Algorithms for Analysing Firewall and Router Access Lists
نویسنده
چکیده
Network firewalls and routers use a rule database to decide which packets will be allowed from one network onto another. By filtering packets the firewalls and routers can improve security and performance. However, as the size of the rule list increases, it becomes difficult to maintain and validate the rules, and lookup latency may increase significantly. Ordered binary decision diagrams (BDDs) – a compact method of representing and manipulating boolean expressions – are a potential method of representing the rules. This paper presents a new algorithm for representing such lists as a BDD and then shows how the resulting boolean expression can be used to analyse rule sets.
منابع مشابه
An expert system for analyzing firewall rules
When deploying firewalls in an organization, it is essential to verify that the firewalls are configured properly. The problem of finding out what a given firewall configuration does occurs, for instance, when a new network administrator takes over, or a third party performs a technical security audit for the organization. While the problem can be approached via testing, non-intrusive technique...
متن کاملEmploying Proxy Services
INTRODUCTION As the use of the TCP/IP protocol suite expanded during the 1990s in tandem with the growth in the use of the Internet, organizations began to realize a new security threat emerging as their networks were connected to the Internet. As academic, government, and commercial networks were connected to the Internet, they became subject to attack from literally an unlimited number of com...
متن کاملPrinciples of Eliminating Access Control Lists within a Domain
The infrastructure of large networks is broken down into areas that have a common security policy called a domain. Security within a domain is commonly implemented at all nodes. However this can have a negative effect on performance since it introduces a delay associated with packet filtering. When Access Control Lists (ACLs) are used within a router for this purpose then a significant overhead...
متن کاملScrutinizing WPA2 Password Generating Algorithms in Wireless Routers
A wireless router is a networking device that enables a user to set up a wireless connection to the Internet. A router can offer a secure channel by cryptographicmeans which provides authenticity and confidentiality. Nowadays, almost all routers use a secure channel by default that is based on Wi-Fi Protected Access II (WPA2). This is a security protocol which is believed not to be susceptible ...
متن کاملManagement and Verification of Firewall and Router Access Lists
Security in computer networks is a very complex task especially if it is required to separate a corporate network from public Internet or to divide a company’s intranet into multiple zones with different security requirements. The network security policy that describes these security requirements is primarily presented in a high-level form. Also, the security policy is enforced using some low-l...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- CoRR
دوره cs.NI/0008006 شماره
صفحات -
تاریخ انتشار 1999