Firewalls and Internet security: repelling the wily hacker
Firewalls and Internet security: repelling the wily hacker
Web security sourcebook
Building Internet Firewalls
Fang: A Firewall Analysis Engine
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Architecting the Lumeta firewall analyzer
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Firmato: A novel firewall management toolkit
ACM Transactions on Computer Systems (TOCS)
Security Enhancement in InfiniBand Architecture
IPDPS '05 Proceedings of the 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS'05) - Papers - Volume 01
Blowtorch: a framework for firewall test automation
Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering
Dynamic rule-ordering optimization for high-speed firewall filtering
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Minerals: using data mining to detect router misconfigurations
Proceedings of the 2006 SIGCOMM workshop on Mining network data
Effects of processing delay on function-parallel firewalls
PDCN'06 Proceedings of the 24th IASTED international conference on Parallel and distributed computing and networks
Computer Networks: The International Journal of Computer and Telecommunications Networking
A tool for automated iptables firewall analysis
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Towards understanding IT security professionals and their tools
Proceedings of the 3rd symposium on Usable privacy and security
Ethane: taking control of the enterprise
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
A Comprehensive Framework for Enhancing Security in InfiniBand Architecture
IEEE Transactions on Parallel and Distributed Systems
State-space reduction in the model of Access Control Lists in IP routers
International Journal of Internet Protocol Technology
An inference system for detecting firewall filtering rules anomalies
Proceedings of the 2008 ACM symposium on Applied computing
AFPL, an Abstract Language Model for Firewall ACLs
ICCSA '08 Proceedings of the international conference on Computational Science and Its Applications, Part II
Multiprimary Support for the Availability of Cluster-Based Stateful Firewalls Using FT-FW
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Model-Based Development of firewall rule sets: Diagnosing model inconsistencies
Information and Software Technology
Detecting network-wide and router-specific misconfigurations through data mining
IEEE/ACM Transactions on Networking (TON)
Techniques and algorithms for access control list optimization
Computers and Electrical Engineering
Remote network labs: an on-demand network cloud for configuration testing
Proceedings of the 1st ACM workshop on Research on enterprise networking
MDA-Based Framework for Automatic Generation of Consistent Firewall ACLs with NAT
ICCSA '09 Proceedings of the International Conference on Computational Science and Its Applications: Part II
Rethinking enterprise network control
IEEE/ACM Transactions on Networking (TON)
Firewall policy verification and troubleshooting
Computer Networks: The International Journal of Computer and Telecommunications Networking
Configuration management and security
IEEE Journal on Selected Areas in Communications - Special issue on network infrastructure configuration
NetPiler: detection of ineffective router configurations
IEEE Journal on Selected Areas in Communications - Special issue on network infrastructure configuration
A formal logic approach to firewall packet filtering analysis and generation
Artificial Intelligence Review
Remote network labs: an on-demand network cloud for configuration testing
ACM SIGCOMM Computer Communication Review
Using argumentation logic for firewall configuration management
IM'09 Proceedings of the 11th IFIP/IEEE international conference on Symposium on Integrated Network Management
ETFA'09 Proceedings of the 14th IEEE international conference on Emerging technologies & factory automation
Analysis of firewall policy rules using traffic mining techniques
International Journal of Internet Protocol Technology
Overcoming failures: fault-tolerance and logical centralization in clean-slate network management
INFOCOM'10 Proceedings of the 29th conference on Information communications
Optimizing a policy authoring framework for security and privacy policies
Proceedings of the Sixth Symposium on Usable Privacy and Security
Data diodes in support of trustworthy cyber infrastructure
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
Automated method for constructing of network traffic filtering rules
Proceedings of the 3rd international conference on Security of information and networks
Security audits of multi-tier virtual infrastructures in public infrastructure clouds
Proceedings of the 2010 ACM workshop on Cloud computing security workshop
Aligning Semantic Web applications with network access controls
Computer Standards & Interfaces
A study of network security systems
ACS'10 Proceedings of the 10th WSEAS international conference on Applied computer science
Validating and restoring defense in depth using attack graphs
MILCOM'06 Proceedings of the 2006 IEEE conference on Military communications
The margrave tool for firewall analysis
LISA'10 Proceedings of the 24th international conference on Large installation system administration
First step towards automatic correction of firewall policy faults
LISA'10 Proceedings of the 24th international conference on Large installation system administration
On the design of network control and management plane
Computer Networks: The International Journal of Computer and Telecommunications Networking
Appraisal and reporting of security assurance at operational systems level
Journal of Systems and Software
Journal of Systems and Software
An independent function-parallel firewall architecture for high-speed networks (short paper)
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
A fast and scalable conflict detection algorithm for packet classifiers
ISPA'05 Proceedings of the Third international conference on Parallel and Distributed Processing and Applications
Soutei, a logic-based trust-management system
FLOPS'06 Proceedings of the 8th international conference on Functional and Logic Programming
Firewall policy change-impact analysis
ACM Transactions on Internet Technology (TOIT)
Packet flow analysis in IP networks using data-flow analysis
Proceedings of the 5th India Software Engineering Conference
Private virtual cluster: infrastructure and protocol for instant grids
Euro-Par'06 Proceedings of the 12th international conference on Parallel Processing
OPODIS'04 Proceedings of the 8th international conference on Principles of Distributed Systems
End-user perspectives of Internet connectivity problems
Computer Networks: The International Journal of Computer and Telecommunications Networking
First step towards automatic correction of firewall policy faults
ACM Transactions on Autonomous and Adaptive Systems (TAAS)
Change-impact analysis of firewall policies
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Taxonomy of quality metrics for assessing assurance of security correctness
Software Quality Control
Security Assurance Evaluation and IT Systems' Context of Use Security Criticality
International Journal of Handheld Computing Research
Quantifying and verifying reachability for access controlled networks
IEEE/ACM Transactions on Networking (TON)
Cross-domain privacy-preserving cooperative firewall optimization
IEEE/ACM Transactions on Networking (TON)
Proceedings of the Twelfth ACM Workshop on Hot Topics in Networks
Hi-index | 4.10 |
Firewalls are the cornerstone of corporate intranet security, yet network security experts generally consider them to be poorly configured. This assessment is indirectly affirmed by the success of recent worms and viruses like Blaster and Sapphire, which a well-configured firewall could easily have blocked. A study of real configuration files, or rule sets, for a variety of corporate firewalls establishes a quality measure based on "misconfigurations" that violate established best practices. The study correlates the quality measure with other factors--specifically, the operating system on which the firewall runs, the firewallýs software version, and a rule-set complexity. The results clearly show that corporate firewalls are often enforcing poorly written rule sets; they also offer some useful observations for improving rule-set quality.