Implementing a distributed firewall
Proceedings of the 7th ACM conference on Computer and communications security
Internet packet filter management and rectangle geometry
SODA '01 Proceedings of the twelfth annual ACM-SIAM symposium on Discrete algorithms
Filtering postures: local enforcement for global policies
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Firmato: A novel firewall management toolkit
ACM Transactions on Computer Systems (TOCS)
Conflict classification and analysis of distributed firewall policies
IEEE Journal on Selected Areas in Communications
Hi-index | 0.00 |
For the security consistency, firewall rule editing, ordering, and distribution must be done very carefully on each of the cooperative firewalls, especially in a large-scale and multi-firewall-equipped network. Nevertheless, a network operator is prone to incorrectly configuring the firewalls because there are typically thousands or hundreds of filtering/admission rules (i.e., rules in the Access Control List file; or ACL for short) which should be setup in a firewall, not mention these rules among firewalls which affect mutually can make the matter worse. For this reason, our work is to build a visualized validation system for checking the security consistency between firewalls' rule configuration and the demands of network security policies. The system collects the filtering/admission rules (or ACL rules) from all of the firewalls (and routers if they are ACL-configured) in the managed network and then checks if these rules meet the demands of the global network security policies. The checked/analyzed results would later be visualized systematically by our system with different viewpoints for error debugging or anomaly removal. Currently, part of the firewalls' configuration of our campus network has being used to demonstrate our system's implementation.