Complete analysis of configuration rules to guarantee reliable network security policies

被引：56

作者：

Alfaro, J. G. ^{[1
,2
]}

Boulahia-Cuppens, N. ^{[2
]}

Cuppens, F. ^{[2
]}

机构：

[1] UOC, Barcelona 08018, Spain

[2] GET ENST Bretagne, F-35576 Cesson Sevigne, France

来源：

INTERNATIONAL JOURNAL OF INFORMATION SECURITY | 2008年 / 7卷 / 02期

关键词：

network security; firewalls; intrusion Detection systems; policy anomalies;

D O I：

10.1007/s10207-007-0045-7

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

The use of different network security components, such as firewalls and network intrusion detection systems (NIDSs), is the dominant method to monitor and guarantee the security policy in current corporate networks. To properly configure these components, it is necessary to use several sets of security rules. Nevertheless, the existence of anomalies between those rules, particularly in distributed multi-component scenarios, is very likely to degrade the network security policy. The discovery and removal of these anomalies is a serious and complex problem to solve. In this paper, we present a complete set of mechanisms for such a management.

引用

页码：103 / 122

页数：20

共 28 条

[1]

ADISESHU H, 2000, 19 ANN JOINT C IEEE, V3, P1203

[2]

Al-Shaer ES, 2004, IEEE INFOCOM SER, P2605

[3]

ALFARO JG, 2007, 22 IFIP TC 11 INT IN, P97

[4]

Alfaro JG, 2007, ARES 2007: SECOND INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY AND SECURITY, PROCEEDINGS, P532

[5]

ALSHAER ES, 2005, IEEE J SEL AREA COMM, V23, P2084

[6]

[Anonymous], CISCO SECURE PIX FIR

[7] Firmato:: A novel firewall management toolkit [J].

Bartal, Y ;

Mayer, A ;

Nissim, K ;

Wool, A .

PROCEEDINGS OF THE 1999 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, 1999, :17-31

[8]

CASTAGNETTO J, 1999, PROFESSIONAL PHP PRO

[9]

Cheswick WR., 2003, FIREWALLS INTERNET S

[10]

*CISC SYST, CISC SEC MAN PROD IN

← 1 2 3 →