• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>ACM Transactions on Internet Technology >Firewall Policy Change-Impact Analysis
【24h】

Firewall Policy Change-Impact Analysis

机译:防火墙策略更改影响分析

获取原文
获取原文并翻译 | 示例
       
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Firewalls are the cornerstones of the security infrastructure for most enterprises. They have been widely deployed for protecting private networks. The quality of the protection provided by a firewall directly depends on the quality of its policy (i.e., configuration). Due to the lack of tools for analyzing firewall policies, many firewalls used today have policy errors. A firewall policy error either creates security holes that will allow malicious traffic to sneak into a private network or blocks legitimate traffic and disrupts normal business processes, which in turn could lead to irreparable, if not tragic, consequences. A major cause of policy errors are policy changes. Firewall policies often need to be changed as networks evolve and new threats emerge. Users behind a firewall often request the firewall administrator to modify rules to allow or protect the operation of some services. In this article, we first present the theory and algorithms for firewall policy change-impact analysis. Our algorithms take as input a firewall policy and a proposed change, then output the accurate impact of the change. Thus, a firewall administrator can verify a proposed change before committing it. We implemented our firewall change-impact analysis algorithms, and tested them on both real-life and synthetic firewall policies. The experimental results show that our algorithms are effective in terms of ensuring firewall policy correctness and efficient in terms of computing the impact of policy changes. Thus, our tool can be practically used in the iterative process of firewall policy design and maintenance. Although the focus of this article is on firewalls, the change-impact analysis algorithms proposed in this article are not limited to firewalls. Rather, they can be applied to other rule-based systems, such as router access control lists (ACLs), as well.
机译:防火墙是大多数企业安全基础结构的基石。它们已被广泛部署以保护专用网络。防火墙提供的保护质量直接取决于其策略的质量(即配置)。由于缺乏分析防火墙策略的工具,因此当今使用的许多防火墙都存在策略错误。防火墙策略错误会造成安全漏洞,使恶意流量可以潜入专用网络,或者阻止合法流量并破坏正常的业务流程,进而可能导致无法挽回的后果,即使不是悲惨的后果。策略错误的主要原因是策略更改。随着网络的发展和新威胁的出现,防火墙策略经常需要改变。防火墙后面的用户经常要求防火墙管理员修改规则以允许或保护某些服务的运行。在本文中,我们首先介绍了防火墙策略更改影响分析的理论和算法。我们的算法将防火墙策略和建议的更改作为输入,然后输出更改的准确影响。因此,防火墙管理员可以在提交建议的更改之前对其进行验证。我们实施了防火墙更改影响分析算法,并在实际和综合防火墙策略上对其进行了测试。实验结果表明,我们的算法在确保防火墙策略正确性方面是有效的,在计算策略更改的影响方面是有效的。因此,我们的工具可以实际用于防火墙策略设计和维护的迭代过程中。尽管本文的重点是防火墙,但本文中提出的变更影响分析算法并不限于防火墙。而是,它们也可以应用于其他基于规则的系统,例如路由器访问控制列表(ACL)。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号