Towards filtering and alerting rule rewriting on single-component policies

Authors:
Joaquín García-Alfaro;Frédéric Cuppens;Nora Cuppens-Boulahia
Affiliations:
GET/ENST-Bretagne, Cesson Sévigné, France;GET/ENST-Bretagne, Cesson Sévigné, France;GET/ENST-Bretagne, Cesson Sévigné, France
Venue:
SAFECOMP'06 Proceedings of the 25th international conference on Computer Safety, Reliability, and Security
Year:
2006

Citing 7
Cited 3

Professional PHP Programming

Professional PHP Programming
Network Intrusion Detection: An Analyst's Handbook

Network Intrusion Detection: An Analyst's Handbook
A Full Bandwidth ATM Firewall

ESORICS '00 Proceedings of the 6th European Symposium on Research in Computer Security
Algorithms for routing lookups and packet classification

Algorithms for routing lookups and packet classification
Snort - Lightweight Intrusion Detection for Networks

LISA '99 Proceedings of the 13th USENIX conference on System administration
Complete redundancy detection in firewalls

DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security
Conflict classification and analysis of distributed firewall policies

IEEE Journal on Selected Areas in Communications

Misconfigurations discovery between distributed security components using the mobile agent approach

Proceedings of the 11th International Conference on Information Integration and Web-based Applications & Services
MIRAGE: a management tool for the analysis and deployment of network security policies

DPM'10/SETOP'10 Proceedings of the 5th international Workshop on data privacy management, and 3rd international conference on Autonomous spontaneous security
Security mutants for property-based testing

TAP'11 Proceedings of the 5th international conference on Tests and proofs

Quantified Score

Hi-index	0.00

Visualization

Abstract

The use of firewalls and network intrusion detection systems (NIDSs) is the dominant method to survey and guarantee the security policy in current corporate networks. On the one hand, firewalls are traditional security components which provide means to filter traffic within corporate networks, as well as to police the incoming and outcoming interaction with the Internet. On the other hand, NIDSs are complementary security components used to enhance the visibility level of the network, pointing to malicious or anomalous traffic. To properly configure both firewalls and NIDSs, it is necessary the use of a set of configuration rules, i.e., a set of filtering or alerting rules. Nevertheless, the existence of anomalies within the set of configuration rules of both firewalls and NIDSs is very likely to degrade the network security policy. The discovering and removal of these anomalies is a serious and complex problem to solve. In this paper, we present a set of mechanisms for such a management.