TY - GEN
T1 - Analysis of policy anomalies on distributed network security setups
AU - Alfaro, J. G.
AU - Cuppens, F.
AU - Cuppens-Boulahia, N.
PY - 2006/1/1
Y1 - 2006/1/1
N2 - The use of different network security components, such as firewalls and network intrusion detection systems (NIDSs), is the dominant method to survey and guarantee the security policy in current corporate networks. On the one hand, firewalls are traditional security components which provide means to filter traffic within corporate networks, as well as to police the incoming and outcoming interaction with the Internet. On the other hand, NIDSs are complementary security components used to enhance the visibility level of the network, pointing to malicious or anomalous traffic. To properly configure both firewalls and NIDSs, it is necessary to use several sets of filtering and alerting rules. Nevertheless, the existence of anomalies between those rules, particularly in distributed multi-component scenarios, is very likely to degrade the network security policy. The discovering and removal of these anomalies is a serious and complex problem to solve. In this paper, we present a set of algorithms for such a management.
AB - The use of different network security components, such as firewalls and network intrusion detection systems (NIDSs), is the dominant method to survey and guarantee the security policy in current corporate networks. On the one hand, firewalls are traditional security components which provide means to filter traffic within corporate networks, as well as to police the incoming and outcoming interaction with the Internet. On the other hand, NIDSs are complementary security components used to enhance the visibility level of the network, pointing to malicious or anomalous traffic. To properly configure both firewalls and NIDSs, it is necessary to use several sets of filtering and alerting rules. Nevertheless, the existence of anomalies between those rules, particularly in distributed multi-component scenarios, is very likely to degrade the network security policy. The discovering and removal of these anomalies is a serious and complex problem to solve. In this paper, we present a set of algorithms for such a management.
U2 - 10.1007/11863908_30
DO - 10.1007/11863908_30
M3 - Conference contribution
AN - SCOPUS:33750240265
SN - 354044601X
SN - 9783540446019
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 496
EP - 511
BT - Computer Security - ESORICS 2006 - 11th European Symposium on Research in Computer Security, Proceedings
PB - Springer Verlag
T2 - 11th European Symposium on Research in Computer Security, ESORICS 2006
Y2 - 18 September 2006 through 20 September 2006
ER -