Title :
A Graph-based Methodology for Analyzing Firewall Rules with Services
Author :
Pipattanasakul, Sarawut ; Permpoontanalarp, Yongyuth
Author_Institution :
Dept. of Comput. Eng., King Mongkut´´s Univ. of Technol. Thonburi, Bangkok
Abstract :
Configuring firewalls is a difficult task. The reason is that the effects of firewall rules cannot be seen during the configuration time. As a result, errors and loopholes in firewall rules are discovered only at the run time and they often cause attacks. In this paper, we develop a graph-based method for analyzing firewall rules with services. Our new model provides advantages over all existing methods in that it can compute effects of firewall rules at multiple firewalls in an intuitive and efficient way. In addition, it offers a new rule analysis called rule tracking.
Keywords :
authorisation; computer networks; graph theory; telecommunication security; computer network; firewall rule analysis; graph-based methodology; rule tracking; Computational modeling; Computer errors; Computer networks; Computer security; Error correction; IP networks; Information filtering; Information filters; Logic; Protection;
Conference_Titel :
Communications and Information Technologies, 2008. ISCIT 2008. International Symposium on
Conference_Location :
Lao
Print_ISBN :
978-1-4244-2335-4
Electronic_ISBN :
978-1-4244-2336-1
DOI :
10.1109/ISCIT.2008.4700210
