Firewalls are notoriously hard to configure and maintain. Policies are written in lowlevel, system-specific languages where rules are inspected and enforced along non-trivial control flow paths. Moreover, firewalls are tightly related to Network Address Translation (NAT) since filters need to be specified taking into account the possible translations of packet addresses, further complicating th...

Kurzfassung Im Rahmen einer umfassenden Security-Policy stellen Firewall-Systeme eine wichtige Maßnahme zum Schutz eines privaten Netzes vor Angriffen aus dem Internet dar. Durch die Einführung neuer Applikationstypen, zu denen auch IP-Telefonie Applikationen gehören, ergeben sich neue Anforderungen denen ein Firewall-System gerecht werden muß. Diesen neuen Anforderungen werden existierende Fir...

This paper commences by explaining some firewall definitions in order to understand basic terms for firewall techniques. Three firewall techniques, from packet filtering through to proxy services and stateful packet inspection are then discussed. Following techniques, various firewall architectures, ranging from dual-home host architecture, screened host architecture and screened subnet archite...

A firewall administrator often needs to update a given firewall, to take account of evolving security requirements or to correct a wrongly classified packet. We look at the problem of firewall update, mainly from an axiomatic viewpoint. An axiom for firewall update is a property which any reasonable method of updating should fulfill. We propose a number of such axioms. We also give some simple ...

Firewalls are the most prevalent and important means of enforcing security policies inside networks and across organizational boundaries. However, effective and fault free firewall management in large and fast growing networks becomes increasingly more challenging. Firewall security policies are complex and their interaction with routing policies and applications further complicates policy conf...

Writing and maintaining firewall configurations can be challenging, even for experienced system administrators. Tools that uncover the consequences of configurations and edits to them can help sysadmins prevent subtle yet serious errors. Our tool, Margrave, offers powerful features for firewall analysis, including enumerating consequences of configuration edits, detecting overlaps and conflicts...

Firewalls are one of the most common mechanisms used to protect the network from unauthorized access and security threats. Nowadays, time-based firewall policies are widely in use in many firewalls such as CISCO ACLs and Linux iptables to control network traffic with respect to time. However, network administrators struggle to maintain the firewall policies due to their high complexity. A confl...