Abstract
S-VPN gateways are today core elements in network security infrastructure. As networks and services become more complex, managing IPSec access rules becomes an error-prone task. Conflicts in a poiicy can cause holes in security, and often they can be hard to find when performing only visual or manual inspection. We have defined firstly a methodology to systematically classify the severity of rule conflicts and secondly we have proposed two different solutions to automatically resolve conflicts in an access list, implementing and testing one of them.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
E. Al Shaer and H. Hamed, “Modeling and Management of Firewall Policies”, in IEEE eTransactions on Network and Service Management, Volume 1-1, April 2004.
E. Al Shaer, H. Hamed, R. Boutaba, M. Hasan, “Conflict Classification and Analysis of Distributed Firewall Policies”, in IEEE Journal on Selected Areas in Communications, vol. 23, no.10, October 2005.
E. Al Shaer and H. Hamed, “Firewall Policy Advisor for Anomaly Detection and Rule Editing”, in Proceedings of IEEEIIFIP Integrated Management Conference (1M2003),March 2003.
E. Al Shaer, H. Hamed, W. Marrero “Modeling and Verification of IPSec and VPN Security Policies”, Proceedings of IEEE ICNP’2005, November 2005.
HB. Hari, S. Suri and G. Parulkar, “Detecting and Resolving Packet Filter Conflicts”, Proceedings of IEEE INFOCOM 2000, March 2000.
M. Gouda and X. Liu, “Firewall Design: Consistency, Completeness, and Compactness” Proceedings of the 24th IEEE International Conference on Distributed Computing Systems (ICDCS’04), March 2004.
S. Ioannidis, A. Keromytis, S. Bellovin and J. Smith, “Implementing a Distributed Firewall” Proceedings of 7th ACM Conference on Computer and Cornminications Security (CCS’OO), November 2000.
W. Cheswick and S. Bellovin, “Firewalls and Internet Security”, AddisonWesley, 1995
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2006 Friedr. Vieweg & Sohn Verlag | GWV-Fachverlage GmbH, Wiesbaden
About this chapter
Cite this chapter
Ferraresi, S., Pesic, S., Trazza, L., Baiocchi, A. (2006). S-VPN Policy: Access List Conflict Automatic Analysis and Resolution. In: ISSE 2006 — Securing Electronic Busines Processes. Vieweg. https://doi.org/10.1007/978-3-8348-9195-2_29
Download citation
DOI: https://doi.org/10.1007/978-3-8348-9195-2_29
Publisher Name: Vieweg
Print ISBN: 978-3-8348-0213-2
Online ISBN: 978-3-8348-9195-2
eBook Packages: Computer ScienceComputer Science (R0)