policy to the same range value, represent and analyze their spatial relationships to detect their inconsistencies. The proposed system has been successfully implemented in a prototype system. We have been confirmed the effectiveness of the proposed system. |
Year | DOI | Venue |
|---|---|---|
2010 | 10.1109/IC-NC.2010.45 | ICNC |
Keywords | Field | DocType |
inconsistency detection,packet filtering,ip networks,firewall,predefined filter,network security policy,inconsistency detection system,firewall policy,network packet,prototype system,network configuration,computer network security,security policy,authorisation,proposed system,firewall filter,generic document,computer network access permission,ip address,port number,correlation,security,spatial relationships,protocols,computer network,prototypes,extranets,redundancy,network security | DMZ,Internet security,Network security policy,Firewall (construction),Computer security,Computer science,Network security,Computer network,Context-based access control,Application firewall,Stateful firewall | Conference |
ISBN | Citations | PageRank |
978-0-7695-4277-5 | 2 | 0.43 |
References | Authors | |
1 | 4 | |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Yi Yin | 1 | 2 | 0.43 |
| Xiaodong Xu | 2 | 2 | 1.44 |
| Yoshiaki Katayama | 3 | 226 | 40.42 |
| Naohisa Takahashi | 4 | 123 | 27.99 |