Change-Impact Analysis of Firewall Policies
نویسنده
چکیده
Firewalls are the mainstay of enterprise security and the most widely adopted technology for protecting private networks. The quality of protection provided by a firewall directly depends on the quality of its policy (i.e., configuration). Due to the lack of tools for analyzing firewall policies, most firewalls on the Internet have been plagued with policy errors. A firewall policy error either creates security holes that will allow malicious traffic to sneak into a private network or blocks legitimate traffic and disrupts normal business processes, which in turn could lead to irreparable, if not tragic, consequences. A major source of policy errors stem from policy changes. Firewall policies often need to be changed as networks evolve and new threats emerge. In this paper, we first present the theory and algorithms for firewall policy change-impact analysis. Our algorithms take as input a firewall policy and a proposed change, then output the accurate impact of the change. Thus, a firewall administrator can verify a proposed change before committing it.
منابع مشابه
An Unavailability Analysis of Firewall Sandwich Configurations
Firewalls form the first line of defense in securing internal networks from the Internet. A Firewall only provides security if all traffic into and out of an internal network passes through the firewall. However, a single firewall through which all network traffic must flow represents a single point of failure. If the firewall is down, all access is lost. A common solution to this problem is to...
متن کاملAutomatic detection of firewall misconfigurations using firewall and network routing policies
Firewalls are the most prevalent and important means of enforcing security policies inside networks and across organizational boundaries. However, effective and fault free firewall management in large and fast growing networks becomes increasingly more challenging. Firewall security policies are complex and their interaction with routing policies and applications further complicates policy conf...
متن کاملDesign and Implementation of Conflict Detection System for Time-Based Firewall Policies
Firewalls are one of the most common mechanisms used to protect the network from unauthorized access and security threats. Nowadays, time-based firewall policies are widely in use in many firewalls such as CISCO ACLs and Linux iptables to control network traffic with respect to time. However, network administrators struggle to maintain the firewall policies due to their high complexity. A confl...
متن کاملThe Impact of Liquidity Requirements on Central Bank Policies in Interbank Market of Iran
The interbank rate has a great impact on the bank's economic activities that it is one of the important instrument for central bank policy. Banks to back up their funds or liquidity demand participate in the interbank market. These change their needed or surplus liquidity based on interbank market conditions. According to this, liquidity requirements can change the central banks' monetary poli...
متن کاملApplying static code analysis to firewall policies for the purpose of anomaly detection
Treating modern firewall policy languages as imperative, special purpose programming languages, in this article we will try to apply static code analysis techniques for the purpose of anomaly detection. We will first abstract a policy in common firewall policy language into an intermediate language, and then we will try to apply anomaly detection algorithms to it. The contributions made by this...
متن کامل