Your browser does not support JavaScript!
http://iet.metastore.ingenta.com
1887

Comparing and debugging firewall rule tables

Comparing and debugging firewall rule tables

For access to this article, please select a purchase option:

Buy article PDF
£12.50
(plus tax if applicable)
Add to cart
Buy Knowledge Pack
10 articles for £75.00
(plus taxes if applicable)
Add to cart

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend Title Publication to library

You must fill out fields marked with: *

Librarian details
Name:*
Email:*
Your details
Name:*
Email:*
Department:*
Why are you recommending this title?
Select reason:
 
 
 
 
 
IET Information Security — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

© The Institution of Engineering and Technology
Published

Firewalls are one of the essential components of secure networks. However, configuring firewall rule tables for large networks with complex security requirements is a difficult and error prone task. A method of representing firewall rule table that allows comparison of two tables is developed, and an algorithm that determines if two tables are equivalent is provided. (That is the set of packets that are permitted by the two tables are the same.) How such algorithm can assist system administrators to correctly implement organisational policy is discussed. The proposed approach is implemented and the results of the experiments are shown.

Inspec keywords: program debugging; authorisation

Other keywords: firewall rule tables; organisational policy; complex security requirements; secure network components

Subjects: Data security; Diagnostic, testing, debugging and evaluating systems

References

    1. 1)
      • Lee, T.K., Yusuf, S., Luk, W., Sloman, M., Lupu, E., Dulay, N.: `Compiling policy descriptions into reconfigurable firewall processors', Systems, Man and Cybernetics, IEEE Int. Conf., 2003.
    2. 2)
      • Al-Shaer, E.S., Hamed, H.H.: `Discovery of policy anomalies in distributed firewall', IEEE INFOCOM, Twenty-third Annual Joint Conf. IEEE Computer and Communications Societies, March 2004, 4, p. 2605–2616.
    3. 3)
      • Petty, M.D., Mukherjee, A.: `Experimental comparison of d-rectangle intersection algorithms applied to HLA data distribution', Proc. 1997 Distributed Simulation Symp, September 1997, Orlando, FL, p. 13–26.
    4. 4)
      • W.R. Cheswick , S.M. Bellovin . (1994) Firewalls and internet security, repelling the Wily Hacker.
    5. 5)
      • Bartal, Y., Mayer, A., Nissim, K., Wool, A.: `Firmato: a novel firewallmanagement toolkit', IEEE Symp. Security and Privacy, 1999.
    6. 6)
      • Damianou, N., Dulay, N., Lupu, E., Sloman, M.: `The ponder policy specification language', Workshop on Policies for Distributed Systems and Networks, LNCS, 2001, 1995, Springer, p. 18–38.
    7. 7)
      • Hazehurst, S.: `Algorithms for analyzing firewall, and router access lists', Technical report trwitscs-1999, 1999, Department of Computer Science.
    8. 8)
      • Hazelhurst, S., Attar, A., Sinnappan, R.: `Algorithms for improving the dependability of firewall and filter rule lists', Int. Conf. Dependable Systems and Networks (DSN 2000), 2000.
    9. 9)
      • Al-Shaer, E.S., Hamed, H.H.: `Firewall policy advisor for anomaly discovery and rule editing', IEEE/IFIP 8th Int. Symp. Integrated Network Management, 2004.
    10. 10)
      • K. Strassberg , R. Gondek , G. Rollie . (2002) Firewalls: the complete reference.
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-ifs_20060171
Loading

Related content

content/journals/10.1049/iet-ifs_20060171
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading
Print this page
This is a required field
Please enter a valid email address