Firewall Configuration based on Specifications of Access Policy and Network Environment
نویسندگان
چکیده
A network firewall is a widespread means to enforce a security policy, however it remains a network device. Such a duality has caused a somewhat independent way of firewall development from other security management methods. Following the way firewall vendors are focused on performance problems while management issues don’t receive enough attention. Firewalls have grown to complicated computer systems, but there is no general highlevel programming language for them. This problem becomes more and more urgent due to the increasing complexity of modern security policies, which must be enforced by firewalls. In this paper we 1) propose the basic idea of firewall configuration based on specifications of an access policy and a network environment; 2) describe Organization Based Access Control (ORBAC) model, which is used to specify an access policy; 3) propose a model to specify a network environment, and 4) the method of integration of an access policy with a network environment.
منابع مشابه
Firewall Management for to Resolve the Policy Anomalies
Firewall is a security system for network, that controls the network traffic based on firewall rules. Firewall depends on the policy configuration, but managing that firewall policy is complex. Existing policy analysis tools, such as Firewall Policy Advisor and FIREMAN, they can only detect the policy anomaly cannot resolve these anomalies, and detection time was also increased. Therefore, I re...
متن کاملSpecialized Solutions for Improvement of Firewall Performance and Conformity to Security Policy
Until recently the reasons for reduced efficiency and limited implementation of new security systems has been the insufficient performance of hardware that executes access control and the difficult analysis and configuration to conform with corporate security policy requirements. Without the use of specialized solutions that allow effective functioning of information security systems and their ...
متن کاملPolicy based access control framework for large networks
Efforts of this paper focus on the issues about management and throughput of firewalls (or screening routers) applied in transit networks. On the one hand, manual configuration of large amount of firewalls distributed in many access points can not meet the global security requirements in the open and dynamic environment. On the other hand, the ordinal lookup of filtering rules in each individua...
متن کاملA Formal Approach to Specify and Deploy a Network Security Policy
Current firewall configuration languages have no well founded semantics. Each firewall implements its own algorithm that parses specific proprietary languages. The main consequence is that network access control policies are difficult to manage and most firewalls are actually wrongly configured. In this paper, we present an access control language based on XML syntax whose semantics is interpre...
متن کاملNetwork Access Control Interoperation using Semantic Web Techniques
Network Access Control requirements are typically implemented in practice as a series of heterogeneous security-mechanism-centric policies that span system services and application domains. For example, a Network Access Control (NAC) policy might be configured in terms of firewall, proxy, intrusion prevention and user-access policies. While defined separately, these policies may interoperate in...
متن کامل