Abstract
The use of firewalls and network intrusion detection systems (NIDSs) is the dominant method to survey and guarantee the security policy in current corporate networks. On the one hand, firewalls are traditional security components which provide means to filter traffic within corporate networks, as well as to police the incoming and outcoming interaction with the Internet. On the other hand, NIDSs are complementary security components used to enhance the visibility level of the network, pointing to malicious or anomalous traffic. To properly configure both firewalls and NIDSs, it is necessary the use of a set of configuration rules, i.e., a set of filtering or alerting rules. Nevertheless, the existence of anomalies within the set of configuration rules of both firewalls and NIDSs is very likely to degrade the network security policy. The discovering and removal of these anomalies is a serious and complex problem to solve. In this paper, we present a set of mechanisms for such a management.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Adiseshu, H., Suri, S., Parulkar, G.: Detecting and Resolving Packet Filter Conflicts. In: 19th Annual Joint Conference of the IEEE Computer and Communications Societies (2000)
Al-Shaer, E.S., Hamed, H.H., Masum, H.: Conflict Classification and Analysis of Distributed Firewall Policie. IEEE Journal on Selected Areas in Communications 1(1) (2005)
Castagnetto, J., et al.: Professional PHP Programming (1999)
Cuppens, F., Cuppens-Boulahia, N., Sans, T., Miege, A.: Second Workshop on Formal Aspects in Security and Trust. A formal approach to specify and deploy a network security policy. In: Second Workshop on Formal Aspects in Security and Trust, pp. 203–218 (2004)
Cuppens, F., Cuppens-Boulahia, N., García-Alfaro, J.: Detection and Removal of Firewall Misconfiguration. In: 2005 International Conference on Communication, Network and Information Security, pp. 154–162 (2005)
Gupta, P.: Algorithms for Routing Lookups and Packet Classification. Ph.D Thesis, Department of Computer Science, Stanford University (2000)
Liu, A.X., Gouda, M.G.: Complete Redundancy Detection in Firewalls. In: Jajodia, S., Wijesekera, D. (eds.) Data and Applications Security 2005. LNCS, vol. 3654, pp. 193–206. Springer, Heidelberg (2005)
MITRE Corp. Common Vulnerabilities and Exposures [Online], Available from: http://cve.mitre.org/
Northcutt, S.: Network Intrusion Detection: An analyst’s Hand Book, 3rd edn. New Riders Publishing (2002)
Open Security Foundation. Open Source Vulnerability Database [Online], Available from: http://osvdb.org/
Paul, O., Laurent, M., Gombault, S.: A full bandwidth ATM Firewall. In: Cuppens, F., Deswarte, Y., Gollmann, D., Waidner, M. (eds.) ESORICS 2000. LNCS, vol. 1895. Springer, Heidelberg (2000)
Roesch, M.: Snort: lightweight intrusion detection for networks. In: 13th USENIX Systems Administration Conference, Seattle, WA (1999)
Welte, H., Kadlecsik, J., Josefsson, M., McHardy, P., et al.: The netfilter project: firewalling, nat and packet mangling for linux 2.4x and 2.6.x [Online], Available from: http://www.netfilter.org/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
García-Alfaro, J., Cuppens, F., Cuppens-Boulahia, N. (2006). Towards Filtering and Alerting Rule Rewriting on Single-Component Policies. In: Górski, J. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2006. Lecture Notes in Computer Science, vol 4166. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11875567_14
Download citation
DOI: https://doi.org/10.1007/11875567_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-45762-6
Online ISBN: 978-3-540-45763-3
eBook Packages: Computer ScienceComputer Science (R0)