{"title":"管理防火墙和网络边缘安全策略","authors":"E. Al-Shaer","doi":"10.1109/NOMS.2004.1317810","DOIUrl":null,"url":null,"abstract":"Summary form only given. Firewalls are core elements in network security. However, managing firewall rules, particularly in multi-firewall enterprise networks, has become a complex and error-prone task. Firewall filtering rules have to be written, ordered and distributed carefully in order to avoid firewall policy conflicts (or anomalies) and network vulnerability. Therefore, in order to produce anomaly-free firewall policies when adding or modifying rules in any firewall, a thorough intra- and inter-firewall analysis is required to determine the rule location (which firewall) and position (what order in the firewall policy) in the network. We comprehensibly identify all types of anomaly that could exist in single- or multi-firewall environments. We then present a set of techniques/tools that automatically discover and rectify policy anomalies in centralized and distributed legacy firewalls.","PeriodicalId":260367,"journal":{"name":"2004 IEEE/IFIP Network Operations and Management Symposium (IEEE Cat. No.04CH37507)","volume":"41 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2004-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":"{\"title\":\"Managing firewall and network-edge security policies\",\"authors\":\"E. Al-Shaer\",\"doi\":\"10.1109/NOMS.2004.1317810\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Summary form only given. Firewalls are core elements in network security. However, managing firewall rules, particularly in multi-firewall enterprise networks, has become a complex and error-prone task. Firewall filtering rules have to be written, ordered and distributed carefully in order to avoid firewall policy conflicts (or anomalies) and network vulnerability. Therefore, in order to produce anomaly-free firewall policies when adding or modifying rules in any firewall, a thorough intra- and inter-firewall analysis is required to determine the rule location (which firewall) and position (what order in the firewall policy) in the network. We comprehensibly identify all types of anomaly that could exist in single- or multi-firewall environments. We then present a set of techniques/tools that automatically discover and rectify policy anomalies in centralized and distributed legacy firewalls.\",\"PeriodicalId\":260367,\"journal\":{\"name\":\"2004 IEEE/IFIP Network Operations and Management Symposium (IEEE Cat. No.04CH37507)\",\"volume\":\"41 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2004-04-23\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"12\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2004 IEEE/IFIP Network Operations and Management Symposium (IEEE Cat. No.04CH37507)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/NOMS.2004.1317810\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2004 IEEE/IFIP Network Operations and Management Symposium (IEEE Cat. No.04CH37507)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NOMS.2004.1317810","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Managing firewall and network-edge security policies
Summary form only given. Firewalls are core elements in network security. However, managing firewall rules, particularly in multi-firewall enterprise networks, has become a complex and error-prone task. Firewall filtering rules have to be written, ordered and distributed carefully in order to avoid firewall policy conflicts (or anomalies) and network vulnerability. Therefore, in order to produce anomaly-free firewall policies when adding or modifying rules in any firewall, a thorough intra- and inter-firewall analysis is required to determine the rule location (which firewall) and position (what order in the firewall policy) in the network. We comprehensibly identify all types of anomaly that could exist in single- or multi-firewall environments. We then present a set of techniques/tools that automatically discover and rectify policy anomalies in centralized and distributed legacy firewalls.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
