Implementing a distributed firewall
Proceedings of the 7th ACM conference on Computer and communications security
Internet packet filter management and rectangle geometry
SODA '01 Proceedings of the twelfth annual ACM-SIAM symposium on Discrete algorithms
Filtering postures: local enforcement for global policies
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Topology discovery in heterogeneous IP networks: the NetInventory system
IEEE/ACM Transactions on Networking (TON)
Firmato: A novel firewall management toolkit
ACM Transactions on Computer Systems (TOCS)
Conflict classification and analysis of distributed firewall policies
IEEE Journal on Selected Areas in Communications
Hi-index | 0.00 |
Firewall is one of the most critical elements of the current Internet, which can protect the entire network against attacks and threats. While configuring the firewalls, rule configuration has to conform to, or say be consistent with, the demands of the network security policies such that the network security would not be flawed. For the security consistency, firewall rule editing, ordering, and distribution must be done very carefully on each of the cooperative firewalls, especially in a large-scale and multifirewall-equipped network. Nevertheless, a network operator is prone to incorrectly configure the firewalls because there are typically thousands or hundreds of filtering/admission rules (i.e., rules in the Access Control List file, or ACL for short), which could be set up in a firewall; not mentioning these rules among firewalls affect mutually and can make the matter worse. Under this situation, the network operator would hardly know his/her misconfiguration until the network functions beyond the expectation. For this reason, our work is to build a visualized validation system for facilitating the check of security consistency between the rule configuration of firewalls and the demands of network security policies. To do so, the developed validation system utilizes a three-tiered visualization hierarchy along with different compound viewpoints to provide users with a complete picture of firewalls and relationships among them for error debugging and anomaly removal. In addition, in this paper, we also enumerate the source of security inconsistency while setting ACLs and make use of it as a basis of the design of our visualization model. Currently, part of the firewall configuration of our campus network has been used as our system's input to demonstrate our system's implementation.