Implementing a distributed firewall
Proceedings of the 7th ACM conference on Computer and communications security
New dynamic algorithms for shortest path tree computation
IEEE/ACM Transactions on Networking (TON)
Policy-Based Management: Bridging the Gap
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Filtering postures: local enforcement for global policies
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Characteristics of internet background radiation
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Hi-index | 0.00 |
Packet filters have traditionally been used to shield IP networks from known attack flows, ususally within firewall systems connecting trusted and non-trusted network segments. As IP networks grow and tend to connect to more and more neighbor networks with unknown trust status, carrier-grade operators in particular are beginning to experience raising costs due to increasingly complex filter configurations that have to be applied to their networks, in order to maintain a desired security level. In this paper, we present a discussion on the general properties of distributed packet filter configurations and an algorithm for a simplified compilation of anticipatory static packet filter configurations in heterogenous IP networks.