Abstract
This paper describes a policy-based approach to firewall management. The Policy-Based Networking (PBN) architecture proposed by the Policy Framework Group of IETF is analysed, together with the communication protocols, policy specification languages, and the necessary information models. The paper continues with a description of an application of the PBN architecture to firewall management. The proposed architecture is presented and its implementation issues are analysed with some usage examples. The paper concludes with the evaluation of the policy-based approach to firewall management.
The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-0-387-35620-4_43
Chapter PDF
Similar content being viewed by others
References
Alaetinouglu, C. et al., Routing Policy Specification Language (RPSL), RFC 2280, IETF, January 1998.
Bergsten Anders, Borg Niklas, Implementation and Evaluation of the Common Open Policy Service (COPS) Protocol and its use for Policy Provisioning, (extwww.lulea.trab.se/cops), 2000.
Booch 1996] Booch, G. et al., Unified Method for Object-Oriented Development Document Set, Rational Software Corporation, 1996, (http://www.rational.com/uml).
Boutaba, R. et al., COPS-PR with meta-policy support, IETF independent publication, April 2001.
Braden, R. et al., Resource ReSerVation Protocol (RSVP) Version 1 Functional Specification, RFC 2205, IETF, September 1997.
Bray 1998] Bray, T. et al., eXtensible Markup Language (XML) 1.0, W3C, February 1998, (http://www.w3c.org/TR/REC-xml).
Caldeira, F., Monteiro, E., Descriçäo Geraçäo e Difusäo de Politicos de Segurança, in Proceedings of CRC’2000, November 2000.
Chan, K. et al., COPS Usage for Policy Provisioning (COPS-PR), RFC 3084, IETF, March 2001.
Common Information Model (CIM) Specification — Version 2.2, DMTF, June 1999 (http://www.dmtf.org/spec/cim_spec_v22/)
Online manuals http://www.cisco.com)
Condell, M. et al., Security Policy Specification Language, Internet draft, draft-ietf-ipsp-spsl-00.txt, IETF, March 2000.
Donnelly C., Stallman R., Bison - The YACC-compatible Parser Generator,(http://www.gnu.org /manua1/bison/html_mono/bison.html) November 1995.
Durham D., Boyle J., Cohen R., Herzog S., Rajan R., Sastry A., The COPS (Common Open Policy Service) Protocol, RFC 2748, Network Working Group, IETF,January 2000.
Fine, M. et al., Quality of Service Policy Information Base, Internet draft, draftmfine-cops-pib-01.txt, IETF, June 1999.
Fine, M. et al., Framework Policy Information Base, Internet draft, draft-ietf-rapframeworkpib-04.txt, IETF, November 2000.
Survey on Policy-Based Networking - Addressing Issues, Technological Trends, Future Prospects of Policy Exchange Methods in Multi-Domain Scenarios, INTAP, 2001, (http://www.net.intap.or.jp /INTAP/).
Policy Standards and IETF Terminology, White paper, Volume #2, IPHighway, January 2001.
Mahon, H. et al., Requirements for a Policy Management System, Internet draft, draft-ietf-policy-req-02.txt, IETF, November, 1999.
Moore, B. et al., Policy Core Information Model — Version 1 Specification, Internet draft, draft-ietf-policy-core-info-model-04.txt, IETF March 2000.
Paxson,V., Flex - A fast scanner generator, (http://www.net.intap.or/manual/flex2.5.4/html_mono/flex.html) March 1995.
Raju, Rajan et al., A policy framework for integrated and differentiated services in the internet, in IEEE Network, September 1999.
Russell, R., Linux IPChains HowTo, Online, July 2000.
Shepard, S.,Policy-based networks: hype and hope; in IT Professional, Vol. 2, No. 1, January 2000.
Stevens, M. et al., Policy Framework, Internet draft, draft-ietf-policyframework-00.txt, IETF, September 1999.
Stone, G. et al., Network Policy Languages: A Survey and a New Approach, in IEEE Network, pag. 10–21, January 2001.
Tosic, V. et al., The Common Information Model (CIM) Standard — An Analysis of Features and Open Issues, in Proceedings of the TELSIKS ‘89, Nis, Yugoslavia, October 1999.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Caldeira, F., Monteiro, E. (2003). A policy-based approach to firewall management. In: Gaïti, D., Boukhatem, N. (eds) Network Control and Engineering for QoS, Security and Mobility. NetCon 2002. IFIP — The International Federation for Information Processing, vol 107. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35620-4_10
Download citation
DOI: https://doi.org/10.1007/978-0-387-35620-4_10
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-5948-8
Online ISBN: 978-0-387-35620-4
eBook Packages: Springer Book Archive