Name
Abstract | ||
|---|---|---|
Firewalls are the screening gates for the internet/intranet traffic in computer networks. However, deploying a firewall is simply not enough since it needs to be configured by the system administrator according to the needs of the organization. There are many reasons due to which it is hard for the administrator to configure the firewall properly. Specifying firewall rule set is complicated and error prone. Once the firewall rules are defined, then firewall should be tested, whether it actually implements firewall policy. In this paper, one of the approaches of the firewall rule set analysis, i.e., the problems with the structure of the firewall rule set is being addressed. The structure of a sample firewall rule set is analyzed to detect and resolve conflicts using two structural analysis methodologies, i.e., Policy Tree and Relational Algebra. Then the results obtained from the test by using an automated tool PolicyVisor, based on the policy tree methodology, are analyzed. It is found from the analysis that even a set of only six rules has number of anomalies. Moreover, it is hard for the human to find such anomalies manually in a larger rule set and failure to find such anomalies leads to change the firewall policy. |
Year | DOI | Venue |
|---|---|---|
2010 | 10.1109/SECURWARE.2010.16 | SECURWARE '10 Proceedings of the 2010 Fourth International Conference on Emerging Security Information, Systems and Technologies |
Keywords | Field | DocType |
firewall rule set analysis,firewall rule set,computer networks,larger rule set,policy tree methodology,firewall rule,structural analysis methodology,security analysis,policy tree,firewall rule sets,sample firewall rule set,system administrator,firewall policy,relation algebra,correlation,security,computer network,computer network security,structure analysis,firewall,authorisation,organizations,algebra,relational algebra,redundancy,analysis,protocols | DMZ,Firewall (construction),Computer science,Computer security,Network security,Intranet,Computer network,Application firewall,Security analysis,System administrator,Stateful firewall | Conference |
ISBN | Citations | PageRank |
978-0-7695-4095-5 | 2 | 0.36 |
References | Authors | |
16 | 4 | |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Bilal Khan | 1 | 2 | 0.36 |
| Muhammad Khurram Khan | 2 | 3538 | 204.81 |
| Maqsood Mahmud | 3 | 43 | 4.86 |
| Khaled Alghathbar | 4 | 498 | 32.54 |