A Matrix Model for Designing and Implementing Multi-firewall Environments

Firewalls are core elements in network security, the effectiveness of firewall security is dependent on configuring the firewall policy correctly. A firewall policy describes the access that will be permitted or denied from the trusted network. In a corporate network several firewalls are setup and administrated by different individuals. The consistency between those firewall policies is crucial to corporate network security. However, the managing of these has become a complex and errorprone task. Bad configurations may cause serious security breaches and network vulnerabilities. In particular, conflicting filtering rules lead to block legitimate traffic or to accept unwanted packets. In this paper, we provide a firewall policy matrix for helping guide firewall administrators and designers overcome differences in interpreting firewall policies. The matrix presents how each firewall policy allows or denies traffic through the various firewalls in a distributive environment. The model was also tested in a university environment. KeywordsFirewall policy; Multi-firewall environments; Firewall design; Firewall management; Inter-policy Errors.