TY - GEN
T1 - Handling stateful firewall anomalies
AU - Cuppens, Frédéric
AU - Cuppens-Boulahia, Nora
AU - Garcia-Alfaro, Joaquin
AU - Moataz, Tarik
AU - Rimasson, Xavier
PY - 2012/7/23
Y1 - 2012/7/23
N2 - A security policy consists of a set of rules designed to protect an information system. To ensure this protection, the rules must be deployed on security components in a consistent and non-redundant manner. Unfortunately, an empirical approach is often adopted by network administrators, to the detriment of theoretical validation. While the literature on the analysis of configurations of first generation (stateless) firewalls is now rich, this is not the case for second and third generation firewalls, also known as stateful firewalls. In this paper, we address this limitation, and provide solutions to analyze and handle stateful firewall anomalies and misconfiguration.
AB - A security policy consists of a set of rules designed to protect an information system. To ensure this protection, the rules must be deployed on security components in a consistent and non-redundant manner. Unfortunately, an empirical approach is often adopted by network administrators, to the detriment of theoretical validation. While the literature on the analysis of configurations of first generation (stateless) firewalls is now rich, this is not the case for second and third generation firewalls, also known as stateful firewalls. In this paper, we address this limitation, and provide solutions to analyze and handle stateful firewall anomalies and misconfiguration.
U2 - 10.1007/978-3-642-30436-1_15
DO - 10.1007/978-3-642-30436-1_15
M3 - Conference contribution
AN - SCOPUS:84863904199
SN - 9783642304354
T3 - IFIP Advances in Information and Communication Technology
SP - 174
EP - 186
BT - Information Security and Privacy Research - 27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012, Proceedings
T2 - 27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012
Y2 - 4 June 2012 through 6 June 2012
ER -