Fast, cheap, and in control: a step towards pain free security!
LISA'08 Proceedings of the 22nd conference on Large installation system administration conference
A formal logic approach to firewall packet filtering analysis and generation
Artificial Intelligence Review
Analyzing end-to-end network reachability
IM'09 Proceedings of the 11th IFIP/IEEE international conference on Symposium on Integrated Network Management
Network Security: Formal and Optimized Configuration
Proceedings of the 2010 conference on New Trends in Software Methodologies, Tools and Techniques: Proceedings of the 9th SoMeT_10
The margrave tool for firewall analysis
LISA'10 Proceedings of the 24th international conference on Large installation system administration
Multi-constraint security policies for delegated firewall administration
International Journal of Network Management
| Hi-index | 0.00 |
Firewalls play a critical role in protecting networks and enforcing security policies. Traditionally, firewalls have been deployed at an organization's periphery to protect it from Internet traffic. Today, however, this model no longer holds true as organizations try to safeguard themselves against other types of threats. This has led to the advent of the distributed firewall where potentially every router or end-host can run a firewall. As it is, firewalls are extremely hard to analyze and configure correctly due to complexities of network topology, routing, and administrative issues. Distributed firewalls make the situation even worse since there are multiple firewalls. This paper describes FACE - a tool that helps in analysis and configuration of distributed firewalls. Using FACE, administrators can automatically generate and analyze configurations for all firewalls in the network by specifying the filtering policy and a threat model in which a distributed firewall must provide defense against spoofed traffic from specified nodes in a network.