Abstract
Manually configuring large firewall policies can be a hard and error-prone task. It is even harder in the case of IPsec policies that can specify IP packets not only to be accepted or discarded, but also to be cryptographically protected in various ways. However, in many cases the configuration task can be simplified by writing a set of smaller, independent policies that are then reconciled consistently. Similarly, there is often the need to reconcile policies from multiple sources into a single one. In this paper, we discuss the issues that arise in combining multiple IPsec and firewall policies and present algorithms for policy reconciliation.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Johnson, D.B., Perkins, C., Arkko, J.: Mobility support in IPv6. RFC 3775, IETF Mobile IP Working Group (2004)
Kent, S., Seo, K.: Security architecture for the Internet Protocol. RFC 4301, IETF (2005)
Arrow, K.J.: Social Choice and Individual Values. Yale University Press, New Haven (1970)
Guttman, J.D., Herzog, A.L.: Rigorous automated network security management. International Journal of Information Security 4(1-2) (2005)
Hamed, H.H., Al-Shaer, E.S., Marrero, W.: Modeling and verification of IPSec and VPN security policies. In: 13th IEEE International Conference on Network Protocols (ICNP 2005), pp. 259–278 (2005)
Liu, A.X., Gouda, M.G.: Complete redundancy detection in firewalls. In: Jajodia, S., Wijesekera, D. (eds.) Data and Applications Security 2005. LNCS, vol. 3654, pp. 196–209. Springer, Heidelberg (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Aura, T., Becker, M., Roe, M., Zieliński, P. (2010). Reconciling Multiple IPsec and Firewall Policies. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds) Security Protocols. Security Protocols 2007. Lecture Notes in Computer Science, vol 5964. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17773-6_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-17773-6_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-17772-9
Online ISBN: 978-3-642-17773-6
eBook Packages: Computer ScienceComputer Science (R0)