Usable Firewall Configuration
نویسندگان
چکیده
Configuration is perhaps the most important aspect of a firewall. It is often hard to fully understand the implications of a given configuration, giving rise to two problems: it is hard to write rules to enforce the expected security policy correctly, and it is hard to understand a set of rules to make necessary changes. In this paper, we briefly introduced the IP packet filtering firewall followed by an analysis of configuration problems. We review related work and discuss the effectiveness of other approaches from a practical perspective to further illustrate our solution. We then describe a solution that combines simulation, visualization and interaction and describe a prototype and an evaluation of the tool.
منابع مشابه
On the Usability of Firewall Configuration
The firewalls in an enterprise network must be configured correctly or the internal corporate network can be infiltrated, leading to serious security, financial and performance implications. However, firewall configuration is a complex and error-prone task. Configuration languages are like assembly languages: they are low-level and vendor-specific. Moreover, usually multiple firewalls must be c...
متن کاملTransparent Distribution of Remote Java Objects
Java Remote Method Invocation (RMI) is a built-in and easy-to-use framework for the distribution of remote Java objects. Its simplicity and seamless inter-virtual machine communication has made it a valuable tool for distributed services. It nevertheless exhibits certain constraints that practically limit RMI applications to the classical client/server distribution model, and make highly distri...
متن کاملP2P-RMI: Transparent Distribution of Remote Java Objects
Java Remote Method Invocation (RMI) is a built-in and easy-to-use framework for the distribution of remote Java objects. Its simplicity and seamless inter-virtual machine communication has made it a valuable tool for distributed services. It nevertheless exhibits certain constraints that practically limit RMI applications to the classical client/server distribution model, and make highly distri...
متن کاملUsable Security Policies for Runtime Environments
The runtime environments provided by application-level virtual machines such as the Java Virtual Machine or the .NET Common Language Runtime are attractive for Internet application providers because the applications can be deployed on any platform that supports the target virtual machine. With Internet applications, organisations as well as end users face the risk of viruses, trojans, and denia...
متن کاملA Unified Methodology for Verification and Synthesis of Firewall Configurations
Firewalls offer a protection for private networks against external attacks. However, configuring firewalls correctly is a difficult task. There are two main reasons. One is that the effects of a firewall configuration cannot be easily seen during the configuration time. Another one is the lack of guidance to help configuring firewalls. In this paper, we propose a general and unified methodology...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2005