Abstract
Packet filtering is a core operation in network security management. As networks and services become more complex, managing access-list rules becomes an error-prone task. Conflicts among policies can cause holes in security and prevent the load optimization in the network. Here we propose an algorithm to automatically tune up the configurations of IP level security devices. Our aim is to keep the external behaviour (end-to-end) unchanged, while removing distributed inconsistencies all over the network. The algorithm is described in full details and results of the software implementation are shown.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Hare, C., Siyan, K.: Internet Firewalls and Network Security. New Riders (1996)
Ferraresi, S., Pesic, S., Trazza, L., Baiocchi, A.: Automatic Conflict Analysis and Resolution of Traffic Filtering Policy for Firewall and Security Gateway. In: ICC’07 (2007)
Westerinen, et al.: Terminology for Policy-Based Management. RFC-3198
Al Shaer, E., Hamed, H.: Discovery of Policy Anomalies in Distributed Firewalls. In: IEEE INFOCOM’04 (March 2004)
Al Shaer, E., Hamed, H.: Modeling and Management of Firewall Policies. IEEE eTransactions on Network and Service Management 1-1 (April 2004)
Al Shaer, E., Hamed, H.: Firewall Policy Advisor for Anomaly Detection and Rule Editing. In: IM2003. Proceedings of IEEE/IFIP Integrated Management Conference (March 2003)
Hari, H., Suri, S., Parulkar, G.: Detecting and Resolving Packet Filter Conflicts. In: Proceedings of IEEE INFOCOM 2000, IEEE Computer Society Press, Los Alamitos (2000)
Ioannidis, S., Keromytis, A., Bellovin, S., Smith, J.: Implementing a Distributed Firewall. In: Proceedings of 7th ACM Conference on Computer and Comminications Security (CCS’00) (November 2000)
Cheswick, W., Bellovin, S.: Firewalls and Internet Security. Addison-Wesley, Reading (1995)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ferraresi, S., Francocci, E., Quaglini, A., Picasso, F. (2007). Security Policies Tuning Among IP Devices. In: Apolloni, B., Howlett, R.J., Jain, L. (eds) Knowledge-Based Intelligent Information and Engineering Systems. KES 2007. Lecture Notes in Computer Science(), vol 4693. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74827-4_19
Download citation
DOI: https://doi.org/10.1007/978-3-540-74827-4_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74826-7
Online ISBN: 978-3-540-74827-4
eBook Packages: Computer ScienceComputer Science (R0)