FireCrocodile: A Checker for Static Firewall Configurations

نویسندگان

Norbert Lehmann

Reinhard Schwarz

Jörg Keller

چکیده

We present FIRECROCODILE, a tool to check the static configuration of Cisco PIX firewalls. FIRECROCODILE is based on the extensible framework CROCODILE and thus is extensible itself. We report on FIRECROCODILE’s architecture, its abilities and features, and its relation to other tools. Finally we report on our experiences when analyzing the configuration of the central firewall of a research center with a complex network and application

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

A Unified Methodology for Verification and Synthesis of Firewall Configurations

Firewalls offer a protection for private networks against external attacks. However, configuring firewalls correctly is a difficult task. There are two main reasons. One is that the effects of a firewall configuration cannot be easily seen during the configuration time. Another one is the lack of guidance to help configuring firewalls. In this paper, we propose a general and unified methodology...

متن کامل

A graph theoretic model for hardware-based firewalls

Firewalls offer a protection for private networks against external attacks. However, Configuring firewalls is a difficult task. The reason in that the effects of a firewall configuration cannot be easily seen during the configuration time. As a result, errors and loopholes in firewall configurations, if exist are discovered only after they actually happen at the execution time. In this paper, w...

متن کامل

Automatic detection of firewall misconfigurations using firewall and network routing policies

Firewalls are the most prevalent and important means of enforcing security policies inside networks and across organizational boundaries. However, effective and fault free firewall management in large and fast growing networks becomes increasingly more challenging. Firewall security policies are complex and their interaction with routing policies and applications further complicates policy conf...

متن کامل

Management of stateful firewall misconfiguration

Firewall configurations are evolving into dynamic policies that depend on protocol states. As a result, stateful configurations tend to be much more error prone. Some errors occur on configurations that only contain stateful rules. Others may affect those holding both stateful and stateless rules. Such situations lead to configurations in which actions on certain packets are conducted by the fi...

متن کامل

Applying static code analysis to firewall policies for the purpose of anomaly detection

Treating modern firewall policy languages as imperative, special purpose programming languages, in this article we will try to apply static code analysis techniques for the purpose of anomaly detection. We will first abstract a policy in common firewall policy language into an intermediate language, and then we will try to apply anomaly detection algorithms to it. The contributions made by this...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}

با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره شماره

صفحات -

تاریخ انتشار 2006

FireCrocodile: A Checker for Static Firewall Configurations

نویسندگان

چکیده

منابع مشابه

A Unified Methodology for Verification and Synthesis of Firewall Configurations

A graph theoretic model for hardware-based firewalls

Automatic detection of firewall misconfigurations using firewall and network routing policies

Management of stateful firewall misconfiguration

Applying static code analysis to firewall policies for the purpose of anomaly detection

عنوان ژورنال:

اشتراک گذاری