Automatic Verification of Firewall Configuration with Respect to Security Policy Requirements
نویسندگان
چکیده
Firewalls are key security components in computer networks. They filter network traffics based on an ordered list of filtering rules. Firewall configurations must be correct and complete with respect to security policies. Security policy is a set of predicates, which is a high level description of traffic controls. In this paper, we propose an automatic method to verify the correctness of firewall configuration. We have defined a boolean formula representation of security policy. With the boolean formula representations of security policy and firewall configuration, we can formulate the condition that ensures correctness of firewall configuration. We use SAT solver to check the validity of the condition. If the configuration is not correct, our method produces an example of packet to help users to correct the configuration. We have implemented a prototype verifier and had some experimental results. The first results were very promising.
منابع مشابه
Firewall Analysis with Policy-based Host Classification
For administrators of large systems, testing and debugging a firewall policy is a difficult process. The size and complexity of many firewall policies make manual inspection of the rule set tedious and error-prone. The complex interaction of conflicting rules can conceal serious errors that compromise the security of the network or interrupt the delivery of important services. Most existing too...
متن کاملSpecialized Solutions for Improvement of Firewall Performance and Conformity to Security Policy
Until recently the reasons for reduced efficiency and limited implementation of new security systems has been the insufficient performance of hardware that executes access control and the difficult analysis and configuration to conform with corporate security policy requirements. Without the use of specialized solutions that allow effective functioning of information security systems and their ...
متن کاملFirewall policy verification and troubleshooting
Firewalls are important elements of enterprise security and have been the most widely adopted technology for protecting private networks. The quality of protection provided by a firewall mainly depends on the quality of its policy (i.e., configuration). However, due to the lack of tools for verifying and troubleshooting firewall policies, most firewalls on the Internet have policy errors. A fir...
متن کاملJRPIT 41.2.QXP:Layout 1
Network Access Control requirements are typically implemented in practice as a series of heterogeneous security-mechanism-centric policies that span system services and application domains. For example, a Network Access Control policy might be configured in terms of firewall, proxy, intrusion prevention and user-access policies. While defined separately, these security policies may interoperate...
متن کاملManagement and Verification of Firewall and Router Access Lists
Security in computer networks is a very complex task especially if it is required to separate a corporate network from public Internet or to divide a company’s intranet into multiple zones with different security requirements. The network security policy that describes these security requirements is primarily presented in a high-level form. Also, the security policy is enforced using some low-l...
متن کامل