Automated Firewall Configuration in Virtual Networks
نویسندگان
چکیده
The configuration of security functions in computer networks is still typically performed manually, which likely leads to breaches and long re-configuration times. This problem exacerbated for modern based on network virtualization, because their complexity dynamics make a correct manual practically unfeasible. article focuses packet filters, i.e., the most common firewall technology used networks, it proposes new methodology automatically define allocation scheme filters logical topology virtual network. proposed method solving carefully designed partial weighted Maximum Satisfiability Modulo Theories by means state-of-the-art solver. approach formally guarantees correctness solution, that all requirements are satisfied, minimizes number needed firewalls rules. extensively evaluated using different metrics tests both synthetic real use cases, compared solutions, showing its superiority.
منابع مشابه
Firewall Configuration Errors Revisited
Practically every corporation that is connected to the Internet uses firewalls as the first line of its cyber-defense. However, the protection that these firewalls provide is only as good as the policy they are configured to implement. The first quantitative evaluation of the quality of corporate firewall configurations appeared in 2004, based on Check Point FireWall-1 rule-sets. In general tha...
متن کاملUsable Firewall Configuration
Configuration is perhaps the most important aspect of a firewall. It is often hard to fully understand the implications of a given configuration, giving rise to two problems: it is hard to write rules to enforce the expected security policy correctly, and it is hard to understand a set of rules to make necessary changes. In this paper, we briefly introduced the IP packet filtering firewall foll...
متن کاملDeveloping Multidimensional Firewall Configuration Visualizations
Firewall configuration files are created and edited as text files, despite significant size, complexity, and the possibility of interaction between entries. We embedded interactive visualizations in a simple firewall ruleset editor. To make rulesets visualizable, we calculate the set of packets accepted by the firewall as a restricted case of constructive solid geometry. We show a lossless visu...
متن کاملVirtual Backbone Configuration in Wireless Mesh Networks
This paper introduces methods for the minimisation of virtual backbone size in wireless mesh networks, subject to practical constraints. The methods are centralised, which limits their usage to static applications. Four algorithms are presented, one exact and three heuristic. The exact method guarantees to find an optimal solution but runs in exponential time. Of the three heuristics, one is sh...
متن کاملAutomated Configuration and Validation of Instrumentation Networks
This paper describes the design and implementation of a test instrumentation network configuration and verification system. Given a multivendor instrument part catalog that contains sensor, actuator, transducer and other instrument data; user requirements (including desired measurement functions) and technical specifications; the instrumentation network configurator will select and connect inst...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: IEEE Transactions on Dependable and Secure Computing
سال: 2023
ISSN: ['1941-0018', '1545-5971', '2160-9209']
DOI: https://doi.org/10.1109/tdsc.2022.3160293