Abstract
Firewalls are essential elements for security policy enforcement in modern networks. However, managing a filtering security policy, especially for enterprise networks, has become complex and error-prone. Filtering rules have to be carefully written and organized in order to correctly implement the security policy and avoid policy anomalies. In this paper, we present a set of techniques and algorithms that provide (1) automatic anomaly discovery for rule conflicts and potential problems in legacy firewalls, (2) anomaly-free policy editing for rule insertion, modification and removal, and (3) concise translation of filtering rules to high-level textual description for user visualization and verification. These techniques significantly simplify the management of any generic firewall policy written as filtering rules, while minimizing network vulnerability due to filtering policy misconfiguration.
| Original language | English |
|---|---|
| Pages (from-to) | 256-260 |
| Number of pages | 5 |
| Journal | IEEE International Conference on Communications |
| Volume | 1 |
| State | Published - 2003 |
| Externally published | Yes |
ASJC Scopus subject areas
- Computer Networks and Communications
- Electrical and Electronic Engineering